API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 21st, 2011
400
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 5.56 KB | None | 0 0
raw download clone embed print report
  1. # eth2 WAN
  2. # eth1 LAN
  3.  
  4. tc qdisc add dev eth2 root handle 1:0 htb
  5. tc class add dev eth2 parent 1:0 classid 1:1 htb rate 256KBps ceil 256KBps
  6.  
  7. # dns
  8. tc class add dev eth2 parent 1:1 classid 1:2 htb rate 200KBps ceil 240KBps prio 1
  9. # www
  10. tc class add dev eth2 parent 1:1 classid 1:3 htb rate 180KBps ceil 200KBps prio 2
  11. # https
  12. tc class add dev eth2 parent 1:1 classid 1:4 htb rate 180KBps ceil 200KBps prio 3
  13. # default
  14. tc class add dev eth2 parent 1:1 classid 1:5 htb rate 25KBps ceil 30KBps prio 4
  15. # bulk
  16. tc class add dev eth2 parent 1:1 classid 1:6 htb rate 11KBps ceil 15KBps prio 5
  17.  
  18. tc filter add dev eth2 protocol ip parent 1:0 handle 2 fw flowid 1:2 # dns
  19. tc filter add dev eth2 protocol ip parent 1:0 handle 3 fw flowid 1:3 # www
  20. tc filter add dev eth2 protocol ip parent 1:0 handle 4 fw flowid 1:4 # https
  21. tc filter add dev eth2 protocol ip parent 1:0 handle 5 fw flowid 1:5 # default
  22. tc filter add dev eth2 protocol ip parent 1:0 handle 6 fw flowid 1:6 # bulk
  23.  
  24. tc qdisc add dev eth2 parent 1:2 handle 2:0 sfq perturb 10 # dns
  25. tc qdisc add dev eth2 parent 1:3 handle 3:0 sfq perturb 10 # www
  26. tc qdisc add dev eth2 parent 1:4 handle 4:0 sfq perturb 10 # https
  27. tc qdisc add dev eth2 parent 1:5 handle 5:0 sfq perturb 10 # default
  28. tc qdisc add dev eth2 parent 1:6 handle 6:0 sfq perturb 10 # bulk
  29.  
  30. #
  31. # Incoming traffic classes
  32. #
  33.  
  34. tc qdisc add dev eth1 root handle 1:0 htb
  35. tc class add dev eth1 parent 1:0 classid 1:1 htb rate 13056KBps ceil 13056KBps
  36. tc class add dev eth1 parent 1:1 classid 1:2 htb rate 12800KBps ceil 12800KBps
  37. tc class add dev eth1 parent 1:1 classid 1:3 htb rate 256KBps ceil 256KBps
  38.  
  39. # dns
  40. tc class add dev eth1 parent 1:3 classid 1:4 htb rate 200KBps ceil 250KBps prio 1
  41. # www
  42. tc class add dev eth1 parent 1:3 classid 1:5 htb rate 180KBps ceil 230KBps prio 2
  43. # https
  44. tc class add dev eth1 parent 1:3 classid 1:6 htb rate 180KBps ceil 230KBps prio 3
  45. # default
  46. tc class add dev eth1 parent 1:3 classid 1:7 htb rate 25KBps ceil 30KBps prio 4
  47. # bulk
  48. tc class add dev eth1 parent 1:3 classid 1:8 htb rate 10KBps ceil 15KBps prio 5
  49.  
  50. tc filter add dev eth1 protocol ip parent 1:0 handle 4 fw flowid 1:4 # dns
  51. tc filter add dev eth1 protocol ip parent 1:0 handle 5 fw flowid 1:5 # www
  52. tc filter add dev eth1 protocol ip parent 1:0 handle 6 fw flowid 1:6 # https
  53. tc filter add dev eth1 protocol ip parent 1:0 handle 7 fw flowid 1:7 # default
  54. tc filter add dev eth1 protocol ip parent 1:0 handle 8 fw flowid 1:8 # bulk
  55.  
  56. tc qdisc add dev eth1 parent 1:4 handle 4:0 sfq perturb 10 # dns
  57. tc qdisc add dev eth1 parent 1:5 handle 5:0 sfq perturb 10 # www
  58. tc qdisc add dev eth1 parent 1:6 handle 6:0 sfq perturb 10 # https
  59. tc qdisc add dev eth1 parent 1:7 handle 7:0 sfq perturb 10 # default
  60. tc qdisc add dev eth1 parent 1:8 handle 8:0 sfq perturb 10 # bulk
  61.  
  62.  
  63. iptables -t mangle -F POSTROUTING
  64.  
  65. #
  66. # Outgoing traffic rules
  67. #
  68. # XXX: You have to tune following rules by hand (assigning packets to classes)
  69.  
  70. ## dns
  71. iptables -t mangle -A POSTROUTING -o eth2 -p udp --dport 53 -j MARK --set-mark 2
  72. iptables -t mangle -A POSTROUTING -o eth2 -p udp --dport 53 -j RETURN
  73.  
  74. ## www
  75. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 80 -j MARK --set-mark 3
  76. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 80 -j RETURN
  77.  
  78. ## https
  79. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 443 -j MARK --set-mark 4
  80. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 443 -j RETURN
  81.  
  82. ## default
  83. iptables -t mangle -A POSTROUTING -o eth2 -p udp --dport 1:1024 -j MARK --set-mark 5
  84. iptables -t mangle -A POSTROUTING -o eth2 -p udp --dport 1:1024 -j RETURN
  85. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 1:1024 -j MARK --set-mark 5
  86. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 1:1024 -j RETURN
  87.  
  88. ## bulk
  89. iptables -t mangle -A POSTROUTING -o eth2 -p udp --dport 1024:65535 -j MARK --set-mark 6
  90. iptables -t mangle -A POSTROUTING -o eth2 -p udp --dport 1024:65535 -j RETURN
  91. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 1024:65535 -j MARK --set-mark 6
  92. iptables -t mangle -A POSTROUTING -o eth2 -p tcp --dport 1024:65535 -j RETURN
  93.  
  94.  
  95. #
  96. # Incoming traffic rules
  97. #
  98. # XXX: You have to tune following rules by hand (assigning packets to classes)
  99.  
  100. ## dns
  101. iptables -t mangle -A POSTROUTING -o eth1 -p udp --dport 53 -j MARK --set-mark 4
  102. iptables -t mangle -A POSTROUTING -o eth1 -p udp --dport 53 -j RETURN
  103.  
  104. ## www
  105. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 80 -j MARK --set-mark 5
  106. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 80 -j RETURN
  107.  
  108. ## https
  109. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 443 -j MARK --set-mark 6
  110. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 443 -j RETURN
  111.  
  112. ## default
  113. iptables -t mangle -A POSTROUTING -o eth1 -p udp --dport 1:1024 -j MARK --set-mark 7
  114. iptables -t mangle -A POSTROUTING -o eth1 -p udp --dport 1:1024 -j RETURN
  115. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 1:1024 -j MARK --set-mark 7
  116. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 1:1024 -j RETURN
  117.  
  118. ## bulk
  119. iptables -t mangle -A POSTROUTING -o eth1 -p udp --dport 1024:65535 -j MARK --set-mark 8
  120. iptables -t mangle -A POSTROUTING -o eth1 -p udp --dport 1024:65535 -j RETURN
  121. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 1024:65535 -j MARK --set-mark 8
  122. iptables -t mangle -A POSTROUTING -o eth1 -p tcp --dport 1024:65535 -j RETURN
  123.  
  124. #Bulk on http
  125. iptables -A FORWARD -i eth2 -o eth1 -m connbytes --connbytes 524288: --connbytes-dir reply --connbytes-mode bytes -j CONNMARK --set-mark 8
  126. iptables -t mangle -A PREROUTING -m connmark --mark 8 -j CONNMARK --restore-mark
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!