QoS:ajustements mineurs
[ongolaboy.git] / scripts / qos / regles.bacgl
CommitLineData
262ba1c5
O
1#!/bin/sh
2
20fe87b6
O
3IF_INTERNET=eth0.2
4NET_BACGL=195.24.196.112/28
475be578 5NET_BACGL2=195.24.195.224/29
20fe87b6
O
6NET_DMZ_Priv=192.168.10.0/24
7NET_DMZ_Partenaire_Priv=192.168.11.0/24
8IP_VISIO_Dir=195.24.196.124
9IP_VISIO_Reu=195.24.196.125
10IP_VISIO_Form=195.24.196.126
11IP_Pub_SOGo=195.24.196.116
12IP_Pub_VOIP=195.24.196.117
13
262ba1c5
O
14
15modprobe ifb numifbs=1
16
17db1934 17ip link set up ifb0
262ba1c5 18
475be578
O
19#pour tout supprimer
20# tc qdisc dev $IF_INTERNET ingress
21# tc qdisc del dev ifb0 root handle 1:
22
262ba1c5
O
23tc qdisc add dev $IF_INTERNET ingress
24
17db1934
O
25#la version IPv6 ??
26#tc filter add dev $IF_INTERNET parent ffff: protocol ip prio 1 u32 \
27# match ip6 dst $NET6_BACGL \
28# flowid 1:1 action mirred egress redirect dev ifb0
29
262ba1c5
O
30tc filter add dev $IF_INTERNET parent ffff: protocol ip prio 1 u32 \
31 match ip dst $NET_BACGL \
32 flowid 1:1 action mirred egress redirect dev ifb0
33
475be578
O
34tc filter add dev $IF_INTERNET parent ffff: protocol ip prio 1 u32 \
35 match ip dst $NET_BACGL2 \
36 flowid 1:1 action mirred egress redirect dev ifb0
37
262ba1c5
O
38echo "Création de classes"
39echo "Création de la racine"
40
20fe87b6 41tc qdisc add dev ifb0 root handle 1: htb default 190
262ba1c5
O
42
43# premiere classe fille qui agrège tout le traffic
20fe87b6 44tc class add dev ifb0 parent 1: classid 1:1 htb rate 9882kbit ceil 10000kbit
262ba1c5
O
45
46# creation des classes enfants
47# classe VOIP
17db1934
O
48tc class add dev ifb0 parent 1:1 classid 1:11 htb rate 128kbit \
49 ceil 256kbit prio 1
262ba1c5
O
50
51#groupe des visios
20fe87b6
O
52tc class add dev ifb0 parent 1:1 classid 1:12 htb rate 3000kbit \
53 ceil 3500kbit prio 3
54
55# groupe DMZ Pub
56tc class add dev ifb0 parent 1:1 classid 1:13 htb rate 150kbit \
57 ceil 1000kbit prio 2
58
59# groupe DMZ Priv
60tc class add dev ifb0 parent 1:1 classid 1:14 htb rate 1000kbit \
61 ceil 2000kbit prio 2
262ba1c5 62
20fe87b6
O
63# groupe DMZ Partenaire Priv
64tc class add dev ifb0 parent 1:1 classid 1:15 htb rate 100kbit \
65 ceil 512kbit prio 4
66
67# groupe DMZ Partenaire Pub
68tc class add dev ifb0 parent 1:1 classid 1:16 htb rate 100kbit \
69 ceil 512kbit prio 4
70
71# sonde RIPE
475be578 72tc class add dev ifb0 parent 1:1 classid 1:17 htb rate 100kbit \
20fe87b6 73 ceil 512kbit prio 1
262ba1c5
O
74
75# groupe PC
20fe87b6
O
76tc class add dev ifb0 parent 1:1 classid 1:20 htb rate 5304kbit \
77 ceil 9000kbit prio 4
262ba1c5 78
1a0f39c3 79#A l'interieur des PC on a les sous-classes suivantes
262ba1c5 80# groupe prof
20fe87b6 81tc class add dev ifb0 parent 1:20 classid 1:132 htb rate 768kbit \
475be578 82 ceil 1500kbit prio 8
262ba1c5
O
83
84# groupe foad
20fe87b6 85tc class add dev ifb0 parent 1:20 classid 1:133 htb rate 768kbit \
475be578 86 ceil 1500kbit prio 7
262ba1c5
O
87
88# groupe cai
20fe87b6 89tc class add dev ifb0 parent 1:20 classid 1:131 htb rate 1000kbit \
475be578 90 ceil 4000kbit prio 7
262ba1c5
O
91
92# groupe formation
20fe87b6 93tc class add dev ifb0 parent 1:20 classid 1:130 htb rate 1000kbit \
475be578 94 ceil 5000kbit prio 6
262ba1c5
O
95
96# groupe nomade
20fe87b6 97tc class add dev ifb0 parent 1:20 classid 1:125 htb rate 768kbit \
475be578 98 ceil 3500kbit prio 8
262ba1c5
O
99
100# groupe personnel
20fe87b6 101tc class add dev ifb0 parent 1:20 classid 1:120 htb rate 100kbit \
475be578 102 ceil 256kbit prio 5
262ba1c5
O
103
104# groupe le reste
20fe87b6 105tc class add dev ifb0 parent 1:14 classid 1:190 htb rate 10kbit \
475be578 106 ceil 64kbit prio 9
262ba1c5
O
107
108
109# ordonnanceurs par classe
475be578
O
110for id in 120 {130..133} 190
111do
112 tc qdisc add dev ifb0 parent 1:$id handle $id: sfq perturb 10
17db1934
O
113done
114#tc qdisc add dev ifb0 parent 1:11 handle 11: sfq perturb 10
115#tc qdisc add dev ifb0 parent 1:12 handle 12: sfq perturb 10
262ba1c5
O
116
117# mise en place des filtres
118# VOIP
119tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
120 match ip protocol 17 0xff \
121 match ip sport 4569 0xffff flowid 1:11
1f3914b6
O
122
123tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
124 match ip protocol 17 0xff \
125 match ip dport 4569 0xffff flowid 1:11
126
262ba1c5 127# Visio
17db1934 128#mettre le masque IPvisio/28
20fe87b6
O
129tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
130 match ip src $IP_VISIO_Dir/28 flowid 1:12
131tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
132 match ip src $IP_VISIO_Reu/28 flowid 1:12
133tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
134 match ip src $IP_VISIO_Form/28 flowid 1:12
262ba1c5 135
d5dcdd3e 136# specifique à la DMZ
20fe87b6
O
137# DMZ Pub
138tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
139 match ip src $IP_Pub_SOGo/28 flowid 1:13
140
141tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
142 match ip src $IP_Pub_VOIP/28 flowid 1:13
143
144# DMZ Priv
475be578 145tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
20fe87b6
O
146 match ip src $NET_DMZ_Priv flowid 1:14
147
148#DMZ partenaire priv
475be578 149tc filter add dev ifb0 protocol ip parent 1:0 prio 1 u32 \
20fe87b6
O
150 match ip src $NET_DMZ_Partenaire_Priv flowid 1:15
151
152#DMZ partenaire pub .. Est-ce que ça vaut vraiment la peine ?
153
154#sonde RIPE
475be578 155tc filter add ifb0 parent 1:0 protocol ip prio 1 handle 35 fw classid 1:16
20fe87b6
O
156
157# salle prof
99db79c2 158tc filter add dev ifb0 protocol ip parent 1: prio 1 handle 32 fw classid 1:132
20fe87b6
O
159
160# salle foad
99db79c2 161tc filter add dev ifb0 protocol ip parent 1: prio 1 handle 33 fw classid 1:133
20fe87b6
O
162
163# salle cai
99db79c2 164tc filter add dev ifb0 protocol ip parent 1: prio 1 handle 31 fw classid 1:131
20fe87b6
O
165
166# salle formation
99db79c2 167tc filter add dev ifb0 protocol ip parent 1: prio 1 handle 20 fw classid 1:120
262ba1c5 168
20fe87b6 169# réseau nomade
99db79c2 170tc filter add dev ifb0 protocol ip parent 1: prio 1 handle 25 fw classid 1:125
262ba1c5 171
20fe87b6 172# réseau personnel AUF
99db79c2 173tc filter add dev ifb0 protocol ip parent 1: prio 1 handle 20 fw classid 1:120
17db1934 174
20fe87b6 175# le reste ... bah par défaut tout ira dans la classe 1:190
17db1934 176
ea11827d
O
177#les règles iptables à mettre en place sur fw
178# un exemple avec la sonde
179# iptables -t mangle -A PREROUTING -s 192.168.35.0/24 -j MARK --set-mark 0x35
180#iptables -t mangle -A PREROUTING -s 192.168.35.0/24 -j RETURN
181#
262ba1c5 182# et ainsi de suite