论坛徽章:: 0

发表于 2012-07-09 09:19 |显示全部楼层

#!/bin/bash
DEV="ppp0"
UPLINK=800
tc qdisc del dev ppp0 root
#tc创建根队列
tc qdisc add dev $DEV root handle 1: htb default 24
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit ceil ${UPLINK}kbit prio 0
#对ACK,SYN,ICMP等数据优先级为一不限制上传
tc class add dev $DEV parent 1:1 classid 1:11 htb rate $[$UPLINK]kbit ceil ${UPLINK}kbit prio 1
#FTP&FTP-DATA 对FTP&FTP—DATA数据限制为100Kbit 对FTP上传进行严厉限速放置最后位
tc class add dev $DEV parent 1:1 classid 1:12 htb rate $[$UPLINK-700]kbit ceil ${UPLINK-700}kbit prio 8
#SSH 对SSH等数据进行高品质过滤不进行限速
tc class add dev $DEV parent 1:1 classid 1:13 htb rate $[$UPLINK]kbit ceil ${UPLINK}kbit prio 2
#HTTP HTTP多口不能多也不能少
tc class add dev $DEV parent 1:1 classid 1:14 htb rate $[$UPLINK-600]kbit ceil ${UPLINK-600}kbit prio 4
#HTTPS HTTPS 不限速
tc class add dev $DEV parent 1:1 classid 1:15 htb rate $[$UPLINK]kbit ceil ${UPLINK}kbit prio 3
#SMTP 邮件严厉限速，防止邮件流量突发猛增，造成网络上行带宽不可用，影响下行
tc class add dev $DEV parent 1:1 classid 1:16 htb rate $[$UPLINK-700]kbit ceil ${UPLINK-700}kbit prio 7
#OTHERS 其他流量走默认规则
tc class add dev $DEV parent 1:1 classid 1:24 htb rate $[$UPLINK-500]kbit ceil ${UPLINK-500}kbit prio 5
#SFQ 随机公平队列
tc qdisc add dev $DEV parent 1:11 handle 111: sfq perturb 5
tc qdisc add dev $DEV parent 1:12 handle 112: sfq perturb 20
tc qdisc add dev $DEV parent 1:13 handle 113: sfq perturb 5
tc qdisc add dev $DEV parent 1:14 handle 114: sfq perturb 10
tc qdisc add dev $DEV parent 1:15 handle 115: sfq perturb 10
tc qdisc add dev $DEV parent 1:16 handle 116: sfq perturb 20
tc qdisc add dev $DEV parent 1:24 handle 117: sfq perturb 10
#iptables  裂伤规则
iptables -t mangle -F
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --dport ftp -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.20.2-192.168.20.250 --dport ftp -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport ftp -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.1.20-192.168.1.237 --dport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.2.20-192.168.2.237 --dport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --dport ftp-data -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.20.2-192.168.20.250 --dport ftp-data -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.250 --dport ftp-data -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.1.20-192.168.1.237 --dport ftp-data -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.2.20-192.168.2.237 --dport ftp-data -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.3.20-192.168.3.237 --dport ftp-data -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --sport ftp -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.20.2-192.168.20.250 --sport ftp -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.2-192.168.3.250 --sport ftp -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.1.20-192.168.1.237 --sport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.2.20-192.168.2.237 --sport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --sport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.20-192.168.10.250 --sport ftp-data -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.20.20-192.168.20.250 --sport ftp-data -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.250 --sport ftp-data -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.1.20-192.168.1.237 --sport ftp-data -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.2.20-192.168.2.237 --sport ftp-data -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --sport ftp-data -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 22 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --dport 25 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --dport 25 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport 25 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport 25 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.1.20-192.168.1.237 --dport 25 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.2.20-192.168.2.237 --dport 25 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport 25 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --dport 110 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.20.2-192.168.20.250 --dport 110 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport 110 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.1.20-192.168.1.237 --dport 110 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.2.20-192.168.2.237 --dport 110 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport 110 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --dport 80 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.10.2-192.168.10.250 --dport 80 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport 80 -j MARK --set-mark 4
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.1.20-192.168.1.237 --dport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.2.20-192.168.2.237 --dport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp -m iprange --src-range 192.168.3.20-192.168.3.237 --dport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.10.2-192.168.10.250 --sport 80  -j MARK --set-mark 6
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.20.2-192.168.20.250 --sport 80  -j MARK --set-mark 6
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.3.20-192.168.3.237 --sport 80  -j MARK --set-mark 6
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.1.20-192.168.1.237 --sport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.2.20-192.168.2.237 --sport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp  -m iprange --src-range 192.168.3.20-192.168.3.237 --sport 80 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 443 -j MARK --set-mark 5
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 443 -j RETURN
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 443 -j MARK --set-mark 5
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 443 -j RETURN
iptables -t mangle -A PREROUTING -p udp -m udp --dport 53 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -p udp -m udp --dport 53 -j RETURN
iptables -t mangle -A PREROUTING -i $DEV -m iprange --src-range 192.168.10.2-192.168.10.250 -j MARK --set-mark 7
iptables -t mangle -A PREROUTING -i $DEV -m iprange --src-range 192.168.20.2-192.168.20.250 -j MARK --set-mark 7
iptables -t mangle -A PREROUTING -i $DEV -m iprange --src-range 192.168.3.2-192.168.3.237 -j MARK --set-mark 7
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 115 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p udp -m udp --dport 115 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 3820 -j MARK --set-mark 3
iptables -t mangle -A PREROUTING -p udp -m udp --dport 3820 -j MARK --set-mark 3
#tc filter 命中路由
tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle 1 fw classid 1:11
tc filter add dev $DEV parent 1:0 protocol ip prio 8 handle 2 fw classid 1:12
tc filter add dev $DEV parent 1:0 protocol ip prio 2 handle 3 fw classid 1:13
tc filter add dev $DEV parent 1:0 protocol ip prio 4 handle 4 fw classid 1:14
tc filter add dev $DEV parent 1:0 protocol ip prio 3 handle 5 fw classid 1:15
tc filter add dev $DEV parent 1:0 protocol ip prio 7 handle 6 fw classid 1:16
tc filter add dev $DEV parent 1:0 protocol ip prio 5 handle 7 fw classid 1:24

做了上述的脚本，我发现 iptables 裂伤规则不可用，就是基于端口的限速不起作用！变成了全局限制，任何上传流量都被制限成 20-25kbit/s了！
求各位大侠看看脚本有没有问题！

文库|博客

返回列表

Chinaunix › 论坛 › IT运维 › 网络技术 › 关于Linux TC限速遇到的问题！

关于Linux TC限速遇到的问题！ [复制链接]