海运的博客

Openwrt配置QOS流量带宽限制

发布时间:August 5, 2012 // 分类:OpenWrt // 1 Comment

针对特定服务做优先级设定,提高带宽使用质量,也可针对特定IP进行限速。

#加载模块:
insmod xt_IPID
insmod cls_u32                                                                                         
insmod cls_fw  
insmod sch_htb
insmod sch_sfq
insmod sch_prio
#启用IMQ虚拟网卡
ip link set imq0 up
ip link set imq1 up
#删除旧队列
tc qdisc del dev imq0 root
tc qdisc del dev imq1 root
#上传设置
#增加根队列,未标记数据默认走26
tc qdisc add dev imq0 root handle 1: htb default 26
#增加总流量规则
tc class add dev imq0 parent 1: classid 1:1 htb rate 350kbit
#增加子类
tc class add dev imq0 parent 1:1 classid 1:20 htb rate 80kbit ceil 250kbit prio 0
tc class add dev imq0 parent 1:1 classid 1:21 htb rate 80kbit ceil 250kbit prio 1
tc class add dev imq0 parent 1:1 classid 1:22 htb rate 80kbit ceil 250kbit prio 2
tc class add dev imq0 parent 1:1 classid 1:23 htb rate 80kbit ceil 250kbit prio 3
tc class add dev imq0 parent 1:1 classid 1:24 htb rate 80kbit ceil 250kbit prio 4
tc class add dev imq0 parent 1:1 classid 1:25 htb rate 50kbit ceil 250kbit prio 5
tc class add dev imq0 parent 1:1 classid 1:26 htb rate 50kbit ceil 150kbit prio 6
tc class add dev imq0 parent 1:1 classid 1:27 htb rate 50kbit ceil 100kbit prio 7
#为子类添加SFQ公平队列,每10秒重置
tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev imq0 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev imq0 parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev imq0 parent 1:23 handle 23: sfq perturb 10
tc qdisc add dev imq0 parent 1:24 handle 24: sfq perturb 10
tc qdisc add dev imq0 parent 1:25 handle 25: sfq perturb 10
tc qdisc add dev imq0 parent 1:26 handle 26: sfq perturb 10
tc qdisc add dev imq0 parent 1:27 handle 27: sfq perturb 10
#添加过滤规则配合Iptables Mark标记
#tc filter add dev imq0 parent 1:0 protocol ip u32 match ip sport 22 0xffff flowid 1:10
#使用U32标记数据,下面使用Iptables mark,容易。
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26
tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 27 fw flowid 1:27
#上传数据转入特定链
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -A POSTROUTING -o pppoe-wan -j MYSHAPER-OUT
iptables -t mangle -A MYSHAPER-OUT -j IMQ --todev 0
#为特定数据打上标记配合之前过滤规则
#iptables -t mangle -I MYSHAPER-OUT -s 192.168.1.16 -j MARK --set-mark 27 #限制特定IP上传速度
#iptables -t mangle -I MYSHAPER-OUT -s 192.168.1.16 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 20 #提高HTTP连接速度
iptables -t mangle -A MYSHAPER-OUT -p tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 20 #DNS查询
iptables -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 21 #ICMP数据
iptables -t mangle -A MYSHAPER-OUT -p icmp -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set-mark 21 #小数据包
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j MARK --set-mark 22 #SSH连接
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 22 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p udp --dport 1194 -j MARK --set-mark 22 #VPN连接
iptables -t mangle -A MYSHAPER-OUT -p udp --dport 1194 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 80 -j MARK --set-mark 23 #HTTP连接
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 80 -j RETURN
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 443 -j MARK --set-mark 24 #HTTPS连接
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 443 -j RETURN
#上传设置完成

#下载设置
#增加根队列,未标记数据默认走24
tc qdisc add dev imq1 handle 1: root htb default 24
tc class add dev imq1 parent 1: classid 1:1 htb rate 3500kbit
#添加子类
tc class add dev imq1 parent 1:1 classid 1:20 htb rate 1000kbit ceil 1500kbit prio 0
tc class add dev imq1 parent 1:1 classid 1:21 htb rate 1500kbit ceil 2500kbit prio 1
tc class add dev imq1 parent 1:1 classid 1:22 htb rate 2000kbit ceil 3500kbit prio 2
tc class add dev imq1 parent 1:1 classid 1:23 htb rate 1000kbit ceil 1500kbit prio 3
tc class add dev imq1 parent 1:1 classid 1:24 htb rate 1000kbit ceil 1500kbit prio 4
#为子类添加SFQ公平队列
tc qdisc add dev imq1 parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev imq1 parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev imq1 parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev imq1 parent 1:23 handle 23: sfq perturb 10
tc qdisc add dev imq1 parent 1:24 handle 24: sfq perturb 10
#过滤规则
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23
tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24
#下载数据转入特定链
iptables -t mangle -N MYSHAPER-IN
iptables -t mangle -A PREROUTING -i pppoe-wan -j MYSHAPER-IN
iptables -t mangle -A MYSHAPER-IN -j IMQ --todev 1
#分类标记数据
#iptables -t mangle -A MYSHAPER-IN -d 192.168.1.16 -j MARK --set-mark 23 #限制特定IP下载速度
#iptables -t mangle -A MYSHAPER-IN -d 192.168.1.16 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp -m length --length :64 -j MARK --set-mark 20 #小数据优先
iptables -t mangle -A MYSHAPER-IN -p tcp -m length --length :64 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p icmp -j MARK --set-mark 20 #ICMP数据
iptables -t mangle -A MYSHAPER-IN -p icmp -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 22 -j MARK --set-mark 21 #SSH连接
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 22 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p udp --sport 1194 -j MARK --set-mark 21 #VPN连接
iptables -t mangle -A MYSHAPER-IN -p udp --sport 1194 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 443 -j MARK --set-mark 22 #HTTPS连接
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 443 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 80 -j MARK --set-mark 22 #HTTP连接
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 80 -j RETURN
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 0:1024 -j MARK --set-mark 23 #系统服务端口连接
iptables -t mangle -A MYSHAPER-IN -p tcp --sport 0:1024 -j RETURN
#下载设置完成

Centos第三方软件源RepoForge

发布时间:August 4, 2012 // 分类:CentOS // No Comments

RepoForge源可以做为Centos官方EPEL源的补充,这样Centos下常用软件基本都可使用yum安装了。
Centos5:

rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el5.rf.i386.rpm
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm

Centos6:

rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

国内使用sohu提供的镜像:

cat > /etc/yum.repos.d/mirrors-rpmforge <<EOF
http://mirrors.sohu.com/dag/redhat/el6/en/$ARCH/rpmforge
EOF
cat > /etc/yum.repos.d/mirrors-rpmforge-extras <<EOF
http://mirrors.sohu.com/dag/redhat/el6/en/$ARCH/extras
EOF
cat > /etc/yum.repos.d/mirrors-rpmforge-testing <<EOF
http://mirrors.sohu.com/dag/redhat/el6/en/$ARCH/testing
EOF

Linux下命令参数自动补全bash-completion

发布时间:August 4, 2012 // 分类:常用软件 // No Comments

使用过ROS感觉其命令参数补全很强大,对于大多数命令不用特意记参数了,Linux也可通过安装bash-completion实现此功能。
bash-completion安装:

wget http://pkgs.repoforge.org/bash-completion/bash-completion-20060301-1.el6.rf.noarch.rpm
rpm -ivh bash-completion-20060301-1.el6.rf.noarch.rpm
echo '. /etc/bash_completion' >> /etc/bashrc 
source /etc/bashrc

使用测试:
linux命令参数自动补全.png

此内容被密码保护

发布时间:August 4, 2012 // 分类:OpenWrt // 3 Comments

请输入密码访问

Squid安全设置隐藏版本及Header信息

发布时间:August 4, 2012 // 分类:Squid // No Comments

配置文件ACL后添加:

header_access X-Cache deny all
header_access X-Squid-Error deny all
header_access Via deny all
header_access Server deny all
header_access X-Cache deny all
header_access X-Cache-Lookup deny all

其它Header也可隐藏:

Accept         HTTP_ACCEPT
Accept-Charset         HTTP_ACCEPT-CHARSET
Accept-Encoding         HTTP_ACCEPT-ENCODING
Accept-Language         HTTP_ACCEPT-LANGUAGE
Accept-Ranges         HTTP_ACCEPT-RANGES
Age         HTTP_AGE
Allow         HTTP_ALLOW
Authorization         HTTP_AUTHORIZATION
Cache-Control         HTTP_CACHE-CONTROL
Connection         HTTP_CONNECTION
Content-Base         HTTP_CONTENT-BASE
Content-Disposition         HTTP_CONTENT-DISPOSITION
Content-Encoding         HTTP_CONTENT-ENCODING
Content-Language         HTTP_CONTENT-LANGUAGE
Content-Length         HTTP_CONTENT-LENGTH
Content-Location         HTTP_CONTENT-LOCATION
Content-MD5         HTTP_CONTENT-MD5
Content-Range         HTTP_CONTENT-RANGE
Content-Type         HTTP_CONTENT-TYPE
Cookie         HTTP_COOKIE
Date         HTTP_DATE
ETag         HTTP_ETAG
Expires         HTTP_EXPIRES
From         HTTP_FROM
Host         HTTP_HOST
If-Match         HTTP_IF-MATCH
If-Modified-Since         HTTP_IF-MODIFIED-SINCE
If-None-Match         HTTP_IF-NONE-MATCH
If-Range         HTTP_IF-RANGE
Last-Modified         HTTP_LAST-MODIFIED
Link         HTTP_LINK
Location         HTTP_LOCATION
Max-Forwards         HTTP_MAX-FORWARDS
Mime-Version         HTTP_MIME-VERSION
Pragma         HTTP_PRAGMA
Proxy-Authenticate         HTTP_PROXY-AUTHENTICATE
Proxy-Authentication-Info         HTTP_PROXY-AUTHENTICATION-INFO
Proxy-Authorization         HTTP_PROXY-AUTHORIZATION
Proxy-Connection         HTTP_PROXY-CONNECTION
Public         HTTP_PUBLIC
Range         HTTP_RANGE
Referer         HTTP_REFERER
Request-Range         HTTP_REQUEST-RANGE
Retry-After         HTTP_RETRY-AFTER
Server         HTTP_SERVER
Set-Cookie         HTTP_SET-COOKIE
Title         HTTP_TITLE
Transfer-Encoding         HTTP_TRANSFER-ENCODING
Upgrade         HTTP_UPGRADE
User-Agent         HTTP_USER-AGENT
Vary         HTTP_VARY
Via         HTTP_VIA
Warning         HTTP_WARNING
WWW-Authenticate         HTTP_WWW-AUTHENTICATE
Authentication-Info         HTTP_AUTHENTICATION-INFO
X-Cache         HTTP_X-CACHE
X-Cache-Lookup         HTTP_X-CACHE-LOOKUP
X-Forwarded-For         HTTP_X-FORWARDED-FOR
X-Request-URI         HTTP_X-REQUEST-URI
X-Squid-Error         HTTP_X-SQUID-ERROR
Negotiate         HTTP_NEGOTIATE
X-Accelerator-Vary         HTTP_X-ACCELERATOR-VARY
Other:         HTTP_OTHER:

Squid3.0版本使用参数:

reply_header_access Server deny all
reply_header_access X-Cache deny all
reply_header_access Warning deny all
reply_header_access Expires deny all
reply_header_access Cache-Control deny all
reply_header_access age deny all

参考:http://bbs.linuxtone.org/thread-131-1-1.html

  1. 1
  2. ...
  3. 142
  4. 143
  5. 144
  6. 145
  7. 146
  8. 147
  9. 148
  10. ...
  11. 193
分类
最新文章
最近回复
  • 海运: 恩山有很多。
  • swsend: 大佬可以分享一下固件吗,谢谢。
  • Jimmy: 方法一 nghtp3步骤需要改成如下才能编译成功: git clone https://git...
  • 海运: 地址格式和udpxy一样,udpxy和msd_lite能用这个就能用。
  • 1: 怎么用 编译后的程序在家里路由器内任意一台设备上运行就可以吗?比如笔记本电脑 m参数是笔记本的...
  • 孤狼: ups_status_set: seems that UPS [BK650M2-CH] is ...
  • 孤狼: 擦。。。。apcupsd会失联 nut在冲到到100的时候会ONBATT进入关机状态,我想想办...
  • 海运: 网络,找到相应的url编辑重发请求,firefox有此功能,其它未知。
  • knetxp: 用浏览器F12网络拦截或监听后编辑重发请求,修改url中的set为set_super,将POS...
  • Albert: 啊啊啊啊啊啊啊啊啊 我太激动了,终于好了英文区搜索了半天,翻遍了 pve 论坛没找到好方法,博...
归档