adslcool 发表于 2009-11-10 14:13:28

(悬赏50元RMB币)期待真正流量非对称问题!

本帖最后由 adslcool 于 2009-11-12 23:07 编辑






如上图,内网流量是控制了,可是外网进来的下行数据依然在接口排队,仍然会卡,期待解决!
:)

现在开放一个Router OS 系统,欢迎诸位拍砖!
域名:testspeed.3322.org
用户名:demo
密 码:没有

搞了几天依然没效果,相信重赏之下必有勇夫!
好了我在淘宝直接给你冲QQ币,或者手机充值卡,怎样都行!

QQ:165306921
:) :) :)
限速脚本
# oct/18/2009 19:15:25 by RouterOS 2.9.6
# software id = S5KG-G0N
#
/ queue type
add name="Upload" kind=pcq pcq-rate=1000000 pcq-limit=50 \
    pcq-classifier=src-address pcq-total-limit=2000
add name="Download" kind=pcq pcq-rate=1000000 pcq-limit=50 \
    pcq-classifier=dst-address pcq-total-limit=2000
/ queue simple
add name="PCQ" dst-address=192.168.0.0/24 interface=all parent=none priority=8 \
    queue=Download/Upload limit-at=0/0 max-limit=0/0 total-queue=default \
    disabled=no





防火墙脚本

# 防火墙
/ ip firewall connection tracking
set enabled=yes tcp-syn-sent-timeout=5s tcp-syn-received-timeout=5s \
    tcp-established-timeout=1d tcp-fin-wait-timeout=10s \
    tcp-close-wait-timeout=10s tcp-last-ack-timeout=10s \
    tcp-time-wait-timeout=10s tcp-close-timeout=10s udp-timeout=10s \
    udp-stream-timeout=3m icmp-timeout=10s generic-timeout=10m

/ ip firewall filter
add chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 \
    address-list="port scanners" address-list-timeout=1d comment="Port \
    scanners to list " disabled=no
add chain=input action=add-src-to-address-list \
    tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list="port \
    scanners" address-list-timeout=1d comment="NMAP FIN Stealth scan" \
    disabled=no
add chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp \
    address-list="port scanners" address-list-timeout=1d comment="SYN/FIN \
    scan" disabled=no
add chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp \
    address-list="port scanners" address-list-timeout=1d comment="SYN/RST \
    scan" disabled=no
add chain=input action=add-src-to-address-list \
    tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp address-list="port \
    scanners" address-list-timeout=1d comment="FIN/PSH/URG scan" disabled=no
add chain=input action=add-src-to-address-list \
    tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list="port \
    scanners" address-list-timeout=1d comment="ALL/ALL scan" disabled=no
add chain=input action=add-src-to-address-list \
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp address-list="port \
    scanners" address-list-timeout=1d comment="NMAP NULL scan" disabled=no
add chain=input action=drop src-address-list="port scanners" comment="port \
    scanners " disabled=no
add chain=input action=drop src-address-list=black_list comment=" Black list " \
    disabled=no
add chain=input action=drop connection-state=invalid comment="drop invalid \
    packets" disabled=no
add chain=input action=accept connection-state=related comment="accept related \
    packets" disabled=no
add chain=input action=accept connection-state=established comment="accept \
    established packets" disabled=no
add chain=input action=drop protocol=tcp psd=21,3s,3,1 comment="detect and \
    drop port scan connections" disabled=no
add chain=input action=tarpit protocol=tcp connection-limit=3,32 \
    src-address-list=black_list comment="suppress DoS attack" disabled=no
add chain=input action=add-src-to-address-list protocol=tcp \
    connection-limit=10,32 address-list=black_list address-list-timeout=1d \
    comment="detect DoS attack" disabled=no
add chain=input action=drop dst-address-type=!local comment="drop all that is \
    not to local" disabled=no
add chain=input action=jump jump-target=ICMP protocol=icmp comment="jump to \
    chain ICMP" disabled=no
add chain=input action=jump jump-target=services comment="Jump to service" \
    disabled=no
add chain=input action=jump jump-target=virus comment="jump to Virus" \
    disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=0:0-255 limit=5,5 \
    comment="0:0 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=3:3 limit=5,5 \
    comment="3:3 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=3:4 limit=5,5 \
    comment="3:4 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=8:0-255 limit=5,5 \
    comment="8:0 and limit for 5pac/s" disabled=no
add chain=ICMP action=accept protocol=icmp icmp-options=11:0-255 limit=5,5 \
    comment="11:0 and limit for 5pac/s" disabled=no
add chain=services action=accept dst-port=8291 protocol=tcp comment="Allow \
    winbox" disabled=no
add chain=services action=accept dst-port=20-21 protocol=tcp comment="allow \
    ftp" disabled=no
add chain=services action=accept dst-port=8080 protocol=tcp comment="allow Web \
    Proxy" disabled=no
add chain=services action=accept src-address=127.0.0.1 dst-address=127.0.0.1 \
    comment="accept localhost" disabled=no
add chain=services action=accept dst-port=22 protocol=tcp comment="allow sftp, \
    ssh" disabled=no
add chain=services action=accept dst-port=23 protocol=tcp comment="allow \
    telnet" disabled=no
add chain=services action=accept dst-port=81 protocol=tcp comment="allow http, \
    webbox" disabled=no
add chain=services action=accept dst-port=20561 protocol=udp comment="allow \
    MACwinbox " disabled=no
add chain=services action=accept dst-port=5678 protocol=udp comment=" MT \
    Discovery Protocol" disabled=no
add chain=services action=accept dst-port=53 protocol=tcp comment="allow DNS \
    request" disabled=no
add chain=services action=accept dst-port=53 protocol=udp comment="Allow DNS \
    request" disabled=no
add chain=services action=accept dst-port=1701 protocol=udp comment="allow \
    L2TP" disabled=no
add chain=services action=accept dst-port=1723 protocol=tcp comment="allow \
    PPTP" disabled=no
add chain=services action=accept protocol=gre comment="allow PPTP and EoIP" \
    disabled=no
add chain=services action=accept protocol=ipencap comment="allow IPIP" \
    disabled=no
add chain=services action=accept dst-port=1900 protocol=udp comment="UPnP" \
    disabled=no
add chain=services action=accept dst-port=2828 protocol=tcp comment="UPnP" \
    disabled=no
add chain=services action=accept dst-port=67-68 protocol=udp comment="allow \
    DHCP" disabled=no
add chain=services action=accept dst-port=123 protocol=tcp comment="allow NTP" \
    disabled=no
add chain=services action=accept dst-port=161 protocol=tcp comment="allow \
    SNMP" disabled=no
add chain=services action=accept dst-port=443 protocol=tcp comment="allow \
    https for Hotspot" disabled=no
add chain=services action=accept dst-port=1080 protocol=tcp comment="allow \
    Socks for Hotspot" disabled=no
add chain=services action=accept dst-port=500 protocol=udp comment="allow \
    IPSec connections" disabled=no
add chain=services action=accept protocol=ipsec-esp comment="allow IPSec" \
    disabled=no
add chain=services action=accept protocol=ipsec-ah comment="allow IPSec" \
    disabled=no
add chain=services action=accept dst-port=179 protocol=tcp comment="Allow BGP" \
    disabled=no
add chain=services action=accept dst-port=520-521 protocol=udp comment="allow \
    RIP" disabled=no
add chain=services action=accept protocol=ospf comment="allow OSPF" \
    disabled=no
add chain=services action=accept dst-port=5000-5100 protocol=udp \
    comment="allow BGP" disabled=no
add chain=services action=accept dst-port=1720 protocol=tcp comment="allow \
    Telephony" disabled=no
add chain=services action=accept dst-port=1719 protocol=udp comment="allow \
    Telephony" disabled=no
add chain=services action=accept protocol=vrrp comment="allow VRRP " \
    disabled=no
add chain=forward action=drop connection-state=invalid comment="drop invalid \
    packets" disabled=no
add chain=output action=drop connection-state=invalid comment="drop invalid \
    packets" disabled=no
add chain=input action=drop comment="Drop All input" disabled=no

tmd 发表于 2009-11-10 14:22:13

双线没有负载好呀

adslcool 发表于 2009-11-10 14:44:20

现在是单线,我遇到很多时候不管单双线都会出现外网流量比内网流量大,如果达到ISP限制的情况,就开始排队,开始卡了!

adslcool 发表于 2009-11-10 14:45:42

你看见没,上行2.5M没问题在Wan口也是,说明限速起作用了,就是下行,在接口处排队去了,正常数据不能及时通过!

WGHBOY 发表于 2009-11-10 15:07:12

本帖最后由 WGHBOY 于 2009-11-10 15:08 编辑

那是你的网络

adslcool 发表于 2009-11-10 19:44:58

那是你的网络
WGHBOY 发表于 2009-11-10 15:07 http://bbs.routerclub.com/images/common/back.gif

难道我们这边网络都是这样吗?

我用的是pcq限速,你的呢?

WGHBOY 发表于 2009-11-11 01:01:24

我的相差不大

adslcool 发表于 2009-11-11 07:33:53

我的相差不大
WGHBOY 发表于 2009-11-11 01:01 http://bbs.routerclub.com/images/common/back.gif
你用的什么限速,这兄弟半夜1点还在网上真是勤奋

专卖精品 发表于 2009-11-11 10:14:53

楼主可以先确定下载的数据不是内网的请求造成的,如果确定了,就找电信帮你做个防火墙过滤掉,其他没有办法

adslcool 发表于 2009-11-12 19:06:38

本帖最后由 adslcool 于 2009-11-12 19:07 编辑



input dorp 了除正常连接ros以外的所有连接,依然是客户机下载超过规定速度后,流量不对称,得论坛朋友指点,限速网卡指定为Wan(interface=ether2),问题依旧,
原来是 interface=all

adslcool 发表于 2009-11-12 19:09:18

附上限速脚本


# oct/18/2009 19:15:25 by RouterOS 2.9.6
# software id = S5KG-G0N
#
/ queue type
add name="Upload" kind=pcq pcq-rate=1000000 pcq-limit=50 \
    pcq-classifier=src-address pcq-total-limit=2000
add name="Download" kind=pcq pcq-rate=1000000 pcq-limit=50 \
    pcq-classifier=dst-address pcq-total-limit=2000
/ queue simple
add name="PCQ" dst-address=192.168.0.0/24 interface=all parent=none priority=8 \
    queue=Download/Upload limit-at=0/0 max-limit=0/0 total-queue=default \
    disabled=no

adslcool 发表于 2009-11-12 19:11:49

input dorp 了除正常连接ros以外的所有连接,依然是客户机下载超过规定速度后,流量不对称,得论坛朋友 ...
adslcool 发表于 2009-11-12 19:06 http://bbs.routerclub.com/images/common/back.gif

interface=all
应该包含了interface=(网卡名称)

seignior 发表于 2009-11-12 20:53:34

我一直觉得是理所当然的事情,而且随着流量的增加,差额会成正比.......感觉和显示有关系....

bow 发表于 2009-11-12 22:24:41

内网p2p应用就是这样的效果

9939781 发表于 2009-11-12 22:35:48

这是无法也不可能避免的
页: [1] 2
查看完整版本: (悬赏50元RMB币)期待真正流量非对称问题!