[MASOCH-L] CBQ em eth virtuais.
Eduardo Ramos
eduardo.ramos at datagrupo.com.br
Thu May 19 17:53:46 BRT 2005
eth0=externo
eth1=interno
proxy=172.16.0.1 porta 8080 (squid)
controle de banda com tc!
tc qdisc del dev lo root
tc qdisc del dev eth0 root
iptables -F -t filter
iptables -X -t filter
iptables -F -t mangle
iptables -X -t mangle
iptables -F -t nat
iptables -X -t nat
ip addr del 172.16.0.1/30 broadcast + dev eth1
# ip - Adicionando 10.0.0.1/30 a eth1
ip addr del 172.16.0.1/30 broadcast + dev eth1
ip addr add 172.16.0.1/30 broadcast + dev eth1
iptables -P FORWARD DROP
/sbin/tc qdisc add dev eth0 root handle 1:0 cbq bandwidth 10mbit avpkt
1000 cell 8
/sbin/tc class change dev eth0 root cbq weight 10Mbit allot 1514
/sbin/tc qdisc add dev eth1 root handle 1:0 cbq bandwidth 10mbit avpkt
1000 cell 8
/sbin/tc class change dev eth1 root cbq weight 10Mbit allot 1514
/sbin/tc class add dev eth1 parent 1: classid 1:c1 cbq bandwidth 100Mbit
rate 128Kbit weight 12Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded
/sbin/tc qdisc add dev eth1 parent 1:c1 handle c1 tbf rate 128Kbit buffer
10Kb/8 limit 15Kb mtu 1500
/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 100 u32 match ip
dst 172.16.0.2 classid 1:c1
/sbin/tc class add dev eth0 parent 1: classid 1:c1 cbq bandwidth 100Mbit
rate 128Kbit weight 12Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded
/sbin/tc qdisc add dev eth0 parent 1:c1 handle c1 tbf rate 128Kbit buffer
10Kb/8 limit 15Kb mtu 1500
/sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip
src 172.16.0.2 classid 1:c1
iptables -t mangle -A FORWARD -o eth0 -s 172.16.0.2 -j MARK --set-mark 1
/sbin/tc filter add dev eth0 parent 1: protocol ip handle 1 fw flowid 1:c1
iptables -t nat -A POSTROUTING -o eth0 -s 172.16.0.2 -j MASQUERADE
iptables -t filter -I FORWARD -s 172.16.0.2 -m mac --mac-source
00:E0:98:33:F3:40 -j ACCEPT
iptables -t filter -I FORWARD -d 172.16.0.2 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -s 172.16.0.2 -d
172.16.0.1 -j DNAT --to 172.16.0.1:8080
> Não testei ainda, mas, controlei o upload do CBQ usando MARK (um para
> cada ip através de um shell script) na tabela MANGLE do IPTABLES.
>
> Pensei em fazer o mesmo com as interfaces virtuais pois o MARK será
> feito por IP : )
>
> Se alguém conseguiu fazer direto passa aí a receita por favor.
>
> Um fraterno abraço !!!
>
> Silvio Cesar L. dos Santos
> Divisão de Tecnologia da Informação
> Universidade do Grande Rio - UNIGRANRIO
> -----------------------------------------
> (o_
> //\ - Software Livre -
> V_/_ conhecimento ao alcance de todos
>
>
> Hamilton Vera escreveu:
>> Boa tarde caros, gostaria de saber se algum de voces ja
>> conseguiu fazer o CBQ funcionar com interfaces virtuais.
>>
>> Exemplo:
>> eth0:1
>> eth0:2
>> eth0:3
>> ...
>>
>> Obrigado
>>
>> :)
>>
>>
>>
>> Hamilton Vera - Linux Powered - Anti Spam Policy
>> int Administrator (char Network[],char ComputationalSystems[]);
>> Seven Internet http://lib.seven.com.br
>> Linux User #338927
>> "Google is my shepherd, no want shall I know"
>>
>> __
>> masoch-l list
>> https://eng.registro.br/mailman/listinfo/masoch-l
>>
>>
> __
> masoch-l list
> https://eng.registro.br/mailman/listinfo/masoch-l
>
Eduardo Ramos
Administrador de Redes GNU/Linux-Unix
www.datagrupo.com.br
Brainbench Certified Professional
Linux User #346872
More information about the masoch-l
mailing list