public:use_raspberry_4_as_router
Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| public:use_raspberry_4_as_router [2021/08/07 20:54] – pcouderc | public:use_raspberry_4_as_router [2022/01/31 07:28] (Version actuelle) – pcouderc | ||
|---|---|---|---|
| Ligne 65: | Ligne 65: | ||
| === Routing === | === Routing === | ||
| + | |||
| + | First routing must be enabled, by uncommenting in / | ||
| + | |||
| + | < | ||
| + | net.ipv4.ip_forward=1 | ||
| + | </ | ||
| Routing is done by iptable and iptables-persistent | Routing is done by iptable and iptables-persistent | ||
| Ligne 158: | Ligne 164: | ||
| </ | </ | ||
| Note that for incoming traffic, each port appears twice, one in PREROUTING table and the other one in FORWARD table. | Note that for incoming traffic, each port appears twice, one in PREROUTING table and the other one in FORWARD table. | ||
| - | === QOS === | + | ===== QOS ===== |
| + | ==== Catégories de flux ==== | ||
| + | (en cours de rédaction) | ||
| + | Tests de rapidité de la ligne (avec apt install speedtest-cli) : 14.5 / 1.25 Mbit/ | ||
| + | ( d' | ||
| + | |||
| + | * 1 interactif (DNS udp,DNS tcp, other ) | ||
| + | * 2 TCP ACKs | ||
| + | * 3 SSH | ||
| + | * 4 SIP/RTP | ||
| + | * 5 HTTP | ||
| + | * 6 mail | ||
| + | * 7 sauvegarde (en fait tout trafic de 192.168.163.1) | ||
| + | * 8 Divers . | ||
| + | |||
| + | Premiers tests : implémenté comme dans la référence (sans SIP, masi maj debits et eth1) | ||
| + | |||
| + | < | ||
| + | #-nettoyage | ||
| + | tc qdisc del dev eth1 root | ||
| + | #-root | ||
| + | tc qdisc add dev eth1 root handle 1: htb default 99 r2q 5 | ||
| + | # | ||
| + | tc class add dev eth1 parent 1:0 classid 1:1 htb rate 1250kbit ceil 1250kbit | ||
| + | # | ||
| + | tc class add dev eth1 parent 1:0 classid 1:1000 htb rate 1gbit ceil 1gbit | ||
| + | # == filtre lan | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 1000 handle 1000 fw flowid 1:1000 | ||
| + | |||
| + | # | ||
| + | tc class add dev eth1 parent 1:1 classid 1:10 htb rate 128kbit ceil 200kbit burst 5k prio 1 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:10 handle 110: pfifo limit 1000 | ||
| + | # == filtre interactive | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 10 fw flowid 1:10 | ||
| + | |||
| + | # | ||
| + | tc class add dev eth1 parent 1:1 classid 1:20 htb rate 64kbit ceil 1250kbit burst 300 prio 2 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:20 handle 120: pfifo limit 1000 | ||
| + | # == filtre tcp acks | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 20 fw flowid 1:20 | ||
| + | |||
| + | |||
| + | # | ||
| + | tc class add dev eth1 parent 1:1 classid 1:30 htb rate 64kbit ceil 300kbit burst 2k prio 3 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:30 handle 130: sfq perturb 10 | ||
| + | # == filtre ssh | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 30 fw flowid 1:30 | ||
| + | |||
| + | |||
| + | |||
| + | # | ||
| + | tc class add dev eth1 parent 1:1 classid 1:40 htb rate 256kbit ceil 1250kbit burst 2k prio 4 | ||
| + | ##################### | ||
| + | # | ||
| + | tc class add dev eth1 parent 1:40 classid 1:41 htb rate 100kbit ceil 1250kbit burst 2k prio 4 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:41 handle 141: sfq perturb 10 | ||
| + | # == filtre http/s sub 1 | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 4 handle 41 fw flowid 1:41 | ||
| + | ##################### | ||
| + | # | ||
| + | tc class add dev eth1 parent 1:40 classid 1:42 htb rate 100kbit ceil 1250kbit burst 2k prio 4 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:42 handle 142: sfq perturb 10 | ||
| + | # == filtre http/s sub 2 | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 5 handle 42 fw flowid 1:42 | ||
| + | ##################### | ||
| + | # | ||
| + | tc class add dev eth1 parent 1:40 classid 1:49 htb rate 56kbit ceil 1250kbit burst 2k prio 4 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:49 handle 149: sfq perturb 10 | ||
| + | # == filtre http/s sub 3 | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 6 handle 49 fw flowid 1:49 | ||
| + | ##################### | ||
| + | |||
| + | |||
| + | |||
| + | # | ||
| + | tc class add dev eth1 parent 1:1 classid 1:50 htb rate 128kbit ceil 1250kbit burst 2k prio 5 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:50 handle 150: sfq perturb 10 | ||
| + | # == filtre bittorrent | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 7 handle 50 fw flowid 1:50 | ||
| + | |||
| + | |||
| + | # | ||
| + | tc class add dev eth1 parent 1:1 classid 1:99 htb rate 128kbit ceil 1250kbit burst 2k prio 5 linklayer atm | ||
| + | # | ||
| + | tc qdisc add dev eth1 parent 1:99 handle 199: sfq perturb 10 | ||
| + | # == filtre default | ||
| + | tc filter add dev eth1 parent 1:0 protocol ip prio 99 handle 99 fw flowid 1:99 | ||
| + | |||
| + | |||
| + | </ | ||
| - | ==== Procédure de secours par smartphone ==== | + | ===== Procédure de secours par smartphone |
| Cas de panne de DSLAM | Cas de panne de DSLAM | ||
public/use_raspberry_4_as_router.1628369648.txt.gz · Dernière modification : 2021/08/07 20:54 de pcouderc