Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh -x
- ##################################################################
- # 0 Setup modules on boot
- #
- insmod ip_queue 2> /dev/null > /dev/null
- insmod sch_htb 2> /dev/null > /dev/null
- insmod sch_esfq 2> /dev/null > /dev/null
- insmod cls_u32 2> /dev/null > /dev/null
- insmod sch_ingress 2> /dev/null > /dev/null
- insmod cls_fw 2> /dev/null > /dev/null
- insmod ipt_TOS 2> /dev/null > /dev/null
- insmod sch_prio 2> /dev/null > /dev/null
- insmod act_mirred 2> /dev/null > /dev/null
- insmod act_police 2> /dev/null > /dev/null
- insmod sch_htb 2> /dev/null > /dev/null
- echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
- ##################################################################
- # 1 CONFIG
- #
- LAN_IFACE="br-lan"
- WAN_IFACE="pptp-vpn"
- GLOB_RATE="1000mbit"
- LAN_RATE="100mbit"
- WAN_RATE="34000kbit"
- WAN_BW="3072kbit"
- LAN_NET="192.168.0.0/24"
- LOCAL_NETS="10.0.0.0/8 172.16.0.0/16"
- ##################################################################
- #
- # 2 LAN (Incoming traffic)
- #
- # 2.1 Root qdsc
- tc qdisc del dev $LAN_IFACE root 2> /dev/null > /dev/null
- tc qdisc add dev $LAN_IFACE root handle 1:0 htb default 103
- tc class add dev $LAN_IFACE parent 1:0 classid 1:1 htb rate $GLOB_RATE \
- burst 20k
- #
- # 2.2 Speed for lan traffic
- #
- tc class add dev $LAN_IFACE parent 1:1 classid 1:2 htb rate $LAN_RATE \
- burst 10k prio 3
- tc qdisc add dev $LAN_IFACE parent 1:2 handle 2: esfq perturb 2 hash dst
- tc filter add dev $LAN_IFACE parent 1:0 prio 3 protocol ip handle 2 fw \
- classid 1:2
- #
- # 2.3 Speed for inet traffic
- #
- tc class add dev $LAN_IFACE parent 1:1 classid 1:10 htb rate $WAN_RATE \
- burst 6k prio 2
- ##################################################################
- #
- # 3 WAN (Outgoing traffic)
- #
- # 3.1 Root qdsc
- tc qdisc del dev $WAN_IFACE root 2> /dev/null > /dev/null
- tc qdisc add dev $WAN_IFACE root handle 1:0 htb default 103
- tc class add dev $WAN_IFACE parent 1:0 classid 1:1 htb rate $GLOB_RATE \
- burst 20k
- #
- # 3.2 Speed for lan traffic
- #
- tc class add dev $WAN_IFACE parent 1:1 classid 1:2 htb rate $LAN_RATE \
- burst 10k prio 3
- tc qdisc add dev $WAN_IFACE parent 1:2 handle 2: esfq perturb 2 hash src
- tc filter add dev $WAN_IFACE parent 1:0 prio 3 protocol ip handle 2 fw \
- classid 1:2
- #
- # 3.3 Speed for inet traffic
- #
- tc class add dev $WAN_IFACE parent 1:1 classid 1:10 htb rate $WAN_RATE \
- burst 6k prio 2
- ##################################################################
- #
- # 4 Priorites
- #
- #
- # 4.1 Prio
- #
- # Incoming
- tc class add dev $LAN_IFACE parent 1:10 classid 1:101 htb rate $WAN_BW \
- ceil $WAN_RATE burst 2k prio 1
- tc qdisc add dev $LAN_IFACE parent 1:101 handle 101: esfq perturb 2 hash dst
- tc filter add dev $LAN_IFACE parent 1:0 prio 1 protocol ip handle 101 fw \
- classid 1:101
- # Outgoing
- tc class add dev $WAN_IFACE parent 1:10 classid 1:101 htb rate $WAN_BW \
- ceil $WAN_RATE burst 2k prio 1
- tc qdisc add dev $WAN_IFACE parent 1:101 handle 101: esfq perturb 2 hash src
- tc filter add dev $WAN_IFACE parent 1:0 prio 1 protocol ip handle 101 fw \
- classid 1:101
- #
- # 4.2 Prio
- #
- # Incoming
- tc class add dev $LAN_IFACE parent 1:10 classid 1:102 htb rate $WAN_BW \
- ceil $WAN_RATE burst 2k prio 2
- tc qdisc add dev $LAN_IFACE parent 1:102 handle 102: esfq perturb 2 hash dst
- tc filter add dev $LAN_IFACE parent 1:0 prio 2 protocol ip handle 102 fw \
- classid 1:102
- # Outgoing
- tc class add dev $WAN_IFACE parent 1:10 classid 1:102 htb rate $WAN_BW \
- ceil $WAN_RATE burst 2k prio 2
- tc qdisc add dev $WAN_IFACE parent 1:102 handle 102: esfq perturb 2 hash src
- tc filter add dev $WAN_IFACE parent 1:0 prio 2 protocol ip handle 102 fw \
- classid 1:102
- #
- # 4.3 Prio
- #
- # Incoming
- tc class add dev $LAN_IFACE parent 1:10 classid 1:103 htb rate $WAN_BW \
- ceil $WAN_RATE burst 2k prio 3
- tc qdisc add dev $LAN_IFACE parent 1:103 handle 103: esfq perturb 2 hash dst
- tc filter add dev $LAN_IFACE parent 1:0 prio 3 protocol ip handle 103 fw \
- classid 1:103
- # Outgoing
- tc class add dev $WAN_IFACE parent 1:10 classid 1:103 htb rate $WAN_BW \
- ceil $WAN_RATE burst 2k prio 3
- tc qdisc add dev $WAN_IFACE parent 1:103 handle 103: esfq perturb 2 hash src
- tc filter add dev $WAN_IFACE parent 1:0 prio 3 protocol ip handle 103 fw \
- classid 1:103
- ##################################################################
- #
- # 5 IPTABLES
- #
- #
- # 5.1 Delete Chains
- #
- iptables -t mangle -D POSTROUTING -o $LAN_IFACE -j qos_tc
- iptables -t mangle -D PREROUTING -i $LAN_IFACE -j qos_tc
- iptables -t mangle -F qos_tc
- iptables -t mangle -X qos_tc
- iptables -t mangle -F
- iptables -t mangle -X
- #
- # 5.2 Create Chain
- #
- iptables -t mangle -N qos_tc
- iptables -t mangle -I POSTROUTING -o $LAN_IFACE -d $LAN_NET -j qos_tc
- iptables -t mangle -I PREROUTING -i $LAN_IFACE -s $LAN_NET -j qos_tc
- # ICMP
- iptables -t mangle -A qos_tc -p icmp -j MARK \
- --set-mark 101
- # ACK & Other small packets
- iptables -t mangle -A qos_tc -p tcp -m length \
- --length :64 -j MARK --set-mark 101
- # DNS
- iptables -t mangle -A qos_tc -p tcp --dport 53 \
- -j MARK --set-mark 101
- iptables -t mangle -A qos_tc -p udp --dport 53 \
- -j MARK --set-mark 101
- iptables -t mangle -A qos_tc -p tcp --sport 53 \
- -j MARK --set-mark 101
- iptables -t mangle -A qos_tc -p udp --sport 53 \
- -j MARK --set-mark 101
- # Web-client
- iptables -t mangle -A qos_tc -m multiport -p tcp \
- --dports 80,443 -j MARK --set-mark 102
- iptables -t mangle -A qos_tc -m multiport -p tcp \
- --sports 80,443 -j MARK --set-mark 102
- # IM-client && SSH-Client
- iptables -t mangle -A qos_tc -m multiport -p tcp \
- --dports 22,5190,5222,5223 -j MARK --set-mark 102
- iptables -t mangle -A qos_tc -m multiport -p tcp \
- --sports 22,5190,5222,5223 -j MARK --set-mark 102
- #
- # 5.X LAN-to-LAN
- #
- iptables -t mangle -A qos_tc -s $LAN_NET -d $LAN_NET -j MARK --set-mark 1
- iptables -t mangle -A qos_tc -d $LAN_NET -s $LAN_NET -j MARK --set-mark 1
- for net in $LOCAL_NETS;
- do
- iptables -t mangle -A qos_tc -s $net -d $LAN_NET -j MARK --set-mark 2
- iptables -t mangle -A qos_tc -d $net -s $LAN_NET -j MARK --set-mark 2
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
