API tools faq
paste
Advertisement
Guest User

script3

a guest
May 8th, 2013
201
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.84 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh -x
  2.  
  3. ##################################################################
  4. # 0 Setup modules on boot
  5. #
  6. insmod ip_queue 2> /dev/null > /dev/null
  7. insmod sch_htb 2> /dev/null > /dev/null
  8. insmod sch_esfq 2> /dev/null > /dev/null
  9. insmod cls_u32 2> /dev/null > /dev/null
  10. insmod sch_ingress 2> /dev/null > /dev/null
  11. insmod cls_fw 2> /dev/null > /dev/null
  12. insmod ipt_TOS 2> /dev/null > /dev/null
  13. insmod sch_prio 2> /dev/null > /dev/null
  14. insmod act_mirred 2> /dev/null > /dev/null
  15. insmod act_police 2> /dev/null > /dev/null
  16. insmod sch_htb 2> /dev/null > /dev/null
  17. insmod sch_sfq 2> /dev/null > /dev/null
  18.  
  19. echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
  20.  
  21. ##################################################################
  22. # 1 CONFIG
  23. #
  24.  
  25. LAN_IFACE="br-lan"
  26. WAN_IFACE="pptp-vpn"
  27.  
  28. GLOB_RATE="1000mbit"
  29. LAN_RATE="100mbit"
  30.  
  31. WAN_RATE="34000kbit"
  32. WAN_BW="3072kbit"
  33.  
  34. BW_DOWN="1000kbit"
  35. BW_UP="1000kbit"
  36.  
  37.  
  38. LAN_NET="192.168.1.0/24"
  39. LOCAL_NETS="10.0.0.0/8 172.16.0.0/16"
  40.  
  41. ##################################################################
  42. #
  43. # 2 LAN (Incoming traffic)
  44. #
  45. # 2.1 Root qdsc
  46. tc qdisc del dev $LAN_IFACE root 2> /dev/null > /dev/null
  47. tc qdisc add dev $LAN_IFACE root handle 1:0 htb default 103
  48. tc class add dev $LAN_IFACE parent 1:0 classid 1:1 htb rate $GLOB_RATE \
  49. burst 20k
  50.  
  51. #
  52. # 2.2 Speed for lan traffic
  53. #
  54. tc class add dev $LAN_IFACE parent 1:1 classid 1:2 htb rate $LAN_RATE \
  55. burst 10k prio 3
  56. tc qdisc add dev $LAN_IFACE parent 1:2 handle 2: esfq perturb 2 hash dst
  57. tc filter add dev $LAN_IFACE parent 1:0 prio 3 protocol ip handle 2 fw \
  58. classid 1:2
  59.  
  60. #
  61. # 2.3 Speed for inet traffic
  62. #
  63. tc class add dev $LAN_IFACE parent 1:1 classid 1:10 htb rate $WAN_RATE \
  64. burst 6k prio 2
  65.  
  66. ##################################################################
  67. #
  68. # 3 WAN (Outgoing traffic)
  69. #
  70. # 3.1 Root qdsc
  71. tc qdisc del dev $WAN_IFACE root 2> /dev/null > /dev/null
  72. tc qdisc add dev $WAN_IFACE root handle 1:0 htb default 103
  73. tc class add dev $WAN_IFACE parent 1:0 classid 1:1 htb rate $GLOB_RATE \
  74. burst 20k
  75.  
  76. #
  77. # 3.2 Speed for lan traffic
  78. #
  79. tc class add dev $WAN_IFACE parent 1:1 classid 1:2 htb rate $LAN_RATE \
  80. burst 10k prio 3
  81. tc qdisc add dev $WAN_IFACE parent 1:2 handle 2: esfq perturb 2 hash src
  82. tc filter add dev $WAN_IFACE parent 1:0 prio 3 protocol ip handle 2 fw \
  83. classid 1:2
  84.  
  85. #
  86. # 3.3 Speed for inet traffic
  87. #
  88. tc class add dev $WAN_IFACE parent 1:1 classid 1:10 htb rate $WAN_RATE \
  89. burst 6k prio 2
  90.  
  91. ##################################################################
  92. #
  93. # 4 Priorites
  94. #
  95.  
  96. #
  97. # 4.1 Prio
  98. #
  99. # Incoming
  100. tc class add dev $LAN_IFACE parent 1:10 classid 1:101 htb rate $WAN_BW \
  101. ceil $WAN_RATE burst 2k prio 1
  102. tc qdisc add dev $LAN_IFACE parent 1:101 handle 101: esfq perturb 2 hash dst
  103. tc filter add dev $LAN_IFACE parent 1:0 prio 1 protocol ip handle 101 fw \
  104. classid 1:101
  105.  
  106. # Outgoing
  107. tc class add dev $WAN_IFACE parent 1:10 classid 1:101 htb rate $WAN_BW \
  108. ceil $WAN_RATE burst 2k prio 1
  109. tc qdisc add dev $WAN_IFACE parent 1:101 handle 101: esfq perturb 2 hash src
  110. tc filter add dev $WAN_IFACE parent 1:0 prio 1 protocol ip handle 101 fw \
  111. classid 1:101
  112.  
  113. #
  114. # 4.2 Prio
  115. #
  116. # Incoming
  117. tc class add dev $LAN_IFACE parent 1:10 classid 1:102 htb rate $WAN_BW \
  118. ceil $WAN_RATE burst 2k prio 2
  119. tc qdisc add dev $LAN_IFACE parent 1:102 handle 102: esfq perturb 2 hash dst
  120. tc filter add dev $LAN_IFACE parent 1:0 prio 2 protocol ip handle 102 fw \
  121. classid 1:102
  122.  
  123. # Outgoing
  124. tc class add dev $WAN_IFACE parent 1:10 classid 1:102 htb rate $WAN_BW \
  125. ceil $WAN_RATE burst 2k prio 2
  126. tc qdisc add dev $WAN_IFACE parent 1:102 handle 102: esfq perturb 2 hash src
  127. tc filter add dev $WAN_IFACE parent 1:0 prio 2 protocol ip handle 102 fw \
  128. classid 1:102
  129.  
  130. #
  131. # 4.3 Prio
  132. #
  133. # Incoming
  134. tc class add dev $LAN_IFACE parent 1:10 classid 1:103 htb rate $WAN_BW \
  135. ceil $WAN_RATE burst 2k prio 3
  136. tc qdisc add dev $LAN_IFACE parent 1:103 handle 103: esfq perturb 2 hash dst
  137. tc filter add dev $LAN_IFACE parent 1:0 prio 3 protocol ip handle 103 fw \
  138. classid 1:103
  139.  
  140. # Outgoing
  141. tc class add dev $WAN_IFACE parent 1:10 classid 1:103 htb rate $WAN_BW \
  142. ceil $WAN_RATE burst 2k prio 3
  143. tc qdisc add dev $WAN_IFACE parent 1:103 handle 103: esfq perturb 2 hash src
  144. tc filter add dev $WAN_IFACE parent 1:0 prio 3 protocol ip handle 103 fw \
  145. classid 1:103
  146.  
  147. #
  148. # 4.4 Limit
  149. #
  150. # Incoming
  151. tc class add dev $LAN_IFACE parent 1:10 classid 1:104 htb rate $BW_DOWN \
  152. ceil $BW_DOWN burst 2k prio 4
  153. tc qdisc add dev $LAN_IFACE parent 1:104 handle 104: esfq perturb 2 hash dst
  154. tc filter add dev $LAN_IFACE parent 1:0 prio 4 protocol ip handle 104 fw \
  155. classid 1:104
  156.  
  157. # Outgoing
  158. tc class add dev $WAN_IFACE parent 1:10 classid 1:104 htb rate $BW_UP \
  159. ceil $BW_UP burst 2k prio 4
  160. tc qdisc add dev $WAN_IFACE parent 1:104 handle 104: esfq perturb 2 hash src
  161. tc filter add dev $WAN_IFACE parent 1:0 prio 4 protocol ip handle 104 fw \
  162. classid 1:104
  163.  
  164. ##################################################################
  165. #
  166. # 5 IPTABLES
  167. #
  168.  
  169. #
  170. # 5.1 Delete Chains
  171. #
  172. iptables -t mangle -D POSTROUTING -o $LAN_IFACE -j qos_tc
  173. iptables -t mangle -D PREROUTING -i $LAN_IFACE -j qos_tc
  174. iptables -t mangle -F qos_tc
  175. iptables -t mangle -X qos_tc
  176. iptables -t mangle -F
  177. iptables -t mangle -X
  178.  
  179. #
  180. # 5.2 Create Chain
  181. #
  182. iptables -t mangle -N qos_tc
  183. iptables -t mangle -I POSTROUTING -o $LAN_IFACE -d $LAN_NET -j qos_tc
  184. iptables -t mangle -I PREROUTING -i $LAN_IFACE -s $LAN_NET -j qos_tc
  185.  
  186. # ICMP
  187. iptables -t mangle -A qos_tc -p icmp -j MARK \
  188. --set-mark 101
  189. # ACK & Other small packets
  190. iptables -t mangle -A qos_tc -p tcp -m length \
  191. --length :64 -j MARK --set-mark 101
  192. # DNS
  193. iptables -t mangle -A qos_tc -p tcp --dport 53 \
  194. -j MARK --set-mark 101
  195. iptables -t mangle -A qos_tc -p udp --dport 53 \
  196. -j MARK --set-mark 101
  197. iptables -t mangle -A qos_tc -p tcp --sport 53 \
  198. -j MARK --set-mark 101
  199. iptables -t mangle -A qos_tc -p udp --sport 53 \
  200. -j MARK --set-mark 101
  201. # Web-client
  202. iptables -t mangle -A qos_tc -m multiport -p tcp \
  203. --dports 80,443 -j MARK --set-mark 102
  204. iptables -t mangle -A qos_tc -m multiport -p tcp \
  205. --sports 80,443 -j MARK --set-mark 102
  206. # IM-client && SSH-Client
  207. iptables -t mangle -A qos_tc -m multiport -p tcp \
  208. --dports 22,5190,5222,5223 -j MARK --set-mark 102
  209. iptables -t mangle -A qos_tc -m multiport -p tcp \
  210. --sports 22,5190,5222,5223 -j MARK --set-mark 102
  211. # Limit for ips
  212. iptables -t mangle -A qos_tc -s 192.168.1.200 -j MARK --set-mark 104
  213. iptables -t mangle -A qos_tc -d 192.168.1.200 -j MARK --set-mark 104
  214.  
  215. #
  216. # 5.X LAN-to-LAN
  217. #
  218. iptables -t mangle -A qos_tc -s $LAN_NET -d $LAN_NET -j MARK --set-mark 1
  219. iptables -t mangle -A qos_tc -d $LAN_NET -s $LAN_NET -j MARK --set-mark 1
  220.  
  221. for net in $LOCAL_NETS;
  222. do
  223. iptables -t mangle -A qos_tc -s $net -d $LAN_NET -j MARK --set-mark 2
  224. iptables -t mangle -A qos_tc -d $net -s $LAN_NET -j MARK --set-mark 2
  225. done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!