dear all
iam newbie , i have 256 kbits of down link and 64 kbits of up link iam using
squid and htb i have got this while browsing the net , there are some few
issues i need help
while running the script i want browsing to be as fast as possible , uplink
especially kaaza should not eat my band width.
eth1 got public ip address and eth0 is internal with network 10.0.0.0/24 iam
also using nat , how can i make squid incoporates with htb (squid uses 3128)
here is my script
#!/bin/bash
TC=/sbin/tc
IPTABLES=/sbin/iptables
$TC qdisc del dev eth0 root 2> /dev/null > /dev/null
$TC qdisc del dev eth1 root 2> /dev/null > /dev/null
$TC qdisc del dev eth1 ingress 2> /dev/null > /dev/null
$IPTABLES -F POSTROUTING -t mangle
$TC qdisc add dev eth0 root handle 1: htb default 50 r2q 2
$TC class add dev eth0 parent 1: classid 1:2 htb rate 248Kbit burst 35k
$TC class add dev eth0 parent 1:2 classid 1:10 htb rate 220Kbit ceil 240Kbit
burst 25k prio 0
$TC class add dev eth0 parent 1:2 classid 1:30 htb rate 28Kbit ceil 28Kbit burst
10k prio 1
$TC class add dev eth0 parent 1: classid 1:60 htb rate 1Kbit ceil 100Mbit prio
1
$TC qdisc add dev eth0 parent 1:10 handle 11: sfq perturb 10
$TC qdisc add dev eth0 parent 1:30 handle 33: sfq perturb 10
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -j MARK --set-mark
3
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 80
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 443
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 22
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 21
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 53
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p udp --sport 53 -j
MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 110
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 5190
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport
6661:6669 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 3128
-j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p udp --sport 3128
-j MARK --set-mark 1#$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24
-p icmp -j MARK --set-mark 1
$TC filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:10
$TC filter add dev eth0 parent 1:0 protocol ip handle 3 fw flowid 1:30
$TC filter add dev eth0 parent 1:0 protocol ip prio 1 u32 \
match ip protocol 0x6 0xff \
match ip tos 0x10 0xff \
flowid 1:60
##############################
$TC qdisc add dev eth1 root handle 1: htb default 20
$TC class add dev eth1 parent 1: classid 1:1 htb rate 62Kbit burst 35k
$TC class add dev eth1 parent 1:1 classid 1:10 htb rate 40Kbit ceil 60Kbit
burst 25k prio 1
$TC class add dev eth1 parent 1:1 classid 1:20 htb rate 15Kbit ceil 55Kbit
burst 10k prio 2
$TC class add dev eth1 parent 1:1 classid 1:30 htb rate 7Kbit ceil 28Kbit burst
5k prio 3
$TC qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
$TC qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
$TC filter add dev eth1 parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
$TC filter add dev eth1 parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -j MARK --set-mark
12
# $IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p icmp -j MARK
--set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --sport 22
-j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --sport 80
-j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport 80
-j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport 21
-j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport 20
-j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --sport 3128
-j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport
3128 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -j MARK --set-mark 13
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 80 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 443 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 53 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p udp --dport 53 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 22 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 23 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 21 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 25 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 110 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 5190
-j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport
6661:6669 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s 10.0.0.0/24 -p udp --dport 3128 -j
MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s 10.0.0.0/24 -p tcp --dport 3128 -j
MARK --set-mark 11
#$IPTABLES -t mangle -A POSTROUTING -p icmp -j RETURN
$TC filter add dev eth1 parent 1:0 protocol ip handle 11 fw flowid 1:10
$TC filter add dev eth1 parent 1:0 protocol ip handle 12 fw flowid 1:20
$TC filter add dev eth1 parent 1:0 protocol ip handle 13 fw flowid 1:30
please help with clarification
regards
Dealing in Computers, Software and Peripherals
Jayesh Chandran Compucat Technologies
(An associate of Milan Cable Television)
1.Goliondoi Road, Arusha.
2.Ground Floor, Serengeti Wing,
PB No. 10367, AICC, Arusha, Tanzania
jayesh@bol.co.tz tel:
fax:
mobile: +255 27 2502660
+255 27 2504527
+255 748 586169
Add me to your address book... Want a signature like this?