Prihlásiť sa Odoslať Novinky :: FAQ :: Rozšírené vyhľadávanie :: Napísali o nás :: Ankety
Main Menu
· Home
· 
· FAQ
· 
· Diskusia
· 
Main Menu
· Domov

Moduly
· AvantGo
· Downloads
· FAQ
· News
· Recommend Us
· Reviews
· Search
· Sections
· Stats
· Topics
· Top List
· Web Links
· Forum
Jazyk
Výber jazykovej mutácie:

FAQ  •  Search  •  Register  •  Log in to check your private messages
Log in  •  Maximize
The time now is 28.04.2024 - 22:54

SKFREE Forum Index » SKFree Network » Software

Iptables

Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 
Author Message
Lubig
Post subject: Iptables  PostPosted: 07.01.2007 - 14:03 #44028
Basic


Joined: Aug 27, 2004
Posts: 125
Ako nastavim v IPtables MAC/IP filter a shaping?
Napr. IP 192.168.1.10 s MAC 00:0c:0e:4f:ab:cb aby mala
rychlost napr 256kbit Down a 128kbit Up?
 
 View user's profile Send private message ICQ Number 
Reply with quote Back to top
si
Post subject: RE: Iptables  PostPosted: 07.01.2007 - 14:39 #44030
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
shaping v iptables jedine tym ze prislusne packety vhodne omarkujes, mark nie je terminalne pravidlo, takze za to hned mozes umiestnit filter na MAC (bud accept pre danu kombinaciu (ak mas default drop) alebo reject ak s danou IP je ina MAC (ak mas default accept)))
samotny shaping budes skor nastavovat cez nieco ako tc (je sucastou iproute2)
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
Lubig
Post subject: Iptables  PostPosted: 07.01.2007 - 14:57 #44031
Basic


Joined: Aug 27, 2004
Posts: 125
Nevedel by si mi napisat ako by to malo priblizne vyzerat?
 
 View user's profile Send private message ICQ Number 
Reply with quote Back to top
si
Post subject: RE: Iptables  PostPosted: 07.01.2007 - 15:05 #44032
Majster


Joined: Jan 12, 2003
Posts: 4250
Location: /dev/null
Lubig: vedel, len akosi teraz nemam na to cas Sad ale s istotou viem ze sa tu uz take veci preberali (a aj ja som uz niekam sem take pisal), tak skus pohladat...
 
 View user's profile Send private message Send e-mail Visit poster's website  
Reply with quote Back to top
mgx
Post subject: RE: Iptables  PostPosted: 07.01.2007 - 17:38 #44037
Guru


Joined: Dec 27, 2002
Posts: 1505
IP/MAC filter je jedna vec
SHAPING je druha vec

1. nastavenie IP mac filtra je nastavenie v podstate firewallu

iptables -I INPUT -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT

prikladov na to najdes kopu (GOOGLE)

2. potom uz lahko podla IPcky priradis spravnu rychlost
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
jmi
Post subject: RE: Iptables  PostPosted: 07.01.2007 - 18:27 #44038
Guru


Joined: Feb 19, 2003
Posts: 1133
Location: blizko Trencina
ako ti uz napisali, iptables pouzi na markovanie, tc (traffic control) z iproute2 na shaping. Z toho co si vsak napisal mam pocit, ze ani moc nevies co shaping dokaze a teda ani nevies ako by si ho vlastne chcel nakonfigurovat. Teda je jasne, ze z takeho zadania moc neporadime.

necakaj ze ti niekto napise skript ako to ma vyzerat, lebo kazdy mame specificke poziadavky.
ak to fakt xces, tak zacni studovat navody, tutorialy, dokumentacie

aspon si nastuduj "stromy pre sharovanie trafficu"
ja osobne, ked som zacinal, som zacal s intuitivnym HTBckom
http://luxik.cdi.cz/~devik/qos/htb/
prvy link na tej stranke je velmi slusny tutorial.

Ale zacinat ak nemas prehlad je tazke, a ten sa dobre ziska ak precitas toto http://lartc.org/howto/ a hlavne kapitolu 9.


Neviem co presne v akej situacii xces robit, ale podla mojich skusenosti je velka sanca ze narazis na problem, ze potrebujes IMQ a nebudes ho mat v kernely. Teda kym sa ti podari skompilovat pozadovany kernel so vsetkym, mozes na druhej masine trenovat "ochudobneny" (egress) shaping. (Ja som kompiloval kernel nespocetne vela krat lebo vzdy som po tyzdni vylepsovania prisiel na to, ze este nieco co nemam v kernely by sa hodilo.


ina moznost je pouzit nejake htb.init skripty a podobne, avsak ak to myslis vazne, tak sa to urcite naucis sam, aby si vedel preco to vobec moze fungovat, ako to funguje, ako sa to konfiguruje, testuje a monitoruje. No a potom si rad napises vlastny script.
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Trevor
Post subject: RE: Iptables  PostPosted: 07.01.2007 - 20:30 #44044
Basic


Joined: Jan 04, 2005
Posts: 193
Location: Šurany
No tak si ho akurat tak dobre doplietol Very Happy

Na shaping si pozri toto http://www.root.cz/clanky/htb-jemny-uvod/ sice to nie je nic extra ale ako zaklad to staci.

A o iptables si precitaj toto http://www.root.cz/clanky/stavime-firewall-1/ su to celkovo 3 diely a je tam popisane vsetko aby si rozchodil firewall
 
 View user's profile Send private message Visit poster's website ICQ Number 
Reply with quote Back to top
jmi
Post subject: RE: Iptables  PostPosted: 08.01.2007 - 10:56 #44056
Guru


Joined: Feb 19, 2003
Posts: 1133
Location: blizko Trencina
no ja ked som zacinal tak clanky na roote neboli a linky co som uviedol mi dali takmer vsetky info co som potreboval
 
 View user's profile Send private message Visit poster's website  
Reply with quote Back to top
Display posts from previous:     
All times are GMT
Post new topic Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
 
Jump to:  

SKFREE Forum Index » SKFree Network » Software
Powered by PNphpBB2 © 2003-2005 The PNphpBB Group
Credits

(C) SKFree 2002-2010: Powered by POSTNUKE. Môžete prebera? naše správy vo formáte XML(RSS)