ADSL网关流量控制

前言：

    关于Linux网关的，我已经发表了几篇文章，但一些小公司（如我们的部分贸易子公司）并没有专线，而是使用ADSL（下载2M，上传为512K），动态IP，信息管理不严，经常有人在内网使用P2P类软件，有时上传达到450K，这样ADSL线路基本上会瘫痪。为了减轻管理负担及节省购买设备的费用，安装linux作为ADSL网关，并进行流量控制。

案例说明：

    网关：linux系统、两网卡：eth0连接内网(192.168.1.0/24) eth1连接ADSL modem，并与总公司（192.168.4.0/24）及仓库（192.168.25.0/24）建立IPSEC VPN连接

1、下载：eth0

    到台湾总公司、VPN及邮件服务器202.104.56.55的下载流量为2.5M（不受限制）优先级为1

    到达192.168.1.99及192.168.1.202主机的下载可达2M，优先级为2 （此两台为服务器）

    其它流量则限制为1.4M，优先级为3

2、上传：ppp0

    到台湾总公司、VPN及邮件服务器202.104.56.55的上传流量为1M（其实最大才512K），优先级为1

    到达192.168.1.99及202主机的上传流量可达400K，优先级为2

    其它流量则限制为300k，优先级为3

Qos.sh文件如下：

#!/bin/sh

########## [email protected] ###########

TC="/sbin/tc"

LAN_IFACE="eth0"

INET_IFACE="ppp0"

INTERNAL_LAN="192.168.1.0/24"

start(){

#################### Qos rule on eth0 for download  ########################

if [ "$LAN_IFACE" != "" ];then

         tc qdisc add dev eth0 root handle 2:0 htb default 30

         tc class add dev eth0 parent 2:0 classid 2:1 htb rate 3Mbit burst 15k

         tc class add dev eth0 parent 2:1 classid 2:10 htb rate 3Mbit burst 15k

         tc class add dev eth0 parent 2:1 classid 2:20 htb rate 2000kbit ceil 2Mbit burst 15k

         tc class add dev eth0 parent 2:1 classid 2:30 htb rate 1600kbit ceil 1400kbit burst 15k

         tc qdisc add dev eth0 parent 2:10 handle 10: sfq perturb 10

         tc qdisc add dev eth0 parent 2:20 handle 20: sfq perturb 10

         tc qdisc add dev eth0 parent 2:30 handle 30: sfq perturb 10

         U32_1="tc filter add dev eth0 protocol ip parent 2:0 prio 1 u32"

         $U32_1 match ip src 202.104.56.55/32 flowid 2:10

         $U32_1 match ip src 192.168.4.0/24 flowid 2:10

         $U32_1 match ip src 192.168.25.0/24 flowid 2:10

         U32_2="tc filter add dev eth0 protocol ip parent 2:0 prio 2 u32"

         $U32_2 match ip dst 192.168.1.99/32 flowid 2:20

         $U32_2 match ip dst 192.168.1.202/32 flowid 2:20

         tc filter add dev eth0 protocol ip parent 2:0 prio 3 u32 match ip dst 192.168.1.0/24 flowid 2:30

        echo ""

        echo ""

        echo "qos rule on eth0 start ...........ok!"

        echo ""

        echo ""

fi

#################### Qos rule on ppp0 for upload ########################

if [ "$INET_IFACE" != "" ];then

        iptables -F -t mangle

        iptables -X -t mangle

        iptables -Z -t mangle

        iptables -A PREROUTING -t mangle -i eth0 -s 192.168.1.99/32 -j MARK --set-mark 1

        iptables -A PREROUTING -t mangle -i eth0 -s 192.168.1.202/32 -j MARK --set-mark 1

        #iptables -A PREROUTING -t mangle -i eth0 -s 192.168.1.0/24 -j MARK --set-mark 2

         tc qdisc add dev ppp0 root handle 1:0 htb default 30

         tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 1Mbit burst 15k

         tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 1Mbit burst 15k

         tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 400kbit ceil 400kbit burst 15k

         tc class add dev ppp0 parent 1:1 classid 1:30 htb rate 300kbit ceil 300kbit burst 15k

         tc qdisc add dev ppp0 parent 1:10 handle 10: sfq perturb 10

         tc qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10

         tc qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10

         U32="tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32"

         tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dst 202.104.56.55/32 flowid 1:10

         tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.4.0/24 flowid 1:10

         tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.25.0/24 flowid 1:10

         tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip protocol 50 0xff flowid 1:10

         tc filter add dev ppp0 protocol ip parent 1:0 prio 1 u32 match ip protocol 51 0xff flowid 1:10

         tc filter add dev ppp0 parent 1:0 protocol ip prio 2 handle 1 fw classid  1:20

         #tc filter add dev ppp0 parent 1:0 protocol ip prio 3 handle 2 fw classid  1:30

        echo ""

        echo ""

        echo "qos rule on ppp0 start ...........ok!"

        echo ""

        echo ""

fi

}

stop(){

if [ "$LAN_IFACE" != "" ];then

        $TC qdisc del dev $LAN_IFACE root

fi

if [ "$INET_IFACE" != "" ];then

        $TC qdisc del dev $INET_IFACE root

fi

iptables -F -t mangle

iptables -X -t mangle

iptables -Z -t mangle

}

status(){

echo "show qdisc ............ "

echo ""

echo ""

echo ""

$TC -d -s qdisc

echo ""

echo ""

echo "show filter ............ "

echo ""

echo ""

if [ "$LAN_IFACE" != "" ];then

        $TC -d -s filter ls dev $LAN_IFACE

fi

echo ""

echo ""

if [ "$INET_IFACE" != "" ];then

        $TC -d -s filter ls dev $INET_IFACE

fi

echo ""

echo ""

echo "show class ............ "

echo ""

echo ""

if [ "$LAN_IFACE" != "" ];then

        $TC -d -s class ls dev $LAN_IFACE

fi

echo ""

echo ""

if [ "$INET_IFACE" != "" ];then

        $TC -d -s class ls dev $INET_IFACE

fi

echo ""

echo ""

}

case "$1" in

  start)

    start

    ;;

  stop)

    stop

    ;;

  restart)

    stop

    start

    ;;

  status)

    status

    ;;

  *)

    echo $"Usage:$0 {start|stop|restart|status}"

    exit 1

esac

exit $?

./Qos.sh restart即可

如果ADSL重新拨号，可以用crontab加入计划任务中，或都把Qos.sh restart加入到ADSL拨号脚本中