J?ai un problème avec iproute.
Principe :
- je marque les paquets selon le port et l?interface avec iptables.
J?obtiens :
:PREROUTING ACCEPT [1618529:1275747491]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 22 -j MARK --set-mark 0xb -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j MARK --set-mark 0xc -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j MARK --set-mark 0xc -A PREROUTING -i eth0 -p tcp -m tcp --dport 20 -j MARK --set-mark 0xd -A PREROUTING -i eth0 -p tcp -m tcp --dport 21 -j MARK --set-mark 0xd -A PREROUTING -i eth0 -j MARK --set-mark 0xd -A PREROUTING -i eth1 -p tcp -m tcp --dport 22 -j MARK --set-mark 0x15 -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x16 -A PREROUTING -i eth1 -p tcp -m tcp --dport 443 -j MARK --set-mark 0x16 -A PREROUTING -i eth1 -p tcp -m tcp --dport 20 -j MARK --set-mark 0x17 -A PREROUTING -i eth1 -p tcp -m tcp --dport 21 -j MARK --set-mark 0x17 -A PREROUTING -i eth1 -j MARK --set-mark 0x17 -A PREROUTING -i lo -p udp -m udp --dport 53 -j MARK --set-mark 0x1f -A PREROUTING -i lo -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1f -A PREROUTING -i lo -p tcp -m tcp --dport 80 -j MARK --set-mark 0x20 -A PREROUTING -i lo -p tcp -m tcp --dport 25 -j MARK --set-mark 0x21 -A PREROUTING -i lo -p tcp -m tcp --dport 110 -j MARK --set-mark 0x21 -A PREROUTING -i lo -p tcp -m tcp --dport 4661:4666 -j MARK --set-mark 0x22 -A PREROUTING -i lo -j MARK --set-mark 0x22 :PREROUTING ACCEPT [16298:834255]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 -A PREROUTING -i eth3 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128 |
- je crée des classes qui va permettre de gérer tous les filters:
J?obtiens :
class htb 1:101 parent 1:10 leaf 101: prio 0 rate 16Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:202 parent 1:20 leaf 202: prio 5 rate 16Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:303 parent 1:30 leaf 303: prio 2 rate 16Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:1 root rate 128Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:10 parent 1:1 rate 64Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:203 parent 1:20 leaf 203: prio 6 rate 8Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:302 parent 1:30 leaf 302: prio 1 rate 32Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:103 parent 1:10 leaf 103: prio 2 rate 16Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:20 parent 1:1 rate 32Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:301 parent 1:30 leaf 301: prio 0 rate 8Kbit ceil 32Kbit burst 6Kb cburst 1638b class htb 1:102 parent 1:10 leaf 102: prio 1 rate 32Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:201 parent 1:20 leaf 201: prio 4 rate 8Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:30 parent 1:1 rate 64Kbit ceil 128Kbit burst 6Kb cburst 1753b class htb 1:304 parent 1:30 leaf 304: prio 3 rate 8Kbit ceil 64Kbit burst 6Kb cburst 1679b |
les filtres seront appliqués aux classes 1:X0Y (101, 203?)
- les filtres sont créés en utilisant le marquage iptables et redistribuent les paquets dans les classes 1 :X0Y
J?obtiens :
filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x22 classid 1:304 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x21 classid 1:303 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x20 classid 1:302 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x1f classid 1:301 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x17 classid 1:203 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x16 classid 1:202 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0x15 classid 1:201 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0xd classid 1:103 filter parent 1: protocol ip pref 49151 fw filter parent 1: protocol ip pref 49151 fw handle 0xc classid 1:102 filter parent 1: protocol ip pref 49152 fw filter parent 1: protocol ip pref 49152 fw handle 0xb classid 1:101 |
- sous ces classes sont associées des qdisc SFQ (et parent 1: )
j'obtiens:
qdisc sfq 304: quantum 1200b perturb 10sec qdisc sfq 303: quantum 1200b perturb 10sec qdisc sfq 302: quantum 1200b perturb 10sec qdisc sfq 301: quantum 1200b perturb 10sec qdisc sfq 203: quantum 1200b perturb 10sec qdisc sfq 202: quantum 1200b perturb 10sec qdisc sfq 201: quantum 1200b perturb 10sec qdisc sfq 103: quantum 1200b perturb 10sec qdisc sfq 102: quantum 1200b perturb 10sec qdisc sfq 101: quantum 1200b perturb 10sec qdisc htb 1: r2q 10 default 40 direct_packets_stat 2653 |
- Mais au final rien n?est dispatché quand je regarde le résultat:
qdisc sfq 304: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 303: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 302: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 301: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 203: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 202: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 201: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 103: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 102: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc sfq 101: quantum 1200b limit 128p flows 128/1024 perturb 10sec Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc htb 1: r2q 10 default 40 direct_packets_stat 2291 ver 3.6
Sent 168929 bytes 2291 pkts (dropped 0, overlimits 0) |
Alors qq?un a-t-il une idée?
Message édité par bobor le 25-02-2003 à 17:26:31
---------------
Gitan des temps modernes