我有一个无法解决的问题。
设置流量整形规则的脚本阻止了来自某些主机的流量。如果我删除所有规则,它就会起作用。我不明白为什么?这是我的脚本...
#!/bin/sh
cmdTC=/sbin/tc
rateLANDl="60mbit"
ceilLANDl="60mbit"
rateLANUl="40mbit"
ceilLANUl="40mbit"
quantLAN="1514"
# Nowaday bandwidth limit set to 100mbit.
# We devide it with 60mbit download and 40mbit upload bandthes.
rateHiDl="30mbit"
ceilHiDl="60mbit"
rateHiUl="20mbit"
ceilHiUl="40mbit"
quantHi="1514"
rateLoDl="30mbit"
ceilLoDl="60mbit"
rateLoUl="20mbit"
ceilLoUl="40mbit"
quantLo="1514"
devNIF=eth0
devFIF=ifb0
modprobe ifb
ip link set $devFIF up 2>/dev/null
#exit 0
################################################################################################
# Remove discuiplines from network and fake interfaces
################################################################################################
$cmdTC qdisc del dev $devNIF root 2>/dev/null
$cmdTC qdisc del dev $devFIF root 2>/dev/null
$cmdTC qdisc del dev $devNIF ingress 2>/dev/null
if [ "$1" = "down" ]; then
exit 0
fi
################################################################################################
# Create discuiplines for network interface
################################################################################################
$cmdTC qdisc add dev $devNIF root handle 1:0 htb default 12
# Create classes for network interface
$cmdTC class add dev $devNIF parent 1:0 classid 1:1 htb rate ${rateLANDl} ceil ${ceilLANDl} quantum ${quantLAN}
$cmdTC class add dev $devNIF parent 1:1 classid 1:11 htb rate ${rateHiDl} ceil ${ceilHiDl} quantum ${quantHi}
$cmdTC class add dev $devNIF parent 1:1 classid 1:12 htb rate ${rateLoDl} ceil ${ceilLoDl} quantum ${quantLo}
$cmdTC qdisc add dev $devNIF parent 1:11 handle 111: sfq perturb 10
$cmdTC qdisc add dev $devNIF parent 1:12 handle 112: sfq perturb 10
# Create filters for network interface
$cmdTC filter add dev $devNIF protocol all parent 1:0 u32 match ip dst 10.252.2.0/24 flowid 1:11
$cmdTC filter add dev $devNIF protocol all parent 111: handle 111 flow hash keys dst divisor 1024 baseclass 1:11
$cmdTC filter add dev $devNIF protocol all parent 112: handle 112 flow hash keys dst divisor 1024 baseclass 1:12
################################################################################################
# Create discuiplines for fake interface
################################################################################################
$cmdTC qdisc add dev $devFIF root handle 1:0 htb default 12
# Create classes for network interface
$cmdTC class add dev $devFIF parent 1:0 classid 1:1 htb rate ${rateLANUl} ceil ${ceilLANUl} quantum ${quantLAN}
$cmdTC class add dev $devFIF parent 1:1 classid 1:11 htb rate ${rateHiUl} ceil ${ceilHiUl} quantum ${quantHi}
$cmdTC class add dev $devFIF parent 1:1 classid 1:12 htb rate ${rateLoUl} ceil ${ceilLoUl} quantum ${quantLo}
$cmdTC qdisc add dev $devFIF parent 1:11 handle 111: sfq perturb 10
$cmdTC qdisc add dev $devFIF parent 1:12 handle 112: sfq perturb 10
# Create filters for network interface
$cmdTC filter add dev $devFIF protocol all parent 1:0 u32 match ip src 10.252.2.0/24 flowid 1:11
$cmdTC filter add dev $devFIF protocol all parent 111: handle 111 flow hash keys src divisor 1024 baseclass 1:11
$cmdTC filter add dev $devFIF protocol all parent 112: handle 112 flow hash keys src divisor 1024 baseclass 1:12
################################################################################################
# Create redirect discuiplines from network to fake interface
################################################################################################
$cmdTC qdisc add dev $devNIF handle ffff:0 ingress
$cmdTC filter add dev $devNIF parent ffff:0 protocol all u32 match u32 0 0 action mirred egress redirect dev $devFIF
这是我的 /etc/modules:
loop
ifb
ppp_mppe
nf_conntrack_pptp
nt_conntrack_proto_gre
nf_nat_pptp
nf_nat_proto_gre
系统是Linux wall 2.6.32-5-amd64 #1 SMP Sun Sep 23 10:07:46 UTC 2012 x86_64 GNU/Linux