Changeset 121 for system


Ignore:
Timestamp:
Dec 6, 2008, 12:01:57 PM (16 years ago)
Author:
george
Message:
  • Upraveno: Typ front nastaven na SFQ namísto PFIFO což je vhodné pro agregované linky a obzvláště pro free pomalý internet.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • system/generators/traffic_shaping_routerboard.php

    r120 r121  
    4242$Commands[] = ' /ip firewall mangle add chain=forward in-interface='.$InetInterface.' action=jump jump-target=inet-in';
    4343
    44 // Slow free internet
    45 $Commands[] = ' /queue tree add name=free-out limit-at='.$FreeInetSpeed.' max-limit='.$FreeInetSpeed.' parent=main-out packet-mark='.$PacketMark;
    46 $Commands[] = ' /ip firewall mangle add chain=inet-out out-interface='.$InetInterface.' action=mark-packet new-packet-mark='.$PacketMark;
    47 $PacketMark++;
    48 $Commands[] = ' /queue tree add name=free-in limit-at='.$FreeInetSpeed.' max-limit='.$FreeInetSpeed.' parent=main-in packet-mark='.$PacketMark;
    49 $Commands[] = ' /ip firewall mangle add chain=inet-in in-interface='.$InetInterface.' action=mark-packet new-packet-mark='.$PacketMark;
    50 $PacketMark++;
    51 
    5244// Divide rules by subnet number
    5345foreach(array(0, 1, 2, 3, 4, 5, 7) as $Subnet)
     
    5648  $Commands[] = ' /ip firewall mangle add chain=inet-in dst-address=192.168.'.$Subnet.'.0/24 in-interface='.$InetInterface.' action=jump jump-target=inet-in-'.$Subnet;
    5749}
     50
     51// Slow free internet
     52$Commands[] = ' /queue tree add name=free-out limit-at='.$FreeInetSpeed.' max-limit='.$FreeInetSpeed.' parent=main-out packet-mark='.$PacketMark;
     53$Commands[] = ' /ip firewall mangle add chain=inet-out out-interface='.$InetInterface.' action=mark-packet new-packet-mark='.$PacketMark.' queue=wireless-default';
     54$PacketMark++;
     55$Commands[] = ' /queue tree add name=free-in limit-at='.$FreeInetSpeed.' max-limit='.$FreeInetSpeed.' parent=main-in packet-mark='.$PacketMark.' queue=wireless-default';
     56$Commands[] = ' /ip firewall mangle add chain=inet-in in-interface='.$InetInterface.' action=mark-packet new-packet-mark='.$PacketMark;
     57$PacketMark++;
     58
    5859
    5960// Process users
     
    7273  $UserMaxSpeedOut = round($Tarify[$User['inet_tarif_now']]['max_speed'] / $OutDivider);
    7374  $Quantum = $Tarify[$User['inet_tarif_now']]['speed_factor'] * 1500;
    74   $Commands[] = ' /queue tree add name='.$User['fullname'].'-out limit-at='.$SpeedIn.' max-limit='.$UserMaxSpeedIn.' parent=main-out';
    75   $Commands[] = ' /queue tree add name='.$User['fullname'].'-in limit-at='.$SpeedOut.' max-limit='.$UserMaxSpeedOut.' parent=main-in';
     75  $Commands[] = ' /queue tree add name='.$User['fullname'].'-out limit-at='.$SpeedIn.' max-limit='.$UserMaxSpeedIn.' parent=main-out queue=wireless-default';
     76  $Commands[] = ' /queue tree add name='.$User['fullname'].'-in limit-at='.$SpeedOut.' max-limit='.$UserMaxSpeedOut.' parent=main-in queue=wireless-default';
    7677
    7778  $DbResult2 = $Database->select('hosts', 'COUNT(*)', "block=0 AND MAC!='' AND user=".$User['id']);
     
    8990    $Subnet = $IPParts[2];
    9091    $Commands[] = ' /ip firewall mangle add chain=inet-out-'.$Subnet.' src-address='.$Host['IP'].' out-interface='.$InetInterface.' action=mark-packet new-packet-mark='.$PacketMark.' passthrough=no';
    91     $Commands[] = ' /queue tree add name='.$Host['name'].'-out limit-at='.$HostSpeedIn.' max-limit='.$UserMaxSpeedIn.' parent='.$User['fullname'].'-out packet-mark='.$PacketMark;
     92    $Commands[] = ' /queue tree add name='.$Host['name'].'-out limit-at='.$HostSpeedIn.' max-limit='.$UserMaxSpeedIn.' parent='.$User['fullname'].'-out packet-mark='.$PacketMark.' queue=wireless-default';
    9293    $PacketMark++;
    9394    $Commands[] = ' /ip firewall mangle add chain=inet-in-'.$Subnet.' dst-address='.$Host['IP'].' in-interface='.$InetInterface.' action=mark-packet new-packet-mark='.$PacketMark.' passthrough=no';
    94     $Commands[] = ' /queue tree add name='.$Host['name'].'-in limit-at='.$HostSpeedOut.' max-limit='.$UserMaxSpeedOut.' parent='.$User['fullname'].'-in packet-mark='.$PacketMark;
     95    $Commands[] = ' /queue tree add name='.$Host['name'].'-in limit-at='.$HostSpeedOut.' max-limit='.$UserMaxSpeedOut.' parent='.$User['fullname'].'-in packet-mark='.$PacketMark.' queue=wireless-default';
    9596    $PacketMark++;
    9697    /*
     
    119120array_pop($Output);
    120121
    121   /*
    122 
    123   $FileClassInfo = fopen('/tmp/ClassInfo.txt', 'w+');
    124   $File = fopen('/a/bin/htb.sh', 'w+');
    125   fputs($File, "#!/bin/sh\n");
    126   exec('/sbin/iptables -t mangle -F FORWARD');
    127   exec('/sbin/iptables -t mangle -F INPUT');
    128   exec('/sbin/iptables -t mangle -F OUTPUT');
    129   exec('/sbin/iptables -t mangle -F PREROUTING');
    130   exec('/sbin/iptables -t mangle -F POSTROUTING');
    131   if($Enabled)
    132   {
    133     //exec('/sbin/iptables -t mangle -A FORWARD -j MARK --set-mark 0');
    134     //exec('/sbin/iptables -t mangle -i eth1 -A FORWARD -j MARK --set-mark 1');
    135     //exec('/sbin/iptables -t mangle -o eth1 -A FORWARD -j MARK --set-mark 1');
    136   }
    137 
    138 
    139   $FreeInetClass = 2;
    140  
    141   // In going traffic
    142   fputs($File, "/sbin/tc qdisc del dev ".$InInterface." root\n");
    143   if($Enabled)
    144   {
    145     fputs($File, "/sbin/tc qdisc add dev ".$InInterface." root handle 1:0 htb default 2\n");
    146     fputs($FileClassInfo, "1:1 Základní\n");
    147     fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n");
    148     fputs($FileClassInfo, "1:2 Internet zdarma\n");
    149     fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
    150     fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
    151   }
    152   // Out going traffic
    153   fputs($File, "/sbin/tc qdisc del dev ".$OutInterface." root\n");
    154   if($Enabled)
    155   {
    156     fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." root handle 1:0 htb default 2\n");
    157     fputs($FileClassInfo, "1:1 Základní\n");
    158     fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n");
    159     fputs($FileClassInfo, "1:2 Internet zdarma\n");
    160     fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$FreeInetClass." htb rate ".$FreeInetSpeed."kbit prio 3 quantum 1500\n");
    161     fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
    162   }
    163  
    164   if(!$Enabled) die("Traffic shaping disabled\n");
    165 
    166   if($ClassesEnabled)
    167   {
    168   $ClassId = 3;
    169 
    170   // VoIP
    171   $VoipClassId = $ClassId;
    172   $ClassId = $ClassId + 1;
    173   $Prio = 0; // Highest
    174 
    175   // VoIP in going traffic
    176   fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedIn."kbit ceil ".$VoipMaxSpeedIn."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
    177   fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
    178   fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
    179   // VoIP out going traffic
    180   fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$VoipClassId." htb rate ".$VoipSpeedOut."kbit ceil ".$VoipMaxSpeedOut."kbit quantum 12000 burst 6k cburst 3k prio ".$Prio."\n");
    181   fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$VoipClassId." handle ".$VoipClassId.": sfq perturb 10\n");
    182   fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$VoipClassId." fw flowid 1:".$VoipClassId."\n");
    183   fputs($FileClassInfo, '1:'.$VoipClassId." VoIP\n");
    184 
    185 
    186   // Users hosts
    187   //DB_Select('users', 'COUNT(*)', 'inet=1');
    188   //$Row = DB_Row();
    189   //$InetUserCount = $Row[0];
    190   //$SpeedIn = round($UsersMaxSpeedIn / $InetUserCount);
    191   //$SpeedOut = round($UsersMaxSpeedOut / $InetUserCount);
    192   $Prio = 1;
    193  
    194  
    195   $AllUsersClassId = $ClassId;
    196   $ClassId = $ClassId + 1;
    197   fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedIn."kbit prio 1 quantum 1500\n");
    198   fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:1 classid 1:".$AllUsersClassId." htb rate ".$UsersMaxSpeedOut."kbit prio 1 quantum 1500\n");
    199   fputs($FileClassInfo, '1:'.$AllUsersClassId." Všichni uivatelé\n");
    200 
    201   // Torrent sharing
    202   $TorrentClassId = $ClassId;
    203   $ClassId = $ClassId + 1;
    204   $Prio = 2; // Lowest
    205   $TorrentSpeedOut = 4;
    206 
    207   // Torrent out going traffic
    208   fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
    209   fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
    210   fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
    211   fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
    212   // Torrent in going traffic
    213   fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
    214   fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
    215   fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
    216   fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
    217 
    218   $DbResult = $Database->select('users', '*, CONCAT(second_name, " ", first_name) as fullname', '(inet=1)');
    219   while($User = $DbResult->fetch_array())
    220   {
    221     $UserClassId = $ClassId;
    222     $ClassId = $ClassId + 1;
    223     $SpeedIn = round($Tarify[$User['inet_tarif_now']]['min_speed'] / $InDivider);
    224     $SpeedOut = round($Tarify[$User['inet_tarif_now']]['min_speed'] / $OutDivider);
    225     $UserMaxSpeedIn = round($Tarify[$User['inet_tarif_now']]['max_speed'] / $InDivider);
    226     $UserMaxSpeedOut = round($Tarify[$User['inet_tarif_now']]['max_speed'] / $OutDivider);
    227     $Quantum = $Tarify[$User['inet_tarif_now']]['speed_factor'] * 1500;
    228 
    229     fputs($File, "# === ".$User['fullname']." ===\n");
    230     fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio 1 quantum ".$Quantum."\n");
    231     //fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
    232     //fputs($File, "/sbin/tc class add dev ".$InInterface." parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedIn."bit prio 1\n");
    233     fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$AllUsersClassId." classid 1:".$UserClassId." htb rate ".$SpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio 1 quantum ".$Quantum."\n");
    234     //fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$UserClassId." handle ".$UserClassId.":0 htb r2q 10\n");
    235     //fputs($File, "/sbin/tc class add dev ".$OutInterface." parent ".$UserClassId.":0 classid ".$UserClassId.":".$UserClassId." htb rate ".$UserMaxSpeedOut."bit prio 1\n");
    236     fputs($FileClassInfo, '1:'.$UserClassId.' '.$User['fullname']."\n");
    237 
    238     //echo('User class id: '.$UserClassId."\n");
    239  
    240     $DbResult2 = $Database->select('hosts', 'COUNT(*)', "block=0 AND MAC!='' AND user=".$User['id']);
    241     $Row = $DbResult2->fetch_array();
    242     $HostCount = $Row[0];
    243     $HostSpeedIn = round($SpeedIn / $HostCount);
    244     $HostSpeedOut = round($SpeedOut / $HostCount);
    245  
    246     $DbResult2 = $Database->select('hosts','*',"block=0 AND MAC!='' AND user=".$User['id']);
    247     while($Host = $DbResult2->fetch_array())
    248     //if($Row['name'] != 'WOW')
    249     {
    250       $HostClassId = $ClassId;
    251       $ClassId = $ClassId + 1;
    252       fputs($File, "# ".$Host['name']."\n");
    253       fputs($FileClassInfo, '1:'.$HostClassId.' '.$Host['name']."\n");
    254       //echo('  Host class id: '.$HostClassId."\n");
    255     //if($User['inet'] == 1)
    256       {
    257         $Prio = 1;
    258         if($Host['vpn'] == 1)
    259               {
    260                 if($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];
    261                 else $Host['IP'] = ToVpnIp($Host);
    262               }
    263        
    264               //if($Host['name'] == 'TERMINAL') $SpeedDivider = 0.5;
    265                 //else
    266         $SpeedDivider = 1;
    267 
    268               if($Host['name'] == 'centrala')
    269               {
    270                 $Host['IP'] = $Host['external_ip'];
    271                 $TableOut = 'OUTPUT';
    272                 $TableIn = 'INPUT';
    273                } else
    274          {
    275                  $TableOut = 'FORWARD';
    276                  $TableIn = 'FORWARD';
    277                }
    278               //if($Row['name'] == 'TERMINAL2') $Prio = 0;
    279         //      if($Row['name'] = 'TERMINAL2') $Prio = 0;
    280         if($Host['name'] == 'voip-hajda') $Protocol = ' -p tcp';
    281           else $Protocol = '';
    282         //      if($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;
    283        
    284 if($Host['name'] == 'GAME')
    285         {
    286           exec('/sbin/iptables -t mangle -F game-server');       
    287                 $TableOut = 'game-server';
    288                 $TableIn = 'game-server';
    289         }
    290         //if($Host['name'] == 'TBC') continue;
    291 
    292         // In going traffic
    293         //exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
    294               fputs($File, "/sbin/tc class add dev ".$InInterface." parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n");
    295               fputs($File, "/sbin/tc qdisc add dev ".$InInterface." parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
    296             //fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
    297             fputs($File, "/sbin/tc filter add dev ".$InInterface." parent 1:0 protocol ip prio 1 u32 match ip dst ".$Host['external_ip']."/32 flowid 1:".$HostClassId."\n");
    298        
    299         // Out going traffic
    300         //exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
    301         fputs($File, "/sbin/tc class add dev ".$OutInterface." parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");
    302               fputs($File, "/sbin/tc qdisc add dev ".$OutInterface." parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
    303               //fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
    304               fputs($File, "/sbin/tc filter add dev ".$OutInterface." parent 1:0 protocol ip prio 1 u32 match ip src ".$Host['external_ip']."/32 flowid 1:".$HostClassId."\n");
    305                //echo($Row['id'].',');
    306       }
    307       // Free inet
    308       if($Tarify[$User['inet_tarif_now']]['group_id'] == 3)
    309       {
    310         //exec('/sbin/iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
    311         //exec('/sbin/iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
    312       }
    313       // VoIP devices
    314       if(($Host['name'] == 'HAJDA-VOIP') || ($Host['name'] == 'NAVRATIL-VOIP'))
    315       {
    316         exec('/sbin/iptables -t mangle -A '.$TableIn." -i eth1 -d ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
    317         exec('/sbin/iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
    318       } else
    319       if($Host['name'] == 'GAME')
    320       {
    321         exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server");
    322         exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");
    323    
    324         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
    325         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
    326         //exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);
    327         // default torrents
    328         //exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);
    329 
    330         // Local services
    331               exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP
    332         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId);
    333         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent
    334         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId);
    335         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);   // web
    336         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);
    337         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId);    // FTP
    338         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId);
    339         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId);  // wow game server
    340         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId);
    341         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId);  // wow login server
    342         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId);
    343         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId);    // wow game server
    344         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId);
    345         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);   // https
    346               exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);
    347         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike
    348         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId);
    349         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId);  // VNC
    350         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId);
    351         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId);  // VNC
    352         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId);
    353        
    354         // Remote services
    355         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);   // https
    356         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);
    357         exec('/sbin/iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);   // http
    358         exec('/sbin/iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);
    359        
    360       }
    361 
    362     }
    363   }
    364   //echo($Row['id'].',');
    365 
    366   }
    367 
    368   // In going traffic
    369   // exec('/sbin/iptables -t mangle -A FORWARD -m mark --mark 1 -j LOG --log-prefix "TRAFFIC " --log-level info');
    370   //exec('/sbin/iptables -t mangle -A FORWARD -i eth1 -j IMQ --todev 0');
    371   //exec('/sbin/iptables -t mangle -A INPUT -i eth1 -j IMQ --todev 0');
    372   // Out going traffic
    373   //exec('/sbin/iptables -t mangle -A FORWARD -o eth1 -j IMQ --todev 1');
    374   //exec('/sbin/iptables -t mangle -A OUTPUT -o eth1 -j IMQ --todev 1');
    375 
    376   fputs($File, "\n# Interface redirection\n");
    377   fputs($File, "/sbin/tc qdisc del dev ".$InetInterface." ingress\n");
    378   fputs($File, "/sbin/tc qdisc add dev ".$InetInterface." ingress\n");
    379   fputs($File, "/sbin/tc filter add dev ".$InetInterface." parent ffff: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0\n");
    380 
    381   //fputs($File, "/sbin/tc qdisc del dev ".$InetInterface." root handle 1: htb default 10\n");
    382   //fputs($File, "/sbin/tc qdisc add dev ".$InetInterface." root handle 1: htb default 10\n");
    383   //fputs($File, "/sbin/tc filter add dev ".$InetInterface." parent 1: protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb1\n");
    384 
    385   //exec('/sbin/iptables-save >/etc/sysconfig//sbin/iptables');
    386   fclose($File);
    387   fclose($FileClassInfo);
    388 
    389 */
    390 
    391122?>
Note: See TracChangeset for help on using the changeset viewer.