nat, bandwith throttling, and acces control
i have made this script. Will it work? or can it be better?
#/bin/sh
###download
tc qdisc add dev eth1 root handle 1: cbq avpkt 1000 bandwidth 1mbit
## ip 50
tc class add dev eth1 parent 1: classid 1:1 cbq rate 512kbit \
allot 1500 prio 5 bounded isolated
tc filter add dev eth1 parent 1: protocol ip prio 16 u32 \
match ip dst 192.168.123.50 flowid 1:1
## ip 51
tc class add dev eth1 parent 1: classid 1:2 cbq rate 512kbit \
allot 1500 prio 5 bounded isolated
tc filter add dev eth1 parent 1: protocol ip prio 16 u32 \
match ip dst 192.168.123.51 flowid 1:2
###### upload
tc qdisc add dev eth0 root handle 2: cbq avpkt 1000 bandwidth 512kbit
## ip 50
tc class add dev eth0 parent 2: classid 2:1 cbq rate 256kbit \
allot 1500 prio 5 bounded isolated
tc filter add dev eth0 parent 2: protocol ip prio 16 u32 \
match ip src 192.168.123.50 flowid 2:1
## ip 51
tc class add dev eth1 parent 2: classid 2:2 cbq rate 256kbit \
allot 1500 prio 5 bounded isolated
tc filter add dev eth1 parent 2: protocol ip prio 16 u32 \
match ip src 192.168.123.51 flowid 2:2
## nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.123.0/255.255.255.0 -o eth0 -j SNAT --to-source 10.0.0.6
## accept all packets from 50
iptables -A PREROUTING -s 192.168.123.50 -j ACCEPT
iptables -t mangle -A PREROUTING -s 192.168.123.50 -j RETURN
## accept all packets from 51
iptables -A PREROUTING -s 192.168.123.51 -j ACCEPT
iptables -t mangle -A PREROUTING -s 192.168.123.51 -j RETURN
## accept dhcp
iptables -A PREROUTING -s 0.0.0.0 -d 255.255.255.255 -sport 68 -dport 67 -p UDP -j ACCEPT
iptables -A PREROUTING -s 0.0.0.0 -d 255.255.255.255 -sport 68 -dport 67 -p UDP -j RETURN
iptables -A PREROUTING -s 192.168.123.1 -d 255.255.255.255 -sport 67 -dport 68 -p UDP -j ACCEPT
iptables -A PREROUTING -s 192.168.123.1 -d 255.255.255.255 -sport 67 -dport 68 -p UDP -j RETURN
## drop other packets
iptables -A PREROUTING -s -j DROP
|