- Timestamp:
- Jan 16, 2008, 8:43:31 PM (17 years ago)
- Location:
- system/generators
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
system/generators/dns.php
r1 r7 6 6 //$Serial = '2007070601'; // Should be changed on every change 7 7 $Serial = date('Ymds', time()); 8 $ExternalServerName = ' wg-vs-jhaj.inext.cz';8 $ExternalServerName = 'gw-hajda.inext.cz'; 9 9 $RetryTime = 7200; 10 10 $ExpireTime = 2419200; … … 28 28 "\t\t\tMX\t10 mail.zdechov.net.\n"); 29 29 30 DB_Select('hosts','*',' block < 2 ');30 DB_Select('hosts','*',' block < 2 AND IP <> ""'); 31 31 while($Row = DB_Row()) 32 32 { … … 145 145 146 146 // Generate reverse DNS records 147 $Networks = array('85.92.50', '81.2.194', '193.86.238', '212.111. 16');147 $Networks = array('85.92.50', '81.2.194', '193.86.238', '212.111.4'); 148 148 foreach($Networks as $Network) 149 149 { -
system/generators/iptables.php
r1 r7 98 98 DB_Select('hosts', '*', 'name="MAIL"'); 99 99 $Row = DB_Row(); 100 exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111. 16.94 -j DROP');100 exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP'); 101 101 exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']); 102 102 exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT'); 103 exec('iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111. 16.94 -o eth1 -j SNAT --to-source '.$Row['external_ip']);103 exec('iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']); 104 104 105 105 // Local network NAT -
system/generators/traffic_shaping.php
r1 r7 1 <? 1 <?php 2 2 3 $Enabled = 1; 3 4 $ClassesEnabled = 1; … … 5 6 include_once('../../html/is/db.php'); 6 7 DB_Init('localhost', 'root', '', 'is'); 8 DB_Query('SET NAMES latin2'); 7 9 8 10 include_once('../../html/finance/include.php'); … … 10 12 11 13 // Generate traffic shaping rules 12 //$TotalMaxSpeedIn = 2048; //$RealMaxSpeed; //1536;13 // $TotalMaxSpeedOut = 2048; //$RealMaxSpeed; //1536;14 //$TotalMaxSpeedIn = 4048; //$RealMaxSpeed; //1536; 15 //TotalMaxSpeedOut = 3048; //$RealMaxSpeed; //1536; 14 16 //$UsersMaxSpeedIn = 1900; //$MaxSpeed; 15 17 //$UsersMaxSpeedOut = 1900; //$MaxSpeed; 18 16 19 $InDivider = 1; 17 20 $OutDivider = 1; … … 41 44 } 42 45 46 $FreeInetClass = 2; 47 43 48 // In going traffic 44 49 fputs($File, "tc qdisc del dev imq0 root\n"); … … 46 51 { 47 52 fputs($File, "tc qdisc add dev imq0 root handle 1:0 htb default 2\n"); 53 fputs($FileClassInfo, "1:1 Základní tøída\n"); 48 54 fputs($File, "tc class add dev imq0 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedIn."kbit quantum 1500\n"); 49 fputs($File, "tc class add dev imq0 parent 1:1 classid 1:2 htb rate 32kbit prio 3 quantum 1500\n");50 fputs($File, "tc qdisc add dev imq0 parent 1:2 handle 2: sfq perturb 10\n");51 fputs($FileClassInfo, "1:1 Základní tøída\n");52 55 fputs($FileClassInfo, "1:2 Internet zdarma\n"); 56 fputs($File, "tc class add dev imq0 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n"); 57 fputs($File, "tc qdisc add dev imq0 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n"); 53 58 } 54 59 // Out going traffic … … 58 63 fputs($File, "tc qdisc add dev imq1 root handle 1:0 htb default 2\n"); 59 64 fputs($File, "tc class add dev imq1 parent 1:0 classid 1:1 htb rate ".$TotalMaxSpeedOut."kbit quantum 1500\n"); 60 fputs($File, "tc class add dev imq1 parent 1:1 classid 1: 2htb rate 32kbit prio 3 quantum 1500\n");61 fputs($File, "tc qdisc add dev imq1 parent 1: 2 handle 2: sfq perturb 10\n");65 fputs($File, "tc class add dev imq1 parent 1:1 classid 1:".$FreeInetClass." htb rate 32kbit prio 3 quantum 1500\n"); 66 fputs($File, "tc qdisc add dev imq1 parent 1:".$FreeInetClass." handle ".$FreeInetClass.": sfq perturb 10\n"); 62 67 } 63 68 … … 110 115 fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n"); 111 116 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n"); 112 113 DB_Select('users', '*', 'inet=1'); 117 // Torrent in going traffic 118 fputs($File, "tc class add dev imq0 parent 1:".$AllUsersClassId." classid 1:".$TorrentClassId." htb rate ".$TorrentSpeedOut."kbit ceil ".$UsersMaxSpeedOut."kbit prio ".$Prio." quantum 1500\n"); 119 fputs($File, "tc qdisc add dev imq0 parent 1:".$TorrentClassId." handle ".$TorrentClassId.":0 sfq perturb 10\n"); 120 fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$TorrentClassId." fw flowid 1:".$TorrentClassId."\n"); 121 fputs($FileClassInfo, '1:'.$TorrentClassId." Torrent\n"); 122 123 DB_Select('users', '*, CONCAT(second_name, " ", first_name) as fullname', '(inet=1)'); 114 124 while($User = DB_Row()) 115 125 { … … 153 163 $Prio = 1; 154 164 if($Host['vpn'] == 1) 155 {156 if($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip'];157 else $Host['IP'] = ToVpnIp($Host);158 }165 { 166 if($Host['external_ip'] != '') $Host['IP'] = $Host['external_ip']; 167 else $Host['IP'] = ToVpnIp($Host); 168 } 159 169 160 170 //if($Host['name'] == 'TERMINAL') $SpeedDivider = 0.5; 161 171 //else 162 $SpeedDivider = 1;172 $SpeedDivider = 1; 163 173 164 174 if($Host['name'] == 'CENTRALA') … … 175 185 // if($Row['name'] = 'TERMINAL2') $Prio = 0; 176 186 if($Host['name'] == 'VOIP-HAJDA') $Protocol = ' -p tcp'; 177 else $Protocol = '';178 // if($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000;179 if($Host['name'] == 'GAME -SERVER')180 {187 else $Protocol = ''; 188 // if($Host['name'] == 'KARLOS') $UserMaxSpeedIn = 128000; 189 if($Host['name'] == 'GAME') 190 { 181 191 exec('iptables -t mangle -F game-server'); 182 $TableOut = 'game-server';183 //$TableIn = 'game-server';184 }192 $TableOut = 'game-server'; 193 $TableIn = 'game-server'; 194 } 185 195 if($Host['name'] == 'TBC') continue; 186 196 187 188 197 // In going traffic 198 exec('iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId); 189 199 fputs($File, "tc class add dev imq0 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedIn."bit ceil ".$UserMaxSpeedIn."bit prio ".$Prio." quantum ".$Quantum."\n"); 190 200 fputs($File, "tc qdisc add dev imq0 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n"); 191 201 //fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n"); 192 202 fputs($File, "tc filter add dev imq0 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$HostClassId."\n"); 193 // Out going traffic 194 exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId); 195 fputs($File, "tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n"); 203 204 // Out going traffic 205 exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$HostClassId); 206 fputs($File, "tc class add dev imq1 parent 1:".$UserClassId." classid 1:".$HostClassId." htb rate ".$HostSpeedOut."bit ceil ".$UserMaxSpeedOut."bit prio ".$Prio." quantum ".$Quantum."\n"); 196 207 fputs($File, "tc qdisc add dev imq1 parent 1:".$HostClassId." handle ".$HostClassId.":0 sfq perturb 10\n"); 197 208 //fputs($File, "tc filter add dev imq1 parent 1:0 protocol ip handle ".$HostClassId." fw flowid 1:".$UserClassId."\n"); … … 199 210 //echo($Row['id'].','); 200 211 } 212 // Free inet 213 if($Tarify[$User['inet_tarif_now']]['group_id'] == 3) 214 { 215 //exec('iptables -t mangle -A '.$TableIn.' -i eth1 -d '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass); 216 //exec('iptables -t mangle -A '.$TableOut.' -o eth1 -s '.$Host['IP'].$Protocol." -j MARK --set-mark ".$FreeInetClass); 217 } 218 // VoIP devices 201 219 if(($Host['name'] == 'HAJDA-VOIP') || ($Host['name'] == 'NAVRATIL-VOIP')) 202 220 { … … 204 222 exec('iptables -t mangle -A '.$TableOut." -o eth1 -s ".$Host['IP']." -p udp -j MARK --set-mark ".$VoipClassId); 205 223 } else 206 if($Host['name'] == 'GAME -SERVER')224 if($Host['name'] == 'GAME') 207 225 { 208 226 exec('iptables -t mangle -A FORWARD -o eth1 -s '.$Host['IP']." -j game-server"); 209 //exec('iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server");210 // exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId); 211 // exec('iptables -t mangle -A game-server -i eth1 -d'.$Host['IP']." -j MARK --set-mark ".$TorrentClassId);212 exec('iptables -t mangle -A game-server - o eth1 -s '.$Host['IP']." -p tcp --sport 10886-j MARK --set-mark ".$TorrentClassId);213 // default torrents 214 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId);215 /* 216 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3389 -j MARK --set-mark ".$HostClassId); 217 // remote desktop218 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3389 -j MARK --set-mark ".$HostClassId); 219 exec('iptables -t mangle -A game-server - o eth1 -s '.$Host['IP']." -p tcp --sport 6969-j MARK --set-mark ".$HostClassId);220 // web torrent227 exec('iptables -t mangle -A FORWARD -i eth1 -d '.$Host['IP']." -j game-server"); 228 229 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId); 230 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -j MARK --set-mark ".$TorrentClassId); 231 //exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 10886 -j MARK --set-mark ".$TorrentClassId); 232 // default torrents 233 //exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 10886 -j MARK --set-mark ".$TorrentClassId); 234 235 // Local services 236 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); // ICMP 237 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p icmp -j MARK --set-mark ".$HostClassId); 238 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 6969 -j MARK --set-mark ".$HostClassId); // web torrent 221 239 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 6969 -j MARK --set-mark ".$HostClassId); 222 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); 223 // web 224 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); 225 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId); 226 // FTP 240 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); // web 241 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); 242 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 21 -j MARK --set-mark ".$HostClassId); // FTP 227 243 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 21 -j MARK --set-mark ".$HostClassId); 228 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId); 229 // wow game server 244 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8085 -j MARK --set-mark ".$HostClassId); // wow game server 230 245 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8085 -j MARK --set-mark ".$HostClassId); 231 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId); 232 // wow login server 246 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3724 -j MARK --set-mark ".$HostClassId); // wow login server 233 247 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3724 -j MARK --set-mark ".$HostClassId); 234 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 8086 -j MARK --set-mark ".$HostClassId); 235 // wow game server 236 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 8086 -j MARK --set-mark ".$HostClassId); 237 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3725 -j MARK --set-mark ".$HostClassId); 238 // wow login server 239 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3725 -j MARK --set-mark ".$HostClassId); 240 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 3306 -j MARK --set-mark ".$HostClassId); 241 // mysqlr 242 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 3306 -j MARK --set-mark ".$HostClassId); 243 */ 248 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 22 -j MARK --set-mark ".$HostClassId); // wow game server 249 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 22 -j MARK --set-mark ".$HostClassId); 250 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); // https 251 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); 252 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 27015 -j MARK --set-mark ".$HostClassId); // Counter Strike 253 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 27015 -j MARK --set-mark ".$HostClassId); 254 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5905 -j MARK --set-mark ".$HostClassId); // VNC 255 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5905 -j MARK --set-mark ".$HostClassId); 256 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --sport 5906 -j MARK --set-mark ".$HostClassId); // VNC 257 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --dport 5906 -j MARK --set-mark ".$HostClassId); 258 259 // Remote services 260 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 443 -j MARK --set-mark ".$HostClassId); // https 261 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 443 -j MARK --set-mark ".$HostClassId); 262 exec('iptables -t mangle -A game-server -o eth1 -s '.$Host['IP']." -p tcp --dport 80 -j MARK --set-mark ".$HostClassId); // http 263 exec('iptables -t mangle -A game-server -i eth1 -d '.$Host['IP']." -p tcp --sport 80 -j MARK --set-mark ".$HostClassId); 264 244 265 } 245 266
Note:
See TracChangeset
for help on using the changeset viewer.