我正在尝试向我的
Linux直通服务器引入一些流量规则,以便为以下内容提供更好的QoS:
1)开箱即用的低端口流量(网络流量和邮件等).
2)进入盒子的低端口流量 – 特别是端口Web管理(80)和SSH(22).
3)最后放置文件共享优先级.即所有其他流量.
我已经使用tc和htb修改了一个shell脚本来设置一些基本规则:
#!/bin/bash UPLINK=7000 DOWNLINK=500 tc qdisc del dev eth0 root 2> /dev/null > /dev/null tc qdisc del dev eth1 root 2> /dev/null > /dev/null ip link set dev eth0 qlen 30 2> /dev/null > /dev/null ip link set dev eth0 mtu 576 2> /dev/null > /dev/null # add HTB root qdisc tc qdisc add dev eth0 root handle 1: htb default 40 tc class add dev eth0 parent 1: classid 1:1 htb rate ${UPLINK}kbit tc class add dev eth0 parent 1:1 classid 1:5 htb rate $[$UPLINK]kbit ceil ${UPLINK}kbit quantum 1 prio 0 tc class add dev eth0 parent 1:1 classid 1:10 htb rate $[(($UPLINK/8)*3)]kbit ceil ${UPLINK}kbit quantum 1 prio 1 tc class add dev eth0 parent 1:1 classid 1:20 htb rate $[(($UPLINK/8)*3)]kbit ceil ${UPLINK}kbit quantum 1 prio 2 tc class add dev eth0 parent 1:1 classid 1:30 htb rate $[(($UPLINK/8)*1)]kbit ceil ${UPLINK}kbit quantum 1 prio 3 tc class add dev eth0 parent 1:1 classid 1:40 htb rate $[(($UPLINK/8)*1)]kbit ceil ${UPLINK}kbit quantum 1 prio 4 # No SFQ because we should have almost no queue here. Better dropping packets than delay them in VoIP tc qdisc add dev eth0 parent 1:20 handle 5: pfifo limit 5 tc qdisc add dev eth0 parent 1:10 handle 10: pfifo limit 30 tc qdisc add dev eth0 parent 1:20 handle 20: pfifo limit 30 tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 limit 200 tc qdisc add dev eth0 parent 1:40 handle 40: sfq perturb 10 limit 300 iptables -t mangle -F QOSSHAPER-OUT 2> /dev/null > /dev/null iptables -t mangle -X QOSSHAPER-OUT 2> /dev/null > /dev/null iptables -t mangle -D POSTROUTING -o eth0 -j QOSSHAPER-OUT 2> /dev/null > /dev/null ######################################################################################################## iptables -t mangle -N QOSSHAPER-OUT iptables -t mangle -I POSTROUTING -o eth0 -j QOSSHAPER-OUT # ensure min delay by TOS field iptables -t mangle -A QOSSHAPER-OUT -m tos --tos 0x10 -j CLASSIFY --set-class 1:5 iptables -t mangle -A QOSSHAPER-OUT -p icmp -j CLASSIFY --set-class 1:20 iptables -t mangle -A QOSSHAPER-OUT -p udp --dport domain -j CLASSIFY --set-class 1:20 iptables -t mangle -A QOSSHAPER-OUT -p tcp --tcp-flags SYN,RST,ACK SYN,FIN -j CLASSIFY --set-class 1:20 iptables -t mangle -A QOSSHAPER-OUT -p tcp -m length --length 60 -j CLASSIFY --set-class 1:30 #Small packets ########################################################################################################
然后我添加了一些IPTABLES规则来塑造流量.
-A POSTROUTING -o eth0 -j QOSSHAPER-OUT -A QOSSHAPER-OUT -p tcp -m tcp --sport 80 -j CLASSIFY --set-class 0001:0020 -A QOSSHAPER-OUT -p tcp -m tcp --sport 22 -j CLASSIFY --set-class 0001:0020 -A QOSSHAPER-OUT -p tcp -m tcp --sport 7080 -j CLASSIFY --set-class 0001:0020 -A QOSSHAPER-OUT -p tcp -m tcp --sport 9080 -j CLASSIFY --set-class 0001:0020 -A QOSSHAPER-OUT -p tcp -m tcp --sport 1:1024 -j CLASSIFY --set-class 0001:0030 -A QOSSHAPER-OUT -p tcp -m tcp --dport 1:1024 -j CLASSIFY --set-class 0001:0030 -A QOSSHAPER-OUT -m tos --tos 0x10/0xff -j CLASSIFY --set-class 0001:0005 -A QOSSHAPER-OUT -p icmp -j CLASSIFY --set-class 0001:0020 -A QOSSHAPER-OUT -p udp -m udp --dport 53 -j CLASSIFY --set-class 0001:0020 -A QOSSHAPER-OUT -p tcp -m tcp --tcp-flags SYN,ACK FIN,SYN -j CLASSIFY --set-class 0001:0020 -A QOSSHAPER-OUT -p tcp -m length --length 60 -j CLASSIFY --set-class 0001:0030
如果您想知道端口7080和9080用于代理.
我希望LAN用户能够在端口80上拥有优先权,并且管理员用户将在端口80和22上拥有WAN访问高于所有传入流量 – 但是规则几乎没有区别.
任何建议或见解欢迎.
