针对特定服务做优先级设定,提高带宽使用质量,也可针对特定IP进行限速。
#加载模块:
insmod xt_IPID
insmod cls_u32
insmod cls_fw
insmod sch_htb
insmod sch_sfq
insmod sch_prio
#启用IMQ虚拟网卡
ip link set imq0 up
ip link set imq1 up
#删除旧队列
tc qdisc del dev imq0 root
tc qdisc del dev imq1 root
#上传设置
#增加根队列,未标记数据默认走26
tc qdisc add dev imq0 root handle 1: htb default 26
#增加总流量规则
tc class add dev imq0 parent 1: classid 1:1 htb rate 350kbit
#增加子类
tc class add dev imq0 parent 1:1 classid 1:20 htb rate 80kbit ceil 250kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:21 htb rate 80kbit ceil 250kbit prio 1
tc class add dev imq0 parent 1:1 classid 1:22 htb rate 80kbit ceil 250kbit prio 2
tc class add dev imq0 parent 1:1 classid 1:23 htb rate 80kbit ceil 250kbit prio 3
tc class add dev imq0 parent 1:1 classid 1:24 htb rate 80kbit ceil 250kbit prio 4
tc class add dev imq0 parent 1:1 classid 1:25 htb rate 50kbit ceil 250kbit prio 5
tc class add dev imq0 parent 1:1 classid 1:26 htb rate 50kbit ceil 150kbit prio 6
tc class add dev imq0 parent 1:1 classid 1:27 htb rate 50kbit ceil 100kbit prio 7
#为子类添加SFQ公平队列,每10秒重置
tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev imq0 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev imq0 parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev imq0 parent 1:23 handle 23: sfq perturb 10
tc qdisc add dev imq0 parent 1:24 handle 24: sfq perturb 10
tc qdisc add dev imq0 parent 1:25 handle 25: sfq perturb 10
tc qdisc add dev imq0 parent 1:26 handle 26: sfq perturb 10
tc qdisc add dev imq0 parent 1:27 handle 27: sfq perturb 10
#添加过滤规则配合Iptables Mark标记
#tc filter add dev imq0 parent 1:0 protocol ip u32 match ip sport 22 0xffff flowid 1:10
#使用U32标记数据,下面使用Iptables mark,容易。
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 27 fw flowid 1:27
#上传数据转入特定链
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -A POSTROUTING -o pppoe-wan -j MYSHAPER-OUT
iptables -t mangle -A MYSHAPER-OUT -j IMQ –todev 0
#为特定数据打上标记配合之前过滤规则
#iptables -t mangle -I MYSHAPER-OUT -s 192.168.1.16 -j MARK –set-mark 27 #限制特定IP上传速度
#iptables -t mangle -I MYSHAPER-OUT -s 192.168.1.16 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp –tcp-flags SYN,RST,ACK SYN -j MARK –set-mark 20 #提高HTTP连接速度
iptables -t mangle -A MYSHAPER-OUT -p tcp –tcp-flags SYN,RST,ACK SYN -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p udp –dport 53 -j MARK –set-mark 20 #DNS查询
iptables -t mangle -A MYSHAPER-OUT -p udp –dport 53 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK –set-mark 21 #ICMP数据
iptables -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length –length :64 -j MARK –set-mark 21 #小数据包
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length –length :64 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 22 -j MARK –set-mark 22 #SSH连接
iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 22 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p udp –dport 1194 -j MARK –set-mark 22 #VPN连接
iptables -t mangle -A MYSHAPER-OUT -p udp –dport 1194 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 80 -j MARK –set-mark 23 #HTTP连接
iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 80 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 443 -j MARK –set-mark 24 #HTTPS连接
iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 443 -j RETURN
#上传设置完成
#下载设置
#增加根队列,未标记数据默认走24
tc qdisc add dev imq1 handle 1: root htb default 24
tc class add dev imq1 parent 1: classid 1:1 htb rate 3500kbit
#添加子类
tc class add dev imq1 parent 1:1 classid 1:20 htb rate 1000kbit ceil 1500kbit prio 0
tc class add dev imq1 parent 1:1 classid 1:21 htb rate 1500kbit ceil 2500kbit prio 1
tc class add dev imq1 parent 1:1 classid 1:22 htb rate 2000kbit ceil 3500kbit prio 2
tc class add dev imq1 parent 1:1 classid 1:23 htb rate 1000kbit ceil 1500kbit prio 3
tc class add dev imq1 parent 1:1 classid 1:24 htb rate 1000kbit ceil 1500kbit prio 4
#为子类添加SFQ公平队列
tc qdisc add dev imq1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev imq1 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev imq1 parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev imq1 parent 1:23 handle 23: sfq perturb 10
tc qdisc add dev imq1 parent 1:24 handle 24: sfq perturb 10
#过滤规则
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
#下载数据转入特定链
iptables -t mangle -N MYSHAPER-IN
iptables -t mangle -A PREROUTING -i pppoe-wan -j MYSHAPER-IN
iptables -t mangle -A MYSHAPER-IN -j IMQ –todev 1
#分类标记数据
#iptables -t mangle -A MYSHAPER-IN -d 192.168.1.16 -j MARK –set-mark 23 #限制特定IP下载速度
#iptables -t mangle -A MYSHAPER-IN -d 192.168.1.16 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp -m length –length :64 -j MARK –set-mark 20 #小数据优先
iptables -t mangle -A MYSHAPER-IN -p tcp -m length –length :64 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p icmp -j MARK –set-mark 20 #ICMP数据
iptables -t mangle -A MYSHAPER-IN -p icmp -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 22 -j MARK –set-mark 21 #SSH连接
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 22 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p udp –sport 1194 -j MARK –set-mark 21 #VPN连接
iptables -t mangle -A MYSHAPER-IN -p udp –sport 1194 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 443 -j MARK –set-mark 22 #HTTPS连接
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 443 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 80 -j MARK –set-mark 22 #HTTP连接
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 80 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 0:1024 -j MARK –set-mark 23 #系统服务端口连接
iptables -t mangle -A MYSHAPER-IN -p tcp –sport 0:1024 -j RETURN
#下载设置完成
