Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
| — |
script_qos.sh [2010/08/06 12:57] (Version actuelle) |
||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| + | <code> | ||
| + | # Constantes | ||
| + | LOCALNET="x.x.x.x/255.255.255.255" | ||
| + | MARKPRIO1="1" | ||
| + | MARKPRIO2="2" | ||
| + | MARKPRIO3="3" | ||
| + | MARKPRIO4="4" | ||
| + | ##definitiondesconstantespourTC | ||
| + | |||
| + | IFACE=eth0 | ||
| + | |||
| + | #Taux | ||
| + | |||
| + | UPRATE="20mbit" | ||
| + | PRIORATE1="10mbit" | ||
| + | PRIORATE2="10mbit" | ||
| + | PRIORATE3="7mbit" | ||
| + | PRIORATE4="2mbit" | ||
| + | |||
| + | # Quanta Les quanta decrivent comment la bande passante est repartie entre #qdiscs. | ||
| + | |||
| + | QUANTUM1="12187" | ||
| + | QUANTUM2="8625" | ||
| + | QUANTUM3="5062" | ||
| + | QUANTUM4="1500" | ||
| + | |||
| + | ## #Burst | ||
| + | ## bursts determinent de combien de octets un qdsic peut depasser le taux avant d etre #arrete | ||
| + | |||
| + | BURST1="1000k" | ||
| + | BURST2="400k" | ||
| + | BURST3="200k" | ||
| + | BURST4="10k" | ||
| + | |||
| + | ## Le cburst sert a savoir de combien on a le droit de continuer avant que la connexion ne #stop. | ||
| + | |||
| + | CBURST1="3000k" | ||
| + | CBURST2="2000k" | ||
| + | CBURST3="100k" | ||
| + | CBURST4="10k" | ||
| + | |||
| + | # politique de base. iptables #! | ||
| + | |||
| + | iptables -P INPUT ACCEPT | ||
| + | iptables -P OUTPUT ACCEPT | ||
| + | iptables -P FORWARD ACCEPT | ||
| + | |||
| + | # Purger toutes les #tables | ||
| + | |||
| + | iptables -F INPUT | ||
| + | iptables -F OUTPUT | ||
| + | iptables -F FORWARD | ||
| + | iptables -t mangle -F OUTPUT | ||
| + | iptables -t mangle -F FORWARD | ||
| + | |||
| + | # Definition des #priorites | ||
| + | |||
| + | # Prio 1, les services #prioritaires. | ||
| + | # icmp | ||
| + | |||
| + | iptables -t mangle -A FORWARD -p icmp -j MARK --set-mark $MARKPRIO1 | ||
| + | iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark $MARKPRIO1 | ||
| + | iptables -t mangle -A INPUT -p icmp -j MARK --set-mark $MARKPRIO1 | ||
| + | |||
| + | # ssh (afin de ne pas laguer sur le ssh en #input) | ||
| + | |||
| + | iptables -t mangle -A FORWARD -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1 | ||
| + | iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1 | ||
| + | iptables -t mangle -A INPUT -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1 | ||
| + | |||
| + | # non tcp (pour ne pas avoir de soucis avec la resolution #dns) | ||
| + | |||
| + | iptables -t mangle -A INPUT -p ! tcp -j MARK --set-mark $MARKPRIO1 | ||
| + | iptables -t mangle -A FORWARD -p ! tcp -j MARK --set-mark $MARKPRIO1 | ||
| + | iptables -t mangle -A OUTPUT -p ! tcp -j MARK --set-mark $MARKPRIO1 | ||
| + | |||
| + | # Prio #2 | ||
| + | |||
| + | # #smtp | ||
| + | iptables -t mangle -A FORWARD -p tcp --dport 25 -j MARK --set-mark $MARKPRIO3 | ||
| + | iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark $MARKPRIO3 | ||
| + | |||
| + | # Prio #3 | ||
| + | |||
| + | # http | appriori pas besoin de brider l #input | ||
| + | |||
| + | iptables -t mangle -A FORWARD -p tcp --dport 80 -j MARK --set-mark $MARKPRIO3 | ||
| + | iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark $MARKPRIO3 | ||
| + | |||
| + | # #https | ||
| + | |||
| + | iptables -t mangle -A FORWARD -p tcp --dport 443 -j MARK --set-mark $MARKPRIO3 | ||
| + | iptables -t mangle -A OUTPUT -p tcp --dport 443 -j MARK --set-mark $MARKPRIO3 | ||
| + | |||
| + | # ftp # pas besoin de brider l #input. | ||
| + | |||
| + | iptables -t mangle -A FORWARD -p tcp --dport 21 -j MARK --set-mark $MARKPRIO3 | ||
| + | iptables -t mangle -A OUTPUT -p tcp --dport 21 -j MARK --set-mark $MARKPRIO3 | ||
| + | |||
| + | # Prio #4 | ||
| + | # packets > 1024 bytes | ||
| + | |||
| + | iptables -t mangle -A FORWARD -p tcp -m length --length 1024: -j MARK --set-mark $MARKPRIO4 | ||
| + | |||
| + | |||
| + | |||
| + | ## definition des regles de traffic #shaping. | ||
| + | |||
| + | ## longueur de la queue pour #eth0 | ||
| + | ifconfig $IFACE txqueuelen 128 | ||
| + | |||
| + | ## on defini la class root ! et sa file d #attente | ||
| + | |||
| + | tc qdisc add dev $IFACE root handle 1:0 htb default 103 r2q 1 | ||
| + | tc class add dev $IFACE parent 1:0 classid 1:1 htb rate $UPRATE burst $BURST1 cburst $CBURST1 | ||
| + | |||
| + | |||
| + | ## les sous #classes | ||
| + | |||
| + | tc class add dev $IFACE parent 1:1 classid 1:101 htb rate $PRIORATE1 ceil $UPRATE quantum $QUANTUM1 burst $BURST1 cburst $CBURST1 prio 0 | ||
| + | tc class add dev $IFACE parent 1:1 classid 1:102 htb rate $PRIORATE2 ceil $UPRATE quantum $QUANTUM2 burst $BURST2 cburst $CBURST2 prio 1 | ||
| + | tc class add dev $IFACE parent 1:1 classid 1:103 htb rate $PRIORATE3 ceil $UPRATE quantum $QUANTUM3 burst $BURST3 cburst $CBURST3 prio 2 | ||
| + | tc class add dev $IFACE parent 1:1 classid 1:104 htb rate $PRIORATE4 ceil $P2PRATE quantum $QUANTUM4 burst $BURST4 cburst $CBURST4 prio 3 | ||
| + | |||
| + | ## filtrage des packets marke grace a #iptables. | ||
| + | |||
| + | tc filter add dev $IFACE parent 1:0 protocol ip prio 0 handle $MARKPRIO1 fw classid 1:101 | ||
| + | tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle $MARKPRIO2 fw classid 1:102 | ||
| + | tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle $MARKPRIO3 fw classid 1:103 | ||
| + | tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle $MARKPRIO4 fw classid 1:104 | ||
| + | |||
| + | ## regles de file de #attente | ||
| + | |||
| + | tc qdisc add dev $IFACE parent 1:101 sfq perturb 16 quantum $QUANTUM1 | ||
| + | tc qdisc add dev $IFACE parent 1:102 sfq perturb 16 quantum $QUANTUM2 | ||
| + | tc qdisc add dev $IFACE parent 1:103 sfq perturb 16 quantum $QUANTUM3 | ||
| + | tc qdisc add dev $IFACE parent 1:104 sfq perturb 16 quantum $QUANTUM4 | ||
| + | |||
| + | </code> | ||