HTB + QOS

1. HTB + QOS

aloi
(usa Ubuntu)

Enviado em 27/12/2008 - 02:45h

Olá, estou configurando um Servidor UBUNTU 8.04 LTS + SQUID 3.018 STABLE + TC-HTB + IPROUTE2

e no momento estou preso em um problema. Gostaria da ajuda da comunidade se fosse possível...

Eu, logo de inicio, deixei meu servidor rodando o HTB-TOOLS 3.0a BETA para controle de banda da internet dos meus clientes, enquanto estava aprendendo.

Agora, através da ajuda da comunidade Vivaolinux e diversos sites na internet, montei um script para o tc e para o firewall... Gostaria de tirar uma duvida quanto a configuração dele, pois o configurei para liberar o sinal de internet, priorizar os pacotes pequenos e liberar o tráfego da rede interna...

Porém ele não está obedecendo a hierarquia e está liberando o tráfego da internet da mesma forma que libera o trafego da rede interna. ou seja, ele nao libera 64KBPS para cada máquina, e sim todo a banda disponivel...

sera que estou cego e nao estou vendo alguma falha nesse script???

vou postar para vocês!!

#!/bin/bash

case "$1" in
'start')

##############################################################################
####### REGRAS GERAIS PARA CONTROLE DO TRAFEGO E DA BANDA DOS CLIENTES #######
##############################################################################

# CRIACAO DAS CLASSES

tc qdisc add dev eth0 root handle 1: htb default 30
tc class add dev eth0 parent 1: classid 1:1 htb rate 100000kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 96000kbit ceil 100000kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 3000kbit ceil 10000kbit prio 2
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 1024kbit ceil 2048kbit prio 3

# CLASSIFICACAO DOS PACOTES DAS CLASSES PRINCIPAIS

tc qdisc add dev eth0 parent 1:10 handle 110 sfq perturb 10
tc qdisc add dev eth0 parent 1:20 handle 120 sfq perturb 10
tc qdisc add dev eth0 parent 1:30 handle 130 sfq perturb 10

# MARCACAO DAS CLASSES

tc filter add dev eth0 parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
tc filter add dev eth0 parent 1: prio 2 protocol ip handle 2 fw flowid 1:20
tc filter add dev eth0 parent 1: prio 3 protocol ip handle 3 fw flowid 1:30

##############################################################################
######## REGRAS PARA O CONTROLE INDIVIDUAL DA BANDA DOS CLIENTES #############
##############################################################################

# CRIACAO DAS SUB-CLASSES

tc class add dev eth0 parent 1:30 classid 1:301 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:302 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:303 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:304 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:305 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:306 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:307 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:308 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:309 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:310 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:311 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:312 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:313 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:314 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:315 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:316 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:317 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:318 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:319 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:320 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:321 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:322 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:323 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:324 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:325 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:326 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:327 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:328 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:329 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:330 htb rate 32kbit ceil 64kbit prio 3 quantum 1530
tc class add dev eth0 parent 1:30 classid 1:331 htb rate 32kbit ceil 64kbit prio 3 burst 1 mpu 0 quantum 1500

# CLASSIFICACAO DOS PACOTES DAS SUB-CLASSES

tc qdisc add dev eth0 parent 1:301 handle 301 sfq perturb 10
tc qdisc add dev eth0 parent 1:302 handle 302 sfq perturb 10
tc qdisc add dev eth0 parent 1:303 handle 303 sfq perturb 10
tc qdisc add dev eth0 parent 1:304 handle 304 sfq perturb 10
tc qdisc add dev eth0 parent 1:305 handle 305 sfq perturb 10
tc qdisc add dev eth0 parent 1:306 handle 306 sfq perturb 10
tc qdisc add dev eth0 parent 1:307 handle 307 sfq perturb 10
tc qdisc add dev eth0 parent 1:308 handle 308 sfq perturb 10
tc qdisc add dev eth0 parent 1:309 handle 309 sfq perturb 10
tc qdisc add dev eth0 parent 1:310 handle 310 sfq perturb 10
tc qdisc add dev eth0 parent 1:311 handle 311 sfq perturb 10
tc qdisc add dev eth0 parent 1:312 handle 312 sfq perturb 10
tc qdisc add dev eth0 parent 1:313 handle 313 sfq perturb 10
tc qdisc add dev eth0 parent 1:314 handle 314 sfq perturb 10
tc qdisc add dev eth0 parent 1:315 handle 315 sfq perturb 10
tc qdisc add dev eth0 parent 1:316 handle 316 sfq perturb 10
tc qdisc add dev eth0 parent 1:317 handle 317 sfq perturb 10
tc qdisc add dev eth0 parent 1:318 handle 318 sfq perturb 10
tc qdisc add dev eth0 parent 1:319 handle 319 sfq perturb 10
tc qdisc add dev eth0 parent 1:320 handle 320 sfq perturb 10
tc qdisc add dev eth0 parent 1:321 handle 321 sfq perturb 10
tc qdisc add dev eth0 parent 1:322 handle 322 sfq perturb 10
tc qdisc add dev eth0 parent 1:323 handle 323 sfq perturb 10
tc qdisc add dev eth0 parent 1:324 handle 324 sfq perturb 10
tc qdisc add dev eth0 parent 1:325 handle 325 sfq perturb 10
tc qdisc add dev eth0 parent 1:326 handle 326 sfq perturb 10
tc qdisc add dev eth0 parent 1:327 handle 327 sfq perturb 10
tc qdisc add dev eth0 parent 1:328 handle 328 sfq perturb 10
tc qdisc add dev eth0 parent 1:329 handle 329 sfq perturb 10
tc qdisc add dev eth0 parent 1:330 handle 330 sfq perturb 10
tc qdisc add dev eth0 parent 1:331 handle 331 sfq perturb 10

# MARCACAO DE PACOTE DAS SUB-CLASSES

tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 4 fw flowid 1:301
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 5 fw flowid 1:302
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 6 fw flowid 1:303
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 7 fw flowid 1:304
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 8 fw flowid 1:305
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 9 fw flowid 1:306
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 10 fw flowid 1:307
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 11 fw flowid 1:308
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 12 fw flowid 1:309
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 13 fw flowid 1:310
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 14 fw flowid 1:311
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 15 fw flowid 1:312
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 16 fw flowid 1:313
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 17 fw flowid 1:314
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 18 fw flowid 1:315
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 19 fw flowid 1:316
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 20 fw flowid 1:317
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 21 fw flowid 1:318
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 22 fw flowid 1:319
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 23 fw flowid 1:320
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 24 fw flowid 1:321
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 25 fw flowid 1:322
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 26 fw flowid 1:323
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 27 fw flowid 1:324
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 28 fw flowid 1:325
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 29 fw flowid 1:326
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 30 fw flowid 1:327
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 31 fw flowid 1:328
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 32 fw flowid 1:329
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 33 fw flowid 1:330
tc filter add dev eth0 parent 1:0 prio 3 protocol ip handle 34 fw flowid 1:331

echo HTB CONFIGURADO COM SUCESSO!

;;

'stop')
tc qdisc del dev eth0 root
echo CONTROLE DE BANDA INTERROMPIDO!!
;;

esac

##########################################################
##########################################################
AGORA AS REGRAS DE FIREWALL

#!/bin/bash
case "$1" in
'start')
modprobe iptable_nat
modprobe iptable_mangle
modprobe iptable_filter
modprobe ipt_mark
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -F -t filter
######### CONFIGURACOES PARA O PPPOE ###########

#iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

##########################################################################
############### REGRAS PARA CONTROLE E PRIORIZACAO DE TRAFEGO ############
##########################################################################

## PRIORIZACAO DO TRAFEGO POP/SMTP

iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 110 -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 110 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 110 -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 110 -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 25 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 25 -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 25 -j RETURN

## PRIORIZACAO DO TRAFEGO HTTP PARA PACOTES COM ATE 1024B DE TAMANHO

iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m length --length 1:1024 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m length --length 1:1024 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -m length --length 1:1024 -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -m length --length 1:1024 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -m length --length 1:1024 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -m length --length 1:1024 -j RETURN

## PRIORIZACAO PARA PROGRAMAS COMO MSN E ICQ

iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 5190 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 5190 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 5190 -j RETURN

iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 5190 -j DSCP --set-dscp 34
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 5190 -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 5190 -j RETURN

## LIBERACAO DE TRAFEGO PARA O COUNTER-STRIKE

iptables -t mangle -A PREROUTING -p udp --dport 20715 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p udp --dport 27015 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp --dport 27015 -j RETURN

iptables -t mangle -A PREROUTING -p udp --sport 20715 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p udp --sport 27015 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp --sport 27015 -j RETURN

iptables -t mangle -A PREROUTING -p tcp --dport 20715 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p tcp --dport 27015 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp --dport 27015 -j RETURN

iptables -t mangle -A PREROUTING -p tcp --sport 20715 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p tcp --sport 27015 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp --sport 27015 -j RETURN

iptables -t mangle -A PREROUTING -p udp --dport 20716 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p udp --dport 27016 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp --dport 27016 -j RETURN

iptables -t mangle -A PREROUTING -p udp --sport 20716 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p udp --sport 27016 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp --sport 27016 -j RETURN

iptables -t mangle -A PREROUTING -p tcp --dport 20716 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p tcp --dport 27016 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp --dport 27016 -j RETURN

iptables -t mangle -A PREROUTING -p tcp --sport 20716 -j DSCP --set-dscp 46
iptables -t mangle -A PREROUTING -p tcp --sport 27016 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp --sport 27016 -j RETURN

## LIBERACAO DO TRAFEGO PARA ENTRA A REDE INTERNA E GATEWAY

iptables -t mangle -A OUTPUT -s 192.168.2.252/32 -j DSCP --set-dscp 46
iptables -t mangle -A OUTPUT -s 192.168.2.252/32 -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -s 192.168.2.252/32 -j RETURN

## CONTROLE DE BANDA PARA OS CLIENTES (BEST EFFORT)

iptables -t mangle -A PREROUTING -s 192.168.2.1/32 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -s 192.168.2.2/32 -j MARK --set-mark 5
iptables -t mangle -A PREROUTING -s 192.168.2.3/32 -j MARK --set-mark 6
iptables -t mangle -A PREROUTING -s 192.168.2.4/32 -j MARK --set-mark 7
iptables -t mangle -A PREROUTING -s 192.168.2.5/32 -j MARK --set-mark 8
iptables -t mangle -A PREROUTING -s 192.168.2.6/32 -j MARK --set-mark 9
iptables -t mangle -A PREROUTING -s 192.168.2.7/32 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -s 192.168.2.8/32 -j MARK --set-mark 11
iptables -t mangle -A PREROUTING -s 192.168.2.9/32 -j MARK --set-mark 12
iptables -t mangle -A PREROUTING -s 192.168.2.10/32 -j MARK --set-mark 13
iptables -t mangle -A PREROUTING -s 192.168.2.11/32 -j MARK --set-mark 14
iptables -t mangle -A PREROUTING -s 192.168.2.12/32 -j MARK --set-mark 15
iptables -t mangle -A PREROUTING -s 192.168.2.13/32 -j MARK --set-mark 16
iptables -t mangle -A PREROUTING -s 192.168.2.14/32 -j MARK --set-mark 17
iptables -t mangle -A PREROUTING -s 192.168.2.15/32 -j MARK --set-mark 18
iptables -t mangle -A PREROUTING -s 192.168.2.16/32 -j MARK --set-mark 19
iptables -t mangle -A PREROUTING -s 192.168.2.17/32 -j MARK --set-mark 20
iptables -t mangle -A PREROUTING -s 192.168.2.18/32 -j MARK --set-mark 21
iptables -t mangle -A PREROUTING -s 192.168.2.19/32 -j MARK --set-mark 22
iptables -t mangle -A PREROUTING -s 192.168.2.20/32 -j MARK --set-mark 23
iptables -t mangle -A PREROUTING -s 192.168.2.21/32 -j MARK --set-mark 24
iptables -t mangle -A PREROUTING -s 192.168.2.22/32 -j MARK --set-mark 25
iptables -t mangle -A PREROUTING -s 192.168.2.23/32 -j MARK --set-mark 26
iptables -t mangle -A PREROUTING -s 192.168.2.24/32 -j MARK --set-mark 27
iptables -t mangle -A PREROUTING -s 192.168.2.25/32 -j MARK --set-mark 28
iptables -t mangle -A PREROUTING -s 192.168.2.26/32 -j MARK --set-mark 29
iptables -t mangle -A PREROUTING -s 192.168.2.27/32 -j MARK --set-mark 30
iptables -t mangle -A PREROUTING -s 192.168.2.28/32 -j MARK --set-mark 31
iptables -t mangle -A PREROUTING -s 192.168.2.29/32 -j MARK --set-mark 32
iptables -t mangle -A PREROUTING -s 192.168.2.30/32 -j MARK --set-mark 33
iptables -t mangle -A PREROUTING -s 192.168.2.253/32 -j MARK --set-mark 34

iptables -t mangle -A POSTROUTING -s 192.168.2.1/32 -j MARK --set-mark 4
iptables -t mangle -A POSTROUTING -s 192.168.2.2/32 -j MARK --set-mark 5
iptables -t mangle -A POSTROUTING -s 192.168.2.3/32 -j MARK --set-mark 6
iptables -t mangle -A POSTROUTING -s 192.168.2.4/32 -j MARK --set-mark 7
iptables -t mangle -A POSTROUTING -s 192.168.2.5/32 -j MARK --set-mark 8
iptables -t mangle -A POSTROUTING -s 192.168.2.6/32 -j MARK --set-mark 9
iptables -t mangle -A POSTROUTING -s 192.168.2.7/32 -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -s 192.168.2.8/32 -j MARK --set-mark 11
iptables -t mangle -A POSTROUTING -s 192.168.2.9/32 -j MARK --set-mark 12
iptables -t mangle -A POSTROUTING -s 192.168.2.10/32 -j MARK --set-mark 13
iptables -t mangle -A POSTROUTING -s 192.168.2.11/32 -j MARK --set-mark 14
iptables -t mangle -A POSTROUTING -s 192.168.2.12/32 -j MARK --set-mark 15
iptables -t mangle -A POSTROUTING -s 192.168.2.13/32 -j MARK --set-mark 16
iptables -t mangle -A POSTROUTING -s 192.168.2.14/32 -j MARK --set-mark 17
iptables -t mangle -A POSTROUTING -s 192.168.2.15/32 -j MARK --set-mark 18
iptables -t mangle -A POSTROUTING -s 192.168.2.16/32 -j MARK --set-mark 19
iptables -t mangle -A POSTROUTING -s 192.168.2.17/32 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -s 192.168.2.18/32 -j MARK --set-mark 21
iptables -t mangle -A POSTROUTING -s 192.168.2.19/32 -j MARK --set-mark 22
iptables -t mangle -A POSTROUTING -s 192.168.2.20/32 -j MARK --set-mark 23
iptables -t mangle -A POSTROUTING -s 192.168.2.21/32 -j MARK --set-mark 24
iptables -t mangle -A POSTROUTING -s 192.168.2.22/32 -j MARK --set-mark 25
iptables -t mangle -A POSTROUTING -s 192.168.2.23/32 -j MARK --set-mark 26
iptables -t mangle -A POSTROUTING -s 192.168.2.24/32 -j MARK --set-mark 27
iptables -t mangle -A POSTROUTING -s 192.168.2.25/32 -j MARK --set-mark 28
iptables -t mangle -A POSTROUTING -s 192.168.2.26/32 -j MARK --set-mark 29
iptables -t mangle -A POSTROUTING -s 192.168.2.27/32 -j MARK --set-mark 30
iptables -t mangle -A POSTROUTING -s 192.168.2.28/32 -j MARK --set-mark 31
iptables -t mangle -A POSTROUTING -s 192.168.2.29/32 -j MARK --set-mark 32
iptables -t mangle -A POSTROUTING -s 192.168.2.30/32 -j MARK --set-mark 33
iptables -t mangle -A POSTROUTING -s 192.168.2.253/32 -j MARK --set-mark 34

iptables -t mangle -A PREROUTING -j MARK --set-mark 3
iptables -t mangle -A POSTROUTING -j MARK --set-mark 3

############### NETWORK ADDRESS TRANSLATION ###############

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A PREROUTING -s 192.168.2.0/24 -d ! 192.168.2.252 -p tcp --dport 80 -j REDIRECT --to-port 3128

echo FIREWALL CONFIGURANDO COM SUCESSO!
;;
'stop')
iptables -F -t mangle
iptables -F -t filter
echo REGRAS PARA CONTROLE DE TRAFEGO REMOVIDAS MANGLE E FILTER!!
;;
esac

Pesquiso muito antes de pedir ajuda... mas agora estou realmente precisando de ajuda...

Resumindo meu problema:

Porque o controle de banda nao funciona ??
eu dou um tc -s -d class show dev eth0
e ele diz da "Sent byte: 0"

mas quando eu dou iptables -t mangle -nvL

ele diz que os pacotes estão sendo marcados...

por acaso eu preciso adicionar alguma regra a mais???

um abraço a todos!!!!!!!!!!!!

0 0

Quote