您的位置: 旅游网 > 影视

ADSL网关流量控制_a

发布时间:2020-01-16 11:03:26

前言:

关于Linux网关的流量控制,我已经发表了几篇文章,但一些小公司(如我们的部分贸易子公司)并没有专线,而是使用ADSL(下载2M,上传为512K),动态IP,信息管理不严,经常有人在内网使用P2P类软件,有时上传达到450K,这样ADSL线路基本上会瘫痪。为了减轻管理负担及节省购买设备的费用,安装linux作为ADSL网关,并进行流量控制。

案例说明:

网关:linux系统、两网卡:eth0连接内网(192.168.1.0/24) eth1连接ADSL modem,并与总公司(192.168.4.0/24)及仓库(192.168.25.0/24)建立IPSEC VPN连接

1、下载:eth0

到台湾总公司、VPN及邮件服务器202.104.56.55的下载流量为2.5M(不受限制)优先级为1

到达192.168.1.99及192.168.1.202主机的下载可达2M,优先级为2 (此两台为服务器)

其它流量则限制为1.4M,优先级为3

2、上传:ppp0

到台湾总公司、VPN及邮件服务器202.104.56.55的上传流量为1M(其实最大才512K),优先级为1

到达192.168.1.99及202主机的上传流量可达400K,优先级为2

其它流量则限制为300k,优先级为3

Qos.sh文件如下:

#!/bin/sh

########## jdaoyou@sohu.com ###########

TC="/sbin/tc"

LAN_IFACE="eth0"

INET_IFACE="ppp0"

INTERNAL_LAN="192.168.1.0/24"

start(){

#################### Qos rule on eth0 for download########################

if [ "$LAN_IFACE" != "" ];then

tc qdisc add dev eth0 root handle 2:0 htb default 30

tc class add dev eth0 parent 2:0 classid 2:1 htb rate 3Mbit burst 15k

tc class add dev eth0 parent 2:1 classid 2:10 htb rate 3Mbit burst 15k

tc class add dev eth0 parent 2:1 classid 2:20 htb rate 2000kbit ceil 2Mbit burst 15k

tc class add dev eth0 parent 2:1 classid 2:30 htb rate 1600kbit ceil 1400kbit burst 15k

tc qdisc add dev eth0 parent 2:10 handle 10: sfq perturb 10

tc qdisc add dev eth0 parent 2:20 handle 20: sfq perturb 10

tc qdisc add dev eth0 parent 2:30 handle 30: sfq perturb 10

U32_1="tc filter add dev eth0 protocol ip parent 2:0 prio 1 u32"

$U32_1 match ip src 202.104.56.55/32 flowid 2:10

$U32_1 match ip src 192.168.4.0/24 flowid 2:10

$U32_1 match ip src 192.168.25.0/24 flowid 2:10

U32_2="tc filter add dev eth0 protocol ip parent 2:0 prio 2 u32"

$U32_2 match ip dst 192.168.1.99/32 flowid 2:20

$U32_2 match ip dst 192.168.1.202/32 flowid 2:20

tc filter add dev eth0 protocol ip parent 2:0 prio 3 u32 match ip dst 192.168.1.0/24 flowid 2:30

echo ""

echo ""

echo "qos rule on eth0 start ...........ok!"

echo ""

echo ""

fi

#################### Qos rule on ppp0 for upload ########################

if [ "$INET_IFACE" != "" ];then

iptables -F -t mangle

iptables -X -t mangle

iptables -Z -t mangle

iptables -A PREROUTING -t mangle -i eth0 -s 192.168.1.99/32 -j MARK --set-mark 1

iptables -A PREROUTING -t mangle -i eth0 -s 192.168.1.202/32 -j MARK --set-mark 1

#iptables -A PREROUTING -t mangle -i eth0 -s 192.168.1.0/24 -j MARK --set-mark 2

tc qdisc add dev ppp0 root handle 1:0 htb default 30

tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 1Mbit burst 15k

tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 1Mbit burst 15k

tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 400kbit ceil 400kbit burst 15k

tc class add dev ppp0 parent 1:1 classid 1:30 htb rate 300kbit ceil 300kbit burst 15k

tc qdisc add dev ppp0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10

U32="tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32"

tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dst 202.104.56.55/32 flowid 1:10

tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.4.0/24 flowid 1:10

tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.25.0/24 flowid 1:10

tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip protocol 50 0xff flowid 1:10

tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip protocol 51 0xff flowid 1:10

tc filter add dev ppp0 parent 1:0 protocol ip prio 2 handle 1 fw classid1:20

#tc filter add dev ppp0 parent 1:0 protocol ip prio 3 handle 2 fw classid1:30

echo ""

echo ""

echo "qos rule on ppp0 start ...........ok!"

echo ""

echo ""

fi

}

stop(){

if [ "$LAN_IFACE" != "" ];then

$TC qdisc del dev $LAN_IFACE root

fi

if [ "$INET_IFACE" != "" ];then

$TC qdisc del dev $INET_IFACE root

fi

iptables -F -t mangle

iptables -X -t mangle

iptables -Z -t mangle

}

status(){

echo "show qdisc ............ "

echo ""

echo ""

echo ""

$TC -d -s qdisc

echo ""

echo ""

echo "show filter ............ "

echo ""

echo ""

if [ "$LAN_IFACE" != "" ];then

$TC -d -s filter ls dev $LAN_IFACE

fi

echo ""

echo ""

if [ "$INET_IFACE" != "" ];then

$TC -d -s filter ls dev $INET_IFACE

fi

echo ""

echo ""

echo "show class ............ "

echo ""

echo ""

if [ "$LAN_IFACE" != "" ];then

$TC -d -s class ls dev $LAN_IFACE

fi

echo ""

echo ""

if [ "$INET_IFACE" != "" ];then

$TC -d -s class ls dev $INET_IFACE

fi

echo ""

echo ""

}

case "$1" in

start)

start

;;

stop)

stop

;;

restart)

stop

start

;;

status)

status

;;

*)

echo $"Usage:$0 {start|stop|restart|status}"

exit 1

esac

exit $?

./Qos.sh restart即可

如果ADSL重新拨号,可以用crontab加入计划任务中,或都把Qos.sh restart加入到ADSL拨号脚本中

宝宝健脾胃的药有哪些
丁桂薏芽健脾凝胶怎么吃
云香精多少钱一瓶
手指戳伤怎样包扎
猜你会喜欢的
猜你会喜欢的