|
nat, bandwith throttling, and acces control
i have made this script. Will it work? or can it be better?
#/bin/sh ###download tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1mbit ## ip 50 tc class add dev eth1 parent 1: classid 1:1 cbq rate 512kbit \ allot 1500 prio 5 bounded isolated tc filter add dev eth1 parent 1: protocol ip prio 16 u32 \ match ip dst 192.168.123.50 flowid 1:1 ## ip 51 tc class add dev eth1 parent 1: classid 1:2 cbq rate 512kbit \ allot 1500 prio 5 bounded isolated tc filter add dev eth1 parent 1: protocol ip prio 16 u32 \ match ip dst 192.168.123.51 flowid 1:2 ###### upload tc qdisc add dev eth0 root handle 2: cbq avpkt 1000 bandwidth 512kbit ## ip 50 tc class add dev eth0 parent 2: classid 2:1 cbq rate 256kbit \ allot 1500 prio 5 bounded isolated tc filter add dev eth0 parent 2: protocol ip prio 16 u32 \ match ip src 192.168.123.50 flowid 2:1 ## ip 51 tc class add dev eth1 parent 2: classid 2:2 cbq rate 256kbit \ allot 1500 prio 5 bounded isolated tc filter add dev eth1 parent 2: protocol ip prio 16 u32 \ match ip src 192.168.123.51 flowid 2:2 ## nat echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 192.168.123.0/255.255.255.0 -o eth0 -j SNAT --to-source 10.0.0.6 ## accept all packets from 50 iptables -A PREROUTING -s 192.168.123.50 -j ACCEPT iptables -t mangle -A PREROUTING -s 192.168.123.50 -j RETURN ## accept all packets from 51 iptables -A PREROUTING -s 192.168.123.51 -j ACCEPT iptables -t mangle -A PREROUTING -s 192.168.123.51 -j RETURN ## accept dhcp iptables -A PREROUTING -s 0.0.0.0 -d 255.255.255.255 -sport 68 -dport 67 -p UDP -j ACCEPT iptables -A PREROUTING -s 0.0.0.0 -d 255.255.255.255 -sport 68 -dport 67 -p UDP -j RETURN iptables -A PREROUTING -s 192.168.123.1 -d 255.255.255.255 -sport 67 -dport 68 -p UDP -j ACCEPT iptables -A PREROUTING -s 192.168.123.1 -d 255.255.255.255 -sport 67 -dport 68 -p UDP -j RETURN ## drop other packets iptables -A PREROUTING -s -j DROP |
| All times are GMT -5. The time now is 07:34 AM. |