Use linux for nat service, and use tc to limit traffic
Source: Internet
Author: User
Use linux as the nat service, and use tc to limit traffic-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Recently, some colleagues used bt and e for crazy download. We were greatly affected when playing cs on the Internet, so we made traffic control on nat and introduced some experience to netizens, hope to help cs fans.
The Internet environment is as follows:
Eth0 Internet ip Address: a. B. c. d
Eth1 Intranet ip1: 192.168.0.0/24 for the boss and bt
Eth2 Intranet ip2: 192.168.1.0/24 For Me And csfans
The linux-based nat command is as follows:
Echo 1>;/proc/sys/net/ipv4/ip_forward
Iptables-F
Iptables-t nat-F ---- clear old rules
Iptables-t nat-a postrouting-s 192.168.0.0/24-o eth0-j SNAT -- to a. B. c. d --- nat for Intranet ip1
Iptables-t nat-a postrouting-s 192.168.1.0/24-o eth0-j SNAT -- to a. B. c. d --- nat for Intranet ip2
------------ Mark Traffic Control Based on fw Filter
Iptables-I PREROUTING-t mangle-p tcp-s 192.168.0.0/24-j MARK -- set-mark 1
Iptables-I PREROUTING-t mangle-p tcp-s 192.168.1.0/24-j MARK -- set-mark 2
------------ Perform traffic control for the upload speed
Tc requires kernel 2.4.18 or above, so upgrade is not enough
Tc can only control the speed at which packets are sent by the Network Adapter. Therefore, the upload speed must be limited to eth0.
---- Delete old queue
Tc qdisc del dev eth0 root
---- Add a root queue with a NIC speed of 10 Mbit, And the upload speed is also available
Tc qdisc add dev eth0 root handle 100: cbq bandwidth 10 Mbit avpkt 1000
---- Add a root class
Tc class add dev eth0 parent 100:0 classid 100cbq bandwidth 10 Mbit rate 10 Mbit allot 1514 weight 1 Mbit prio 8 maxburst 8 avpkt 1000 bounded
---- Add a subclass for Intranet 1 speed limit of 300 Kbit
Tc class add dev eth0 parent 100classid 100:2 cbq bandwidth 10 Mbit rate 300 Kbit allot 1513 weight 30 Kbit prio 5 maxburst 8 avpkt 1000 bounded
---- Add a subclass for Intranet 2 with a speed limit of 320 Kbit
Tc class add dev eth0 parent 100classid 100:3 cbq bandwidth 10 Mbit rate 320 Kbit allot 1513 weight 32 Kbit prio 6 maxburst 8 avpkt 1000 bounded
---- Set queue rules
Tc qdisc add dev eth0 parent 100:2 sfq quantum 1514b perturb 15
Tc qdisc add dev eth0 parent 100:3 sfq quantum 1514b perturb 15
------ Map the queue to the fw filter. The 1 of hand 1 is the tag that begins to use iptables, and the 2 of hand 2 is also the tag that begins to use iptables.
Tc filter add dev eth0 parent 100:0 protocol ip prio 1 handle 1 fw classid 100:2
Tc filter add dev eth0 parent 100:0 protocol ip prio 2 handle 2 fw classid 100:3
----------------------- I only limit the download speed of the boss and bt, and the filter uses u32.
Tc qdisc del dev eth1 root
Tc qdisc add dev eth1 root handle 200: cbq bandwidth 10 Mbit avpkt 1000
Tc class add dev eth1 parent 200:0 classid 200cbq bandwidth 10 Mbit rate 10 Mbit allot 1514 weight 2 Kbit prio 8 maxburst 8 avpkt 1000 bounded
Tc class add dev eth1 parent 200classid 200:2 cbq bandwidth 10 Mbit rate 1000 Kbit allot 1513 weight 1 Mbit prio 5 maxburst 8 avpkt 1000 bounded
Tc qdisc add dev eth1 parent 200:2 sfq quantum 1514b perturb 15
Tc filter add dev eth1 parent 200:0 protocol ip prio 25 u32 match ip dst 192.168.0.0/24 flowid 200:2
----------------------
Now we can use tc-s qdisc ls dev eth0
Tc-s qdisc ls dev eth1
Tc-s class ls dev eth0
Tc-s class ls dev eth1 monitoring traffic
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
