(悬赏50元RMB币)期待真正流量非对称问题!
本帖最后由 adslcool 于 2009-11-12 23:07 编辑如上图,内网流量是控制了,可是外网进来的下行数据依然在接口排队,仍然会卡,期待解决!
:)
现在开放一个Router OS 系统,欢迎诸位拍砖!
域名:testspeed.3322.org
用户名:demo
密 码:没有
搞了几天依然没效果,相信重赏之下必有勇夫!
好了我在淘宝直接给你冲QQ币,或者手机充值卡,怎样都行!
QQ:165306921
:) :) :)
限速脚本
# oct/18/2009 19:15:25 by RouterOS 2.9.6
# software id = S5KG-G0N
#
/ queue type
add name="Upload" kind=pcq pcq-rate=1000000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000
add name="Download" kind=pcq pcq-rate=1000000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
/ queue simple
add name="PCQ" dst-address=192.168.0.0/24 interface=all parent=none priority=8 \
queue=Download/Upload limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no
防火墙脚本
# 防火墙
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m
/ ip firewall filter
add chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 \
address-list="port scanners" address-list-timeout=1d comment="Port \
scanners to list " disabled=no
add chain=input action=add-src-to-address-list \
tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list="port \
scanners" address-list-timeout=1d comment="NMAP FIN Stealth scan" \
disabled=no
add chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp \
address-list="port scanners" address-list-timeout=1d comment="SYN/FIN \
scan" disabled=no
add chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp \
address-list="port scanners" address-list-timeout=1d comment="SYN/RST \
scan" disabled=no
add chain=input action=add-src-to-address-list \
tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp address-list="port \
scanners" address-list-timeout=1d comment="FIN/PSH/URG scan" disabled=no
add chain=input action=add-src-to-address-list \
tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list="port \
scanners" address-list-timeout=1d comment="ALL/ALL scan" disabled=no
add chain=input action=add-src-to-address-list \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list="port \
scanners" address-list-timeout=1d comment="NMAP NULL scan" disabled=no
add chain=input action=drop src-address-list="port scanners" comment="port \
scanners " disabled=no
add chain=input action=drop src-address-list=black_list comment=" Black list " \
disabled=no
add chain=input action=drop connection-state=invalid comment="drop invalid \
packets" disabled=no
add chain=input action=accept connection-state=related comment="accept related \
packets" disabled=no
add chain=input action=accept connection-state=established comment="accept \
established packets" disabled=no
add chain=input action=drop protocol=tcp psd=21,3s,3,1 comment="detect and \
drop port scan connections" disabled=no
add chain=input action=tarpit protocol=tcp connection-limit=3,32 \
src-address-list=black_list comment="suppress DoS attack" disabled=no
add chain=input action=add-src-to-address-list protocol=tcp \
connection-limit=10,32 address-list=black_list address-list-timeout=1d \
comment="detect DoS attack" disabled=no
add chain=input action=drop dst-address-type=!local comment="drop all that is \
not to local" disabled=no
add chain=input action=jump jump-target=ICMP protocol=icmp comment="jump to \
chain ICMP" disabled=no
add chain=input action=jump jump-target=services comment="Jump to service" \
disabled=no
add chain=input action=jump jump-target=virus comment="jump to Virus" \
disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=0:0-255 limit=5,5 \
comment="0:0 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=3:3 limit=5,5 \
comment="3:3 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=3:4 limit=5,5 \
comment="3:4 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=8:0-255 limit=5,5 \
comment="8:0 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=11:0-255 limit=5,5 \
comment="11:0 and limit for 5pac/s" disabled=no
add chain=services action=accept dst-port=8291 protocol=tcp comment="Allow \
winbox" disabled=no
add chain=services action=accept dst-port=20-21 protocol=tcp comment="allow \
ftp" disabled=no
add chain=services action=accept dst-port=8080 protocol=tcp comment="allow Web \
Proxy" disabled=no
add chain=services action=accept src-address=127.0.0.1 dst-address=127.0.0.1 \
comment="accept localhost" disabled=no
add chain=services action=accept dst-port=22 protocol=tcp comment="allow sftp, \
ssh" disabled=no
add chain=services action=accept dst-port=23 protocol=tcp comment="allow \
telnet" disabled=no
add chain=services action=accept dst-port=81 protocol=tcp comment="allow http, \
webbox" disabled=no
add chain=services action=accept dst-port=20561 protocol=udp comment="allow \
MACwinbox " disabled=no
add chain=services action=accept dst-port=5678 protocol=udp comment=" MT \
Discovery Protocol" disabled=no
add chain=services action=accept dst-port=53 protocol=tcp comment="allow DNS \
request" disabled=no
add chain=services action=accept dst-port=53 protocol=udp comment="Allow DNS \
request" disabled=no
add chain=services action=accept dst-port=1701 protocol=udp comment="allow \
L2TP" disabled=no
add chain=services action=accept dst-port=1723 protocol=tcp comment="allow \
PPTP" disabled=no
add chain=services action=accept protocol=gre comment="allow PPTP and EoIP" \
disabled=no
add chain=services action=accept protocol=ipencap comment="allow IPIP" \
disabled=no
add chain=services action=accept dst-port=1900 protocol=udp comment="UPnP" \
disabled=no
add chain=services action=accept dst-port=2828 protocol=tcp comment="UPnP" \
disabled=no
add chain=services action=accept dst-port=67-68 protocol=udp comment="allow \
DHCP" disabled=no
add chain=services action=accept dst-port=123 protocol=tcp comment="allow NTP" \
disabled=no
add chain=services action=accept dst-port=161 protocol=tcp comment="allow \
SNMP" disabled=no
add chain=services action=accept dst-port=443 protocol=tcp comment="allow \
https for Hotspot" disabled=no
add chain=services action=accept dst-port=1080 protocol=tcp comment="allow \
Socks for Hotspot" disabled=no
add chain=services action=accept dst-port=500 protocol=udp comment="allow \
IPSec connections" disabled=no
add chain=services action=accept protocol=ipsec-esp comment="allow IPSec" \
disabled=no
add chain=services action=accept protocol=ipsec-ah comment="allow IPSec" \
disabled=no
add chain=services action=accept dst-port=179 protocol=tcp comment="Allow BGP" \
disabled=no
add chain=services action=accept dst-port=520-521 protocol=udp comment="allow \
RIP" disabled=no
add chain=services action=accept protocol=ospf comment="allow OSPF" \
disabled=no
add chain=services action=accept dst-port=5000-5100 protocol=udp \
comment="allow BGP" disabled=no
add chain=services action=accept dst-port=1720 protocol=tcp comment="allow \
Telephony" disabled=no
add chain=services action=accept dst-port=1719 protocol=udp comment="allow \
Telephony" disabled=no
add chain=services action=accept protocol=vrrp comment="allow VRRP " \
disabled=no
add chain=forward action=drop connection-state=invalid comment="drop invalid \
packets" disabled=no
add chain=output action=drop connection-state=invalid comment="drop invalid \
packets" disabled=no
add chain=input action=drop comment="Drop All input" disabled=no 双线没有负载好呀 现在是单线,我遇到很多时候不管单双线都会出现外网流量比内网流量大,如果达到ISP限制的情况,就开始排队,开始卡了! 你看见没,上行2.5M没问题在Wan口也是,说明限速起作用了,就是下行,在接口处排队去了,正常数据不能及时通过! 本帖最后由 WGHBOY 于 2009-11-10 15:08 编辑
那是你的网络 那是你的网络
WGHBOY 发表于 2009-11-10 15:07 http://bbs.routerclub.com/images/common/back.gif
难道我们这边网络都是这样吗?
我用的是pcq限速,你的呢? 我的相差不大 我的相差不大
WGHBOY 发表于 2009-11-11 01:01 http://bbs.routerclub.com/images/common/back.gif
你用的什么限速,这兄弟半夜1点还在网上真是勤奋 楼主可以先确定下载的数据不是内网的请求造成的,如果确定了,就找电信帮你做个防火墙过滤掉,其他没有办法 本帖最后由 adslcool 于 2009-11-12 19:07 编辑
input dorp 了除正常连接ros以外的所有连接,依然是客户机下载超过规定速度后,流量不对称,得论坛朋友指点,限速网卡指定为Wan(interface=ether2),问题依旧,
原来是 interface=all 附上限速脚本
# oct/18/2009 19:15:25 by RouterOS 2.9.6
# software id = S5KG-G0N
#
/ queue type
add name="Upload" kind=pcq pcq-rate=1000000 pcq-limit=50 \
pcq-classifier=src-address pcq-total-limit=2000
add name="Download" kind=pcq pcq-rate=1000000 pcq-limit=50 \
pcq-classifier=dst-address pcq-total-limit=2000
/ queue simple
add name="PCQ" dst-address=192.168.0.0/24 interface=all parent=none priority=8 \
queue=Download/Upload limit-at=0/0 max-limit=0/0 total-queue=default \
disabled=no input dorp 了除正常连接ros以外的所有连接,依然是客户机下载超过规定速度后,流量不对称,得论坛朋友 ...
adslcool 发表于 2009-11-12 19:06 http://bbs.routerclub.com/images/common/back.gif
interface=all
应该包含了interface=(网卡名称) 我一直觉得是理所当然的事情,而且随着流量的增加,差额会成正比.......感觉和显示有关系.... 内网p2p应用就是这样的效果 这是无法也不可能避免的
页:
[1]
2