yngwcc 发表于 2006-11-16 19:19:39

大家进来,帮忙看看分析一下

我前段时间看到下面的两个数据包优化,我看了半天好象只对上行数据做了优化,没有对下行做优化,大家发表一下意见。

# may/10/2006 02:15:54 by RouterOS 2.9.6
# software id = RG4M-5MN
#
/ ip firewall mangle
add chain=forward protocol=tcp tcp-flags=syn action=change-mss \
    new-mss=clamp-to-pmtu comment="改变MSS值" disabled=no
add chain=prerouting src-address=192.168.0.0/24 tos=min-delay \
    action=mark-packet new-packet-mark=LEVEL-1 passthrough=yes \
    comment="标记数据包,确定转发优先级" disabled=no
add chain=prerouting src-address=192.168.0.0/24 tos=min-delay action=return \
    comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 tos=min-cost \
    action=mark-packet new-packet-mark=LEVEL-4 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 tos=min-cost action=return \
    comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 tos=max-throughput \
    action=mark-packet new-packet-mark=LEVEL-5 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 tos=max-throughput \
    action=return comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=icmp \
    action=mark-packet new-packet-mark=LEVEL-1 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=icmp action=return \
    comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp packet-size=0-64 \
    action=mark-packet new-packet-mark=LEVEL-1 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp packet-size=0-64 \
    action=return comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=25 \
    action=mark-packet new-packet-mark=LEVEL-4 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=25 \
    action=return comment="" disabled=no
add chain=prerouting protocol=tcp src-port=25 action=mark-packet \
    new-packet-mark=LEVEL-8 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=25 action=return comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=udp dst-port=53 \
    action=mark-packet new-packet-mark=LEVEL-1 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=udp dst-port=53 \
    action=return comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=80 \
    action=mark-packet new-packet-mark=LEVEL-3 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=80 \
    action=return comment="" disabled=no
add chain=prerouting protocol=tcp src-port=80 action=mark-packet \
    new-packet-mark=LEVEL-8 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=80 action=return comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=110 \
    action=mark-packet new-packet-mark=LEVEL-3 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=110 \
    action=return comment="" disabled=no
add chain=prerouting protocol=tcp src-port=110 action=mark-packet \
    new-packet-mark=LEVEL-8 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=110 action=return comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=443 \
    action=mark-packet new-packet-mark=LEVEL-3 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=443 \
    action=return comment="" disabled=no
add chain=prerouting protocol=tcp src-port=443 action=mark-packet \
    new-packet-mark=LEVEL-8 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=443 action=return comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=1443 \
    action=mark-packet new-packet-mark=LEVEL-2 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=1443 \
    action=return comment="" disabled=no
add chain=prerouting protocol=tcp src-port=1443 action=mark-packet \
    new-packet-mark=LEVEL-8 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp src-port=1443 action=return comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=1720 \
    action=mark-packet new-packet-mark=LEVEL-1 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=1720 \
    action=return comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=udp dst-port=1720 \
    action=mark-packet new-packet-mark=LEVEL-1 passthrough=yes comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=udp dst-port=1720 \
    action=return comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp \
    connection-type=ftp packet-size=0-500 action=mark-packet \
    new-packet-mark=LEVEL-2 passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp \
    connection-type=ftp packet-size=0-500 action=return comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp \
    connection-type=ftp packet-size=500-1500 action=mark-packet \
    new-packet-mark=LEVEL-5 passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp \
    connection-type=ftp packet-size=500-1500 action=return comment="" \
    disabled=no
add chain=prerouting protocol=tcp connection-type=ftp action=mark-packet \
    new-packet-mark=LEVEL-8 passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp connection-type=ftp action=return comment="" \
    disabled=no
add chain=prerouting src-address=192.168.0.0/24 action=mark-packet \
    new-packet-mark=LEVEL-6 passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.0/24 action=return comment="" \
    disabled=no
add chain=prerouting connection-type=pptp action=mark-packet \
    new-packet-mark=LEVEL-1 passthrough=yes comment="" disabled=no
add chain=prerouting action=mark-packet new-packet-mark=LEVEL-8 \
    passthrough=yes comment="" disabled=no
add chain=prerouting action=return comment="" disabled=no


# may/10/2006 02:17:03 by RouterOS 2.9.6
# software id = RG4M-5MN
#
/ queue tree
add name="测试-上行" parent=global-out packet-mark="" limit-at=0 \
    queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="最优先通过的数据包" parent=测试-上行 packet-mark="" limit-at=0 \
    queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="第一级别" parent=最优先通过的数据包 packet-mark=LEVEL-1 limit-at=0 \
    queue=default priority=2 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="第二级别" parent=最优先通过的数据包 packet-mark=LEVEL-2 limit-at=0 \
    queue=default priority=3 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="中等优先通过的数据包" parent=测试-上行 packet-mark="" limit-at=0 \
    queue=default priority=4 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="第三级别" parent=中等优先通过的数据包 packet-mark=LEVEL-3 limit-at=0 \
    queue=default priority=5 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="第四级别" parent=中等优先通过的数据包 packet-mark=LEVEL-4 limit-at=0 \
    queue=default priority=6 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="第五级别" parent=中等优先通过的数据包 packet-mark=LEVEL-5 limit-at=0 \
    queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="第六级别" parent=中等优先通过的数据包 packet-mark=LEVEL-6 limit-at=0 \
    queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
add name="测试-下行" parent=global-in packet-mark="" limit-at=0 queue=default \
    priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s \
    disabled=no
add name="使用最低优先级的包" parent=测试-下行 packet-mark=LEVEL-8 limit-at=0 \
    queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no

szall 发表于 2006-11-16 21:34:36

我看不明白哦,但是还是帮你顶一下吧
页: [1]
查看完整版本: 大家进来,帮忙看看分析一下