Step by step teach you how to use linux as a speed-limiting router

Thanks to the open-source and free linux, more and more manufacturers are using it for firewalls and routers, such as sea spider and flying fish Star. In fact, we can also use linux to build a high-performance router. the following uses redhat as an example to teach you how to create a speed-limiting route. install li...

 

Thanks to the open-source and free linux, more and more manufacturers are using it for firewalls and routers, such as sea spider and flying fish Star. In fact, we can also use linux to build a high-performance router. the following uses red hat as an example to teach you how to implement a speed-limiting route.

 

If you are a newbie, install the graphic desktop during installation.

 

Step 1: Establish an adsl connection, which is available in system settings-network settings. It is easy to handle in the graphic interface.

Step 2: enable IP forwarding and disguise (that is, routing and NAT)

1. open the/etc/sysconfig/network file as the root user and add the following line to the file:

GATEWAYDEV = PPP0 is used to set the default route.

2. enable IP forwarding: Open the/etc/sysctl. conf file, modify net. ipv4.ip _ forward = 0, and change 0 to 1.

3. restart the system

Step 3: Set the iptables firewall to determine which IP addresses can access the Internet through the linux host.

The following code allows 192. 168. 0. 0 CIDR block:

1. open the terminal and enter the following command at the # prompt:

Iptables-t nat-I POSTROUTING-o ppp0-j MASQUERADE #

Iptables-a forward-s 192.168.0.0/24-j ACCEPT # indicates that the forwarding is from 192. 168. 0. 0-segment communication

Iptables-a forward-d 192.168.0.0/24-j ACCEPT # This statement means that the forwarding is 192. 168. 0. 0-segment communication

Iptables-a forward-s! 192.168.0.0/24-j DROP # This statement indicates that communication without the IP address range 192.168.0.0 is denied.

2. Save the above firewall rules to ensure they are valid after restart

Enter the following command

Iptables-save>/etc/sysconfig/iptables

 

In this way, your linux router should be able to run.

PS: all commands must be case sensitive.

 

Speed limit implementation: In linux, there is a special speed limit software-tc, but it is difficult for new users to grasp the TC syntax, on the firewall, we can limit the speed by limiting the number of packets that a certain IP address or segment of IP addresses pass in one second.

The following is a limit of 192. 168. 0. 2. the IP address's network speed is used as an example.

Open/etc/syscofngi/iptables in the desktop environment and check whether all the settings are recorded in this file. now you can add rules in this file.

1. first find the filter

2. add the following two rows under the filter row:

-A forward-m limit-d 192.168.0.2 -- limit 30/sec-j ACCEPT # This statement indicates that only 30 forwarding entries per second reach 192. 168. 0. 2 data packets (about 45KB a data packet is 1.5KB)

-A forward-d 192.168.0.2-j DROP # This statement is used to indicate that packets that have reached 192.168.0.2 fail)

 

3. restart the system to achieve the speed limit.

4. restrict the upload speed. change d in the above two items to s.