Changeset 7 for system


Ignore:
Timestamp:
Jan 16, 2008, 8:43:31 PM (17 years ago)
Author:
george
Message:

Upraveno: Systémové generovací skripty s ohledem na nové tarify a rychlosti.
Upraveno: Změna IP adresy routeru.

Location:
system/generators
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • system/generators/dns.php

    r1 r7  
    66//$Serial = '2007070601';  // Should be changed on every change
    77$Serial = date('Ymds', time());
    8 $ExternalServerName = 'wg-vs-jhaj.inext.cz';
     8$ExternalServerName = 'gw-hajda.inext.cz';
    99$RetryTime = 7200;
    1010$ExpireTime = 2419200;
     
    2828"\t\t\tMX\t10 mail.zdechov.net.\n");
    2929
    30 DB_Select('hosts','*',' block < 2');
     30DB_Select('hosts','*',' block < 2 AND IP <> ""');
    3131while($Row = DB_Row())
    3232{
     
    145145
    146146// Generate reverse DNS records
    147 $Networks = array('85.92.50', '81.2.194', '193.86.238', '212.111.16');
     147$Networks = array('85.92.50', '81.2.194', '193.86.238', '212.111.4');
    148148foreach($Networks as $Network)
    149149{
  • system/generators/iptables.php

    r1 r7  
    9898DB_Select('hosts', '*', 'name="MAIL"');
    9999$Row = DB_Row();
    100 exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.16.94 -j DROP'); 
     100exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP'); 
    101101exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']); 
    102102exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT'); 
    103 exec('iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.16.94 -o eth1 -j SNAT --to-source '.$Row['external_ip']); 
     103exec('iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']); 
    104104
    105105// Local network NAT
  • system/generators/traffic_shaping.php

    r1 r7  
    1 <?
     1<?php
     2 
    23$Enabled = 1;
    34$ClassesEnabled = 1;
     
    56include_once('../../html/is/db.php');
    67DB_Init('localhost', 'root', '', 'is');
     8DB_Query('SET NAMES latin2');
    79
    810include_once('../../html/finance/include.php');
     
    1012
    1113// Generate traffic shaping rules
    12 //$TotalMaxSpeedIn = 2048; //$RealMaxSpeed; //1536;
    13 //$TotalMaxSpeedOut = 2048; //$RealMaxSpeed; //1536;
     14//$TotalMaxSpeedIn = 4048; //$RealMaxSpeed; //1536;
     15//TotalMaxSpeedOut = 3048; //$RealMaxSpeed; //1536;
    1416//$UsersMaxSpeedIn = 1900; //$MaxSpeed;
    1517//$UsersMaxSpeedOut = 1900; //$MaxSpeed;
     18
    1619$InDivider = 1;
    1720$OutDivider = 1;
     
    4144  }
    4245
     46  $FreeInetClass = 2;
     47 
    4348  // In going traffic
    4449  fputs($File, "tc qdisc del dev imq0 root\n");
     
    4651  {
    4752    fputs($File, "tc qdisc add dev imq0 root handle 1:0 htb default 2\n");
     53    fputs($FileClassInfo, "1:1 Základní tøída\n");
    4854    fputs($File, "tc class add dev imq0 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n");
    49     fputs($File, "tc class add dev imq0 parent 1:1 classid 1:2 htb rate 32kbit prio 3 quantum 1500\n");
    50     fputs($File, "tc qdisc add dev imq0 parent 1:2 handle 2: sfq perturb 10\n");
    51     fputs($FileClassInfo, "1:1 Základní tøída\n");
    5255    fputs($FileClassInfo, "1:2 Internet zdarma\n");
     56    fputs($File, "tc class add dev imq0 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n");
     57    fputs($File, "tc qdisc add dev imq0 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
    5358  }
    5459  // Out going traffic
     
    5863    fputs($File, "tc qdisc add dev imq1 root handle 1:0 htb default 2\n");
    5964    fputs($File, "tc class add dev imq1 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n");
    60     fputs($File, "tc class add dev imq1 parent 1:1 classid 1:2 htb rate 32kbit prio 3 quantum 1500\n");
    61     fputs($File, "tc qdisc add dev imq1 parent 1:2 handle 2: sfq perturb 10\n");
     65    fputs($File, "tc class add dev imq1 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n");
     66    fputs($File, "tc qdisc add dev imq1 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n");
    6267  }
    6368 
     
    110115  fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
    111116  fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
    112 
    113   DB_Select('users', '*', 'inet=1');
     117  // Torrent in going traffic
     118  fputs($File, "tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n");
     119  fputs($File, "tc qdisc add dev imq0 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n");
     120  fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n");
     121  fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n");
     122
     123  DB_Select('users', '*, CONCAT(second_name, " ", first_name) as fullname', '(inet=1)');
    114124  while($User = DB_Row())
    115125  {
     
    153163        $Prio = 1;
    154164        if($Host['vpn'] == 1)
    155         {
    156           if ($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];
    157           else $Host['IP'] = ToVpnIp($Host);
    158         }
     165              {
     166                if($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];
     167                else $Host['IP'] = ToVpnIp($Host);
     168              }
    159169       
    160170              //if($Host['name'] == 'TERMINAL') $SpeedDivider = 0.5;
    161171                //else
    162        $SpeedDivider = 1;
     172        $SpeedDivider = 1;
    163173
    164174              if($Host['name'] == 'CENTRALA')
     
    175185        //      if($Row['name'] = 'TERMINAL2') $Prio = 0;
    176186        if($Host['name'] == 'VOIP-HAJDA') $Protocol = ' -p tcp';
    177           else $Protocol = '';
    178 //      if($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;
    179         if($Host['name'] == 'GAME-SERVER')
    180         {
     187          else $Protocol = '';
     188        //      if($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;
     189        if($Host['name'] == 'GAME')
     190        {
    181191          exec('iptables -t mangle -F game-server');     
    182           $TableOut = 'game-server';
    183           //$TableIn = 'game-server';
    184         }
     192                $TableOut = 'game-server';
     193                $TableIn = 'game-server';
     194        }
    185195        if($Host['name'] == 'TBC') continue;
    186196
    187           // In going traffic
    188           exec('iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
     197        // In going traffic
     198        exec('iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
    189199              fputs($File, "tc class add dev imq0 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n");
    190200              fputs($File, "tc qdisc add dev imq0 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
    191201            //fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
    192202            fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n");
    193           // Out going traffic
    194           exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
    195           fputs($File, "tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");
     203       
     204        // Out going traffic
     205        exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId);
     206        fputs($File, "tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n");
    196207              fputs($File, "tc qdisc add dev imq1 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n");
    197208              //fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n");
     
    199210               //echo($Row['id'].',');
    200211      }
     212      // Free inet
     213      if($Tarify[$User['inet_tarif_now']]['group_id'] == 3)
     214      {
     215        //exec('iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
     216        //exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass);
     217      }
     218      // VoIP devices
    201219      if(($Host['name'] == 'HAJDA-VOIP') || ($Host['name'] == 'NAVRATIL-VOIP'))
    202220      {
     
    204222        exec('iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId);
    205223      } else
    206       if($Host['name'] == 'GAME-SERVER')
     224      if($Host['name'] == 'GAME')
    207225      {
    208226        exec('iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server");
    209         //exec('iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");
    210 //        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
    211 //        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
    212         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);
    213 // default torrents
    214         exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);
    215 /*
    216         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3389 -j MARK --set-mark ".$HostClassId);
    217  // remote desktop
    218         exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3389 -j MARK --set-mark ".$HostClassId);
    219         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId);
    220 // web torrent
     227        exec('iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");
     228   
     229        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
     230        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);
     231        //exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId);
     232        // default torrents
     233        //exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);
     234
     235        // Local services
     236              exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP
     237        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId);
     238        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent
    221239        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId);
    222         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);
    223 // web
    224         exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);
    225         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId);
    226  // FTP
     240        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);   // web
     241        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);
     242        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId);    // FTP
    227243        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId);
    228         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId);
    229 // wow game server
     244        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId);  // wow game server
    230245        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId);
    231         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId);
    232 // wow login server
     246        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId);  // wow login server
    233247        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId);
    234         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8086 -j MARK --set-mark ".$HostClassId);
    235 // wow game server
    236         exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8086 -j MARK --set-mark ".$HostClassId);
    237         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3725 -j MARK --set-mark ".$HostClassId);
    238 // wow login server
    239         exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3725 -j MARK --set-mark ".$HostClassId);
    240         exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3306 -j MARK --set-mark ".$HostClassId);
    241 // mysqlr
    242         exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3306 -j MARK --set-mark ".$HostClassId);
    243 */
     248        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId);    // wow game server
     249        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId);
     250        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);   // https
     251              exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);
     252        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike
     253        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId);
     254        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId);  // VNC
     255        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId);
     256        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId);  // VNC
     257        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId);
     258       
     259        // Remote services
     260        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId);   // https
     261        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId);
     262        exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId);   // http
     263        exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId);
     264       
    244265      }
    245266     
Note: See TracChangeset for help on using the changeset viewer.