求双线DSCP排除服务器限速
双线ADSL线路,用的是DSCP标记。排除服务器不成功add action=change-dscp chain=prerouting comment=server disabled=no dscp=0 \
new-dscp=1 passthrough=yes src-address=192.168.1.251
add action=accept chain=prerouting comment=server disabled=no dscp=1 \
src-address-type=!local
add action=accept chain=postrouting comment=server disabled=no dscp=1 \
src-address-list=server-ip
这个我的排除服务器脚本 本帖最后由 qkhh 于 2012-10-13 21:16 编辑
用DSCP标记为accept 服务器还是跟客户机一样的限速
如果用mark connection标记连接再标记包也不行。(服务器连网页都打不开) 谁能帮帮忙。搞来搞去就是不行。单线可以排除服务器。双线就不行了。 全部脚本贴出来当然没问题,又不是什么高级的东西。
我用DSCP标记是因为双线用链接标记的话有问题,不能正常工作。也许是我不会搞。单线用链接标记可以正常工作我会。
因为用DSCP标记在双线下可以正常使用QOS限速,端口及大小包都可以区分开来,游戏网页什么的也正常。所以才用DSCP标记。 bobwalker 发表于 2012-10-14 13:44 static/image/common/back.gif
脚本不全,所以没人回答。
不用担心别人用你的脚本,你全贴出来,也没人用。因为在ROS中,使用DSCP做Q ...
/ip firewall mangle
add action=change-mss chain=forward disabled=no new-mss=1440 passthrough=yes \
protocol=tcp tcp-flags=syn
add action=mark-connection chain=prerouting connection-state=new disabled=no \
in-interface=Lan new-connection-mark=con1 nth=2,1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con1 disabled=no \
in-interface=Lan new-routing-mark=to-con1 passthrough=yes
add action=mark-connection chain=prerouting connection-state=new disabled=no \
in-interface=Lan new-connection-mark=con2 nth=2,2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=con2 disabled=no \
in-interface=Lan new-routing-mark=to-con2 passthrough=yes
add action=add-src-to-address-list address-list=neiwang-ip \
address-list-timeout=5m chain=prerouting comment=\
"\C4\DA\CD\F8\B5\D8\D6\B7\C1\D0\B1\EDlan" disabled=no in-interface=Lan \
src-address=192.168.1.2-192.168.1.250
add action=change-dscp chain=prerouting comment=server disabled=no dscp=0 \
new-dscp=1 passthrough=yes src-address=192.168.1.251
add action=accept chain=prerouting comment=server disabled=no dscp=1 \
src-address-type=!local
add action=accept chain=postrouting comment=server disabled=no dscp=1 \
src-address-list=server-ip
add action=change-dscp chain=prerouting comment=icmp disabled=no dscp=0 \
new-dscp=3 passthrough=yes protocol=icmp
add action=change-dscp chain=prerouting comment=web disabled=no dscp=0 \
new-dscp=4 passthrough=yes port=80,8080 protocol=tcp
add action=mark-packet chain=prerouting disabled=no dscp=4 in-interface=\
pppoe-out1 new-packet-mark=web-down passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=4 new-packet-mark=\
web-up out-interface=pppoe-out1 passthrough=no src-address-list=\
neiwang-ip
add action=mark-packet chain=prerouting disabled=no dscp=4 in-interface=\
pppoe-out2 new-packet-mark=web-down2 passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=4 new-packet-mark=\
web-up2 out-interface=pppoe-out2 passthrough=no src-address-list=\
neiwang-ip
add action=change-dscp chain=prerouting comment="\B4\F3\B0\FC" disabled=no \
dscp=0 new-dscp=2 packet-size=512-65535 passthrough=yes
add action=mark-packet chain=prerouting disabled=no dscp=2 in-interface=\
pppoe-out1 new-packet-mark=dabao-down passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=2 new-packet-mark=\
dabao-up out-interface=pppoe-out1 passthrough=no src-address-list=\
neiwang-ip
add action=mark-packet chain=prerouting disabled=no dscp=2 in-interface=\
pppoe-out2 new-packet-mark=dabao-down2 passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=2 new-packet-mark=\
dabao-up2 out-interface=pppoe-out2 passthrough=no src-address-list=\
neiwang-ip
add action=change-dscp chain=prerouting comment=\
"\B5\D8\CF\C2\B3\C7\D3\C2\CA\BF" disabled=no dscp=0 new-dscp=3 \
passthrough=yes port=10001-10070,7101-7106 protocol=tcp
add action=change-dscp chain=prerouting disabled=no dscp=0 new-dscp=3 \
passthrough=yes port=5063 protocol=udp
add action=change-dscp chain=prerouting comment="\B4\A9\D4\BD\BB\F0\CF\DF" \
disabled=no dscp=0 new-dscp=3 passthrough=yes port=12000-12175,2349 \
protocol=udp
add action=change-dscp chain=prerouting disabled=no dscp=0 new-dscp=3 \
passthrough=yes port=7101-7106,10008,28012 protocol=tcp
add action=mark-packet chain=prerouting disabled=no dscp=3 in-interface=\
pppoe-out1 new-packet-mark=youxi-down passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=3 new-packet-mark=\
youxi-up out-interface=pppoe-out1 passthrough=no src-address-list=\
neiwang-ip
add action=mark-packet chain=prerouting disabled=no dscp=3 in-interface=\
pppoe-out2 new-packet-mark=youxi-down2 passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=3 new-packet-mark=\
youxi-up2 out-interface=pppoe-out2 passthrough=no src-address-list=\
neiwang-ip
add action=change-dscp chain=prerouting comment="\C6\E4\CB\FC\B0\FC" \
disabled=no dscp=0 new-dscp=9 passthrough=yes
add action=mark-packet chain=prerouting disabled=no dscp=9 in-interface=\
pppoe-out1 new-packet-mark=qitabao-down passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=9 new-packet-mark=\
qitabao-up out-interface=pppoe-out1 passthrough=no src-address-list=\
neiwang-ip
add action=mark-packet chain=prerouting disabled=no dscp=9 in-interface=\
pppoe-out2 new-packet-mark=qitabao-down2 passthrough=no src-address-type=\
!local
add action=mark-packet chain=postrouting disabled=no dscp=9 new-packet-mark=\
qitabao-up2 out-interface=pppoe-out2 passthrough=no src-address-list=\
neiwang-ip
bobwalker 发表于 2012-10-14 14:17 static/image/common/back.gif
下面第一条规则,你把上行我包dscp改为1,但下行包dscp没有变。其他不用我说了吧。
非常感谢指点。我确实是一知半解。看来得再研究研究双线链接标记了。之前用connection标记双线游戏总是很难进房间。 bobwalker 发表于 2012-10-14 13:44 static/image/common/back.gif
脚本不全,所以没人回答。
不用担心别人用你的脚本,你全贴出来,也没人用。因为在ROS中,使用DSCP做Q ...
除了DSCP,还有啥更高效率的方法? 学习了,顶上云
页:
[1]