Bridging
QOS htb queueing
Ebtables filter
Add atrpms repository bij yum en installeer
echo "[atrpms]
name=Fedora Core $releasever - $basearch - ATrpms
baseurl=http://dl.atrpms.net/fc$releasever-$basearch/atrpms/stable" >> /etc/yum.conf
[root@bridge ~]# yum install ebtables bridge-utils
Setting up Install Process
Setting up Repos
atrpms 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
updates-released 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
atrpms : ################################################## 1078/1078
base : ################################################## 2622/2622
updates-re: ################################################## 970/970
Parsing package install arguments
No Match for argument: ebtables
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package bridge-utils.i386 0:1.0.4-4 set to be updated
--> Running transaction check
--> Processing Dependency: libsysfs.so.1 for package: bridge-utils
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Package sysfsutils.i386 0:1.2.0-1 set to be updated
--> Running transaction check
Dependencies Resolved
Transaction Listing:
Install: bridge-utils.i386 0:1.0.4-4 - base
Performing the following to resolve dependencies:
Install: sysfsutils.i386 0:1.2.0-1 - base
Total download size: 83 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): bridge-utils-1.0.4 100% |=========================| 27 kB 00:00
(2/2): sysfsutils-1.2.0-1 100% |=========================| 56 kB 00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: sysfsutils 100 % done 1/2
Installing: bridge-utils 100 % done 2/2
Installed: bridge-utils.i386 0:1.0.4-4
Dependency Installed: sysfsutils.i386 0:1.2.0-1
Complete!
Edit de volgende files
file /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
IPADDR=192.168.1.2
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
DELAY=30
STP=ON
file /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=ETHER
BRIDGE=br0
ONBOOT=yes
file /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=ETHER
BRIDGE=br0
ONBOOT=yes
[root@bridge root]# brctl showstp br0
br0
bridge id 8000.0010a403d44a
designated root 0001.00d003db8401
root port 1 path cost 101
max age 20.00 bridge max age 20.00
hello time 2.00 bridge hello time 2.00
forward delay 15.00 bridge forward delay 15.00
ageing time 300.00 gc interval 4.00
hello timer 0.00 tcn timer 0.00
topology change timer 0.00 gc timer 2.92
flags
eth0 (1)
port id 8001 state forwarding
designated root 0001.00d003db8401 path cost 100
designated bridge c000.0002fd81cc01 message age timer 2.40
designated port 8089 forward delay timer 0.00
designated cost 1 hold timer 0.00
flags
eth1 (2)
port id 8002 state forwarding
designated root 0001.00d003db8401 path cost 100
designated bridge 8000.0010a403d44a message age timer 0.00
designated port 8002 forward delay timer 0.00
designated cost 101 hold timer 0.00
flags
file path/htb.sh (ik plaats scripts altijd in /scripts/htb.sh)
if [ "$1" = "status" ]
then
/sbin/tc -s class ls dev eth0
/sbin/tc -s class ls dev eth1
exit
fi
if [ "$1" = "stop" ]
then
/sbin/tc qdisc del dev eth0 root 2> /dev/null > /dev/null
/sbin/tc qdisc del dev eth1 root 2> /dev/null > /dev/null
echo "STOP = OK"
exit
fi
if [ "$1" = "start" ]
then
# RULES
# cleanup
/sbin/tc qdisc del dev eth0 root 2> /dev/null > /dev/null
/sbin/tc qdisc del dev eth1 root 2> /dev/null > /dev/null
# eth0 (external)
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 10000kbit ceil 10000kbit
tc class add dev eth0 parent 1:1 classid 1:2 htb rate 2000kbit ceil 2000kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 2000kbit ceil 2000kbit prio 1
tc class add dev eth0 parent 1:1 classid 1:4 htb rate 512kbit ceil 512kbit prio 1
tc class add dev eth0 parent 1:4 classid 1:41 htb rate 256kbit ceil 384kbit prio 1 burst 2kbit
tc class add dev eth0 parent 1:4 classid 1:42 htb rate 128kbit ceil 450kbit prio 2 burst 2kbit
tc class add dev eth0 parent 1:4 classid 1:43 htb rate 128kbit ceil 450kbit prio 3 burst 2kbit
# eth1 (internal)
tc qdisc add dev eth1 root handle 2: htb
tc class add dev eth1 parent 2: classid 2:1 htb rate 10000kbit ceil 10000kbit
tc class add dev eth1 parent 2:1 classid 2:2 htb rate 2000kbit ceil 2000kbit prio 1
tc class add dev eth1 parent 2:1 classid 2:3 htb rate 2000kbit ceil 2000kbit prio 1
tc class add dev eth1 parent 2:1 classid 2:4 htb rate 512kbit ceil 512kbit prio 1
tc class add dev eth1 parent 2:4 classid 2:41 htb rate 256kbit ceil 384kbit prio 1 burst 2kbit
tc class add dev eth1 parent 2:4 classid 2:42 htb rate 128kbit ceil 450kbit prio 2 burst 2kbit
tc class add dev eth1 parent 2:4 classid 2:43 htb rate 128kbit ceil 450kbit prio 3 burst 2kbit
# filters
tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x12 fw classid 1:2
tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x13 fw classid 1:3
tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x141 fw classid 1:41
tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x142 fw classid 1:42
tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x143 fw classid 1:43
tc filter add dev eth1 parent 2: protocol ip prio 1 handle 0x22 fw classid 2:2
tc filter add dev eth1 parent 2: protocol ip prio 1 handle 0x23 fw classid 2:3
tc filter add dev eth1 parent 2: protocol ip prio 1 handle 0x241 fw classid 2:41
tc filter add dev eth1 parent 2: protocol ip prio 1 handle 0x242 fw classid 2:42
tc filter add dev eth1 parent 2: protocol ip prio 1 handle 0x243 fw classid 2:43
####### END
exit
fi
path/htb.sh status
class htb 1:1 root rate 10Mbit ceil 10Mbit burst 2848b cburst 2848b
Sent 2233403355 bytes 10596183 pkts (dropped 0, overlimits 0 requeues 0)
rate 9541bit 66pps
lended: 0 borrowed: 0 giants: 0
tokens: 2296 ctokens: 2296
class htb 1:2 parent 1:1 prio 1 rate 2Mbit ceil 2Mbit burst 1849b cburst 1849b
Sent 65253934 bytes 565473 pkts (dropped 0, overlimits 0 requeues 0)
rate 95bit 1pps
lended: 565473 borrowed: 0 giants: 0
tokens: 7217 ctokens: 7217
class htb 1:3 parent 1:1 prio 1 rate 2Mbit ceil 2Mbit burst 1849b cburst 1849b
Sent 435637962 bytes 2681434 pkts (dropped 0, overlimits 0 requeues 0)
rate 6009bit 42pps
lended: 2681434 borrowed: 0 giants: 0
tokens: 7315 ctokens: 7315
class htb 1:4 parent 1:1 rate 512Kbit ceil 512Kbit burst 1663b cburst 1663b
Sent 1732511459 bytes 7349276 pkts (dropped 0, overlimits 0 requeues 0)
rate 3771bit 23pps
lended: 1055164 borrowed: 0 giants: 0
tokens: 25856 ctokens: 25856
class htb 1:41 parent 1:4 prio 1 rate 256Kbit ceil 384Kbit burst 255b cburst 1647b
Sent 108119387 bytes 888473 pkts (dropped 0, overlimits 0 requeues 0)
rate 63bit
lended: 865360 borrowed: 23113 giants: 0
tokens: 6654 ctokens: 34134
class htb 1:42 parent 1:4 prio 2 rate 128Kbit ceil 450Kbit burst 255b cburst 1655b
Sent 569607767 bytes 2244715 pkts (dropped 0, overlimits 0 requeues 0)
rate 2745bit 17pps
lended: 1914731 borrowed: 329984 giants: 0
tokens: 12286 ctokens: 29273
class htb 1:43 parent 1:4 prio 3 rate 128Kbit ceil 450Kbit burst 255b cburst 1655b
Sent 1054784305 bytes 4216088 pkts (dropped 0, overlimits 0 requeues 0)
rate 983bit 5pps
lended: 3514021 borrowed: 702067 giants: 0
tokens: -4098 ctokens: 24322
class htb 2:1 root rate 10Mbit ceil 10Mbit burst 2848b cburst 2848b
Sent 7775491380 bytes 12322177 pkts (dropped 0, overlimits 0 requeues 0)
rate 302Kbit 73pps
lended: 0 borrowed: 0 giants: 0
tokens: 2296 ctokens: 2296
class htb 2:2 parent 2:1 prio 1 rate 2Mbit ceil 2Mbit burst 1849b cburst 1849b
Sent 316055870 bytes 561775 pkts (dropped 0, overlimits 0 requeues 0)
rate 31bit
lended: 561775 borrowed: 0 giants: 0
tokens: 6857 ctokens: 6857
class htb 2:3 parent 2:1 prio 1 rate 2Mbit ceil 2Mbit burst 1849b cburst 1849b
Sent 1812476557 bytes 3159408 pkts (dropped 0, overlimits 0 requeues 0)
rate 31491bit 50pps
lended: 3159408 borrowed: 0 giants: 0
tokens: 1384 ctokens: 1384
class htb 2:4 parent 2:1 rate 512Kbit ceil 512Kbit burst 1663b cburst 1663b
Sent 5646958953 bytes 8600994 pkts (dropped 0, overlimits 0 requeues 0)
rate 6591bit 22pps
lended: 3719768 borrowed: 0 giants: 0
tokens: 25856 ctokens: 25856
class htb 2:41 parent 2:4 prio 1 rate 256Kbit ceil 384Kbit burst 255b cburst 1647b
Sent 436207585 bytes 1135807 pkts (dropped 0, overlimits 0 requeues 0)
rate 147bit 1pps
lended: 920005 borrowed: 215802 giants: 0
tokens: 1278 ctokens: 30548
class htb 2:42 parent 2:4 prio 2 rate 128Kbit ceil 450Kbit burst 255b cburst 1655b
Sent 874495734 bytes 2302671 pkts (dropped 0, overlimits 0 requeues 0)
rate 5602bit 17pps
lended: 1680038 borrowed: 622633 giants: 0
tokens: 12286 ctokens: 29273
class htb 2:43 parent 2:4 prio 3 rate 128Kbit ceil 450Kbit burst 255b cburst 1655b
Sent 4336255634 bytes 5162516 pkts (dropped 0, overlimits 0 requeues 0)
rate 1555bit 3pps
lended: 2281183 borrowed: 2881333 giants: 0
tokens: -1538 ctokens: 25050
A="/sbin/ebtables"
if [ "$1" = "status" ]
then
$A -L --Lc
exit
fi
if [ "$1" = "stop" ]
then
$A -F
exit
fi
if [ "$1" = "start" ]
then
$A -F
$A -A FORWARD -p IPv4 --ip-src 192.168.1.0/24 -o eth1 -j mark --set-mark 0x23 --mark-target ACCEPT
$A -A FORWARD -p IPv4 --ip-dst 192.168.1.0/24 -o eth0 -j mark --set-mark 0xr13 --mark-target ACCEPT
$A -A FORWARD -o eth0 -j mark --set-mark 0x143 --mark-target ACCEPT
$A -A FORWARD -o eth1 -j mark --set-mark 0x243 --mark-target ACCEPT
exit
fi
ebtables.sh status
-p IPv4 -o eth1 --ip-src 192.168.1.0/24 -j mark --set-mark 0x23, pcnt = 0 -- bcnt = 0
-p IPv4 -o eth0 --ip-dst 192.168.1.0/24 -j mark --set-mark 0x13, pcnt = 0 -- bcnt = 0
-o eth0 -j mark --set-mark 0x143, pcnt = 222 -- bcnt = 42202
-o eth1 -j mark --set-mark 0x243, pcnt = 156 -- bcnt = 43603
