Saludos aca posteo las configuraciones solicitadas por el compañero angel si hace falta alguna favor decir cual
/argentoqos/variables.conf
- Código: Selecionar todos
IF_LOCALBR="eth0"
IF_WAN="eth1"
IF_LOCAL_IMQ="imq0"
LOCAL_IP="192.168.0.254"
IF_GATEWAY="192.168.0.1"
bridgemode="yes" #Poner en yes para activar el modo bridge
prio_lan="1"
prio_class="1"
perturb="4"
burst="200"
squidport="8080"
estado_de_squid="/tmp/estado_squid"
httpsquid="http://www.brazilfw.com.br/users/angelruiz/addons/serieargento/squid/squid.tgz"
logcontrol="yes"
logcontrol_max_space="20000" #espacio maximo tolerado para el peso de los logs.
nice="-15" # prioridad en la que se ejecuta squid
udp_ports="53,67,68,443" #dns y dhcp
tcp_ports="8180,22,8186,8187,4001,4080,8286,443,1863,6891" #webmin y http
/partition/squid/etc/squid.conf
- Código: Selecionar todos
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl pc_blanca src "/argentoqos/squid/pc_blanca"
acl pc_negra src "/argentoqos/squid/pc_negra"
acl NO_cache dstdomain -i "/argentoqos/squid/no_cache"
acl sitios_prohibidos url_regex -i "/argentoqos/squid/sitios_prohibidos"
acl sitios_inocentes url_regex -i "/argentoqos/squid/sitios_inocentes"
acl lista_extensiones urlpath_regex -i "/argentoqos/squid/lista_extensiones"
############ojo#############
visible_hostname localhost
#acl porn url_regex -i "/argentoqos/squid/porno"
#tcp_outgoing_address 192.168.70.2 porn
#
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
##########################
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny NO_cache
no_cache deny QUERY
acl normal_service_net src 192.168.1.66
acl good_service_net src 192.168.1.47
tcp_outgoing_tos 0x00 normal_service_net
tcp_outgoing_tos 0x08 good_service_net
http_access allow pc_negra sitios_inocentes
http_access allow pc_negra !sitios_prohibidos
http_access deny pc_negra
http_access allow pc_blanca
#http_access allow localnet
http_access deny all
icp_access allow pc_blanca
icp_access deny all
http_port 8080 transparent
cache_mem 128 MB
maximum_object_size_in_memory 64 KB
cache_replacement_policy heap LFUDA
cache_dir aufs /partition/cache 50000 16 256
max_open_disk_fds 0
minimum_object_size 4 KB
maximum_object_size 400096 KB
cache_swap_low 70
cache_swap_high 80
url_rewrite_program /etc/SquidCacheAux/redir.pl
url_rewrite_children 15
max_stale 4 week
update_headers on
access_log /partition/squidlog/access.log squid
cache_log /partition/squidlog/cache.log
cache_store_log none
logfile_rotate 4
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs off
half_closed_clients off
### Aumento de Uso de cache ###
refresh_pattern -i \.doubleclick\.net 1440 40% 20160
refresh_pattern -i \.benchmark\.kelkoo\.net: 1440 40% 20160
refresh_pattern -i \.googleadservices\.com 1440 40% 20160
refresh_pattern \.google\.ar\/search$ 30 40% 20160
refresh_pattern -i \.do? 3000 80% 432000 override-expire
refresh_pattern -i \.do$ 3000 80% 432000 override-expire
refresh_pattern -i \.do 3000 80% 432000
refresh_pattern -i \.jsp? 3000 80% 432000 override-expire
refresh_pattern -i \.jsp$ 3000 80% 432000 override-expire
refresh_pattern -i \.jsp 3000 80% 432000 override-expire
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#windows update
refresh_pattern .windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#
cache_effective_user nobody
#dns_nameservers 10.0.0.1 192.172.0.4
error_directory /partition/squid/share/errors/English
check_hostnames off
hosts_file /etc/hosts
memory_pools off
memory_pools_limit 5 MB
server_persistent_connections off
zph_mode tos
zph_local 0x10
delay_pools 1 #1
delay_class 1 2 #1 2
delay_parameters 1 -1/-1 20000/20000
acl descargas urlpath_regex -i \.(iso|cab|dll|exe|arj|rar|tar|zip|7z|lzh|lha|png|bmp|mp3|mpga|wav|ra|ram|rm|mov|movie|mpeg|mpg|mpe|wmv|avi|rpm|gz|bz2|deb|ogg|ppt|swf|flv|flash)$
delay_access 1 allow descargas
# snmp_access allow snmppublic localhost
# snmp_access deny all
#
#Default:
# snmp_access deny all
# TAG: tcp_outgoing_tos
# Allows you to select a TOS/Diffserv value to mark outgoing
# connections with, based on the username or source address
# making the request.
#
# tcp_outgoing_tos ds-field [!]aclname ...
#
# Example where normal_service_net uses the TOS value 0x00
# and good_service_net uses 0x20
#
# acl normal_service_net src 10.0.0.0/255.255.255.0
# acl good_service_net src 10.0.1.0/255.255.255.0
# tcp_outgoing_tos 0x00 normal_service_net
# tcp_outgoing_tos 0x20 good_service_net
#
# TOS/DSCP values really only have local significance - so you should
# know what you're specifying. For more information, see RFC2474 and
# RFC3260.
#
# The TOS/DSCP byte must be exactly that - a octet value 0 - 255, or
# "default" to use whatever default your host has. Note that in
# practice often only values 0 - 63 is usable as the two highest bits
# have been redefined for use by ECN (RFC3168).
#
# Processing proceeds in the order specified, and stops at first fully
# matching line.
#
# Note: The use of this directive using client dependent ACLs is
# incompatible with the use of server side persistent connections. To
# ensure correct results it is best to set server_persisten_connections
# to off when using this directive in such configurations.
#
#Default:
# none
# TAG: tcp_outgoing_address
# Allows you to map requests to different outgoing IP addresses
# based on the username or source address of the user making
# the request.
#
# tcp_outgoing_address ipaddr [[!]aclname] ...
#
# Example where requests from 10.0.0.0/24 will be forwarded
# with source address 10.1.0.1, 10.0.2.0/24 forwarded with
# source address 10.1.0.2 and the rest will be forwarded with
# source address 10.1.0.3.
#
# acl normal_service_net src 10.0.0.0/24
# acl good_service_net src 10.0.1.0/24 10.0.2.0/24
# tcp_outgoing_address 10.1.0.1 normal_service_net
# tcp_outgoing_address 10.1.0.2 good_service_net
# tcp_outgoing_address 10.1.0.3
#
# Processing proceeds in the order specified, and stops at first fully
# matching line.
#
# Note: The use of this directive using client dependent ACLs is
# incompatible with the use of server side persistent connections. To
# ensure correct results it is best to set server_persistent_connections
# to off when using this directive in such configurations.
#
#Default:
# none
# TAG: zph_mode
# This option enables packet level marking of HIT/MISS responses,
# either using IP TOS or socket priority.
# off Feature disabled
# tos Set the IP TOS/Diffserv field
# priority Set the socket priority (may get mapped to TOS by OS,
# otherwise only usable in local rulesets)
# option Embed the mark in an IP option field. See also
# zph_option.
#
# See also tcp_outgoing_tos for details/requirements about TOS usage.
#
#Default:
#zph_mode on
# TAG: zph_local
# Allows you to select a TOS/Diffserv/Priority value to mark local hits.
# Default: 0 (disabled).
#
#Default:
# zph_local 0
# TAG: zph_sibling
# Allows you to select a TOS/Diffserv/Priority value to mark sibling hits.
# Default: 0 (disabled).
#
#Default:
# zph_sibling 0
# TAG: zph_parent
# Allows you to select a TOS/Diffserv/Priority value to mark parent hits.
# Default: 0 (disabled).
#
#Default:
# zph_parent 0
# TAG: zph_option
# The IP option to use when zph_mode is set to "option". Defaults to
# 136 which is officially registered as "SATNET Stream ID".
#
#Default:
# zph_option 136
# TAG: emulate_httpd_log on|off
# The Cache can emulate the log file format which many 'httpd'
# programs use. To disable/enable this emulation, set
# emulate_httpd_log to 'off' or 'on'. The default
# is to use the native log format since it includes useful
# information Squid-specific log analyzers use.
#
#Default:
# emulate_httpd_log off
# TAG: log_ip_on_direct on|off
# Log the destination IP address in the hierarchy log tag when going
# direct. Earlier Squid versions logged the hostname here. If you
# prefer the old way set this to off.
#
#Default:
# log_ip_on_direct on
# TAG: mail_program
# Email program used to send mail if the cache dies.
# The default is "mail". The specified program must comply
# with the standard Unix mail syntax:
# mail-program recipient < mailfile
#
# Optional command line options can be specified.
#
#Default:
# mail_program mail
argentoqos/class.conf
- Código: Selecionar todos
##############################################################################
######################### ----ARGENTO BRIDGE LIGTH----########################
############ ----*NOTA: NO MODIFIQUE MANUALMENTE ESTE ARCHIVO*----############
enqueue_parent 4 20000 30000
enqueue_parent 5 50000 60000
enqueue_simple_class 4 254 40 90 120 384 parent_match_yes 2500 2500 2500 4000
enqueue_simple_id 4 254 192.168.0.10 squid_yes zph_yes 0x10 mac_no 00:90:f5:62:6e:db ACTIVO #ENVIADO
enqueue_simple_id 4 254 192.168.0.11 squid_yes zph_yes 0x10 mac_no 00:50:04:71:63:ad ACTIVO #ENVIADO
enqueue_simple_id 4 254 192.168.1.254 squid_yes zph_yes 0x10 mac_no 00:00:00:00:00:00 ACTIVO #ENVIAR
enqueue_simple_class 4 255 50 512 1000 2000 parent_match_yes 5000 6000 8000 9000
enqueue_simple_id 4 255 192.168.1.134 squid_yes zph_yes 0x10 mac_no 00:00:00:00:00:00 ACTIVO #ENVIAR
enqueue_simple_id 4 255 192.168.1.157 squid_yes zph_yes 0x10 mac_no 00:00:00:00:00:00 ACTIVO #ENVIAR
########################### ----******FIN******----###########################
argentoqos/class
- Código: Selecionar todos
#
# ARGENTO BRIDGE LIGTH....
# Script Realizado por Ignacio Rodriguez Häberlin ignacio@ladelbarrio.com.ar actualizado y modificado por Angel Ruiz angelr_22@hotmail.com 19/06/2010
#
. /argentoqos/variables.conf
. /etc/coyote/coyote.conf
localnet_no_squid() {
echo "No se activara la transparencia de squid para sitios internos pertenecientes a: $1"
iptables -t nat -A PREROUTING -i $IF_LOCALBR -p tcp -d $1 --dport 80 -j ACCEPT
}
ip link set imq0 up
#iptables -t mangle -A PREROUTING -i $IF_LOCALBR -j IMQ --todev imq0
tc qdisc add dev eth0 root handle 1: htb default 9999 r2q 1 2>/tmp/regla
tc qdisc add dev imq0 root handle 1: htb default 9998 r2q 1 2>/tmp/regla
enqueue_parent() {
parent=$1
rate_up=$2
rate_down=$3
class=$(($parent*1000+7))
echo ""
echo "Configurando Cola PADRE con id: $1"
echo "SUBIDA: $2"
echo "BAJADA: $3"
echo "listo"
tc class add dev eth0 parent 1:1 classid 1:$1 htb rate $3kbit quantum 60000 2>/tmp/regla
tc class add dev imq0 parent 1:1 classid 1:$1 htb rate $2kbit quantum 60000 2>/tmp/regla
#DOWNLOAD
echo "Configurando COLA padre adicional 1:$class "
COMMAND2="tc class add dev $IF_LOCALBR parent 1:$parent classid 1:$class htb rate ${rate_down}kbit ceil ${rate_down}kbit prio $prio_class burst $burst "
COMMAND4="tc qdisc add dev $IF_LOCALBR parent 1:$class handle $class: sfq perturb $perturb"
COMMAND5="tc filter add dev $IF_LOCALBR parent 1:0 protocol ip prio 0 handle $class fw classid 1:$class"
#UPLOAD
COMMAND6="tc class add dev $IF_LOCAL_IMQ parent 1:$parent classid 1:$class htb rate ${rate_up}kbit ceil ${rate_up}kbit prio $prio_class burst $burst "
COMMAND7="tc qdisc add dev $IF_LOCAL_IMQ parent 1:$class handle $class: sfq perturb $perturb"
COMMAND8="tc filter add dev $IF_LOCAL_IMQ parent 1:0 protocol ip prio $prio_class handle $class fw classid 1:$class"
$COMMAND2 2>/tmp/regla
$COMMAND4 2>/tmp/regla
$COMMAND5 2>/tmp/regla
$COMMAND6 2>/tmp/regla
$COMMAND7 2>/tmp/regla
$COMMAND8 2>/tmp/regla
echo "....................................................."
}
enqueue_simple_class() {
parent=$(($1*1000+7))
parent2=$(($2*40+1))
parent3=$1
class=$2
rate_up=$3
ceil_up=$4
rate_down=$5
ceil_down=$6
lan_speed=$7
lan_ceil_down="$11"
lan_ceil_up="$9"
lan_rate_down="$10"
lan_rate_up="$8"
qos_variable="$12"
echo "Configurando COLA simple 1:$class con prioridad $prio_class"
COMMAND2="tc class add dev $IF_LOCALBR parent 1:$parent classid 1:$class htb rate ${rate_down}kbit ceil ${ceil_down}kbit prio $prio_class burst $burst "
COMMAND4="tc qdisc add dev $IF_LOCALBR parent 1:$class handle $class: sfq perturb $perturb"
COMMAND5="tc filter add dev $IF_LOCALBR parent 1:0 protocol ip prio $prio_class handle $class fw classid 1:$class"
COMMAND6="tc class add dev $IF_LOCAL_IMQ parent 1:$parent classid 1:$class htb rate ${rate_up}kbit ceil ${ceil_up}kbit prio $prio_class burst $burst "
COMMAND7="tc qdisc add dev $IF_LOCAL_IMQ parent 1:$class handle $class: sfq perturb $perturb"
COMMAND8="tc filter add dev $IF_LOCAL_IMQ parent 1:0 protocol ip prio $prio_class handle $class fw classid 1:$class"
$COMMAND2
$COMMAND4
$COMMAND5
$COMMAND6
$COMMAND7
$COMMAND8
if [ "$lan_speed" = "parent_match_yes" ] ; then
echo "....................................................."
echo "Configurando COLA simple LAN 1:$parent2 con prioridad $prio_class"
COMMAND2="tc class add dev $IF_LOCALBR parent 1:$parent classid 1:$parent2 htb rate ${lan_rate_down}kbit ceil ${lan_ceil_down}kbit prio $prio_class burst 10mbit "
COMMAND4="tc qdisc add dev $IF_LOCALBR parent 1:$parent2 handle $parent2: sfq perturb $perturb"
COMMAND5="tc filter add dev $IF_LOCALBR parent 1:0 protocol ip prio $prio_class handle $parent2 fw classid 1:$parent2"
COMMAND6="tc class add dev $IF_LOCAL_IMQ parent 1:$parent classid 1:$parent2 htb rate ${lan_rate_up}kbit ceil ${lan_ceil_up}kbit prio $prio_class burst 10mbit "
COMMAND7="tc qdisc add dev $IF_LOCAL_IMQ parent 1:$parent2 handle $parent2: sfq perturb $perturb"
COMMAND8="tc filter add dev $IF_LOCAL_IMQ parent 1:0 protocol ip prio $prio_class handle $parent2 fw classid 1:$parent2"
$COMMAND2
$COMMAND4
$COMMAND5
echo "....................................................."
fi
}
enqueue_simple_id() {
parent=$(($1*1000+7))
parent2=$(($2*40+1))
class="$2"
ip="$3"
squid="$4"
zph="$5"
tos="$6"
ifmac="$7"
mac="$8"
status="$9"
addvices="$10"
#definiendo variables
if [ "$status" = "block" ] ; then
. /argentoqos/services.conf
COMMAND1xx="iptables -t nat -A PREROUTING -i $IF_LOCALBR -p tcp -s $ip -j DNAT --to-destination $LOCAL_IPADDR:$puertonopaga"
$COMMAND1xx
fi
if [ "$addvices" = "enviado" ] ; then
COMMAND1xj="iptables -t nat -A PREROUTING -i $IF_LOCALBR -p tcp -s $ip --dport 80 -j REDIRECT --to-port 940"
$COMMAND1xj
fi
echo "Configurando identificador de cola para la ip: $ip perteneciente al grupo padre: $parent y la clase: $class"
if [ "$ifmac" = "mac_yes" ] ; then
COMMAND1c="ebtables -A FORWARD -p IPv4 --ip-source $ip -s $mac -j ACCEPT"
COMMAND2c="ebtables -A FORWARD -p IPv4 --ip-dst $ip -d $mac -j ACCEPT"
echo "Permitiendo tráfico para: $ip con la mac: $mac"
$COMMAND1c
$COMMAND2c
else
COMMAND="ebtables -A FORWARD -p IPv4 --ip-src $ip -j ACCEPT"
COMMAND2="ebtables -A FORWARD -p IPv4 --ip-dst $ip -j ACCEPT"
echo "Permitiendo tráfico para: $ip"
$COMMAND
$COMMAND2
fi
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 0x1
iptables -t mangle -A POSTROUTING -p icmp -j RETURN
#Configurar alta prioridad al ping
COMMAND_PING1="iptables -t mangle -A FORWARD -s $ip -p icmp -j MARK --set-mark $parent2"
COMMAND_PING2="iptables -t mangle -A FORWARD -d $ip -p icmp -j MARK --set-mark 0x1"
COMMAND_PING1a="iptables -t mangle -A FORWARD -s $ip -p icmp -j RETURN"
COMMAND_PING2b="iptables -t mangle -A FORWARD -d $ip -p icmp -j 0x1"
#$COMMAND_PING1
##$COMMAND_PING2
#$COMMAND_PING1a
##$COMMAND_PING2b
#Configurar alta prioridad a los paquetes SYN,RST,ACK SYN
COMMAND_SYN1="iptables -t mangle -A FORWARD -s $ip -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark $parent2"
COMMAND_SYN2="iptables -t mangle -A FORWARD -s $ip -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN"
$COMMAND_SYN1
$COMMAND_SYN2
#Reconocer trafico local
if [ "$lan_speed" != "parent_match_yes" ] ; then
parent2=$class
echo "parent_match Desactivado. Trafico local controlado por la clase simple"
fi
COMMAND_LOCAL1="iptables -t mangle -A OUTPUT -o $IF_LOCALBR -s $LOCAL_IPADDR -d $ip -j MARK --set-mark $parent2"
COMMAND_LOCAL2="iptables -t mangle -A INPUT -i $IF_LOCALBR -d $LOCAL_IPADDR -s $ip -j MARK --set-mark $parent2"
COMMAND_LOCAL3="iptables -t mangle -A INPUT -i $IF_LOCALBR -d $LOCAL_IPADDR -s $ip -j RETURN"
COMMAND_LOCAL4="iptables -t mangle -A OUTPUT -o $IF_LOCALBR -s $LOCAL_IPADDR -d $ip -j RETURN"
COMMAND_LOCAL5="iptables -t mangle -A POSTROUTING -s $LOCAL_IPADDR -d $ip -m tos --tos $tos -j MARK --set-mark $parent2"
COMMAND_LOCAL5b="iptables -t mangle -A POSTROUTING -s $LOCAL_IPADDR -d $ip -m tos --tos $tos -j RETURN"
COMMAND_LOCAL6="iptables -t mangle -A POSTROUTING -d $LOCAL_IPADDR -s $ip -j RETURN"
COMMAND_LOCAL9="iptables -t mangle -A FORWARD -p udp -s $ip -m multiport --ports $udp_ports -j MARK --set-mark $parent2"
COMMAND_LOCAL9b="iptables -t mangle -A FORWARD -p udp -s $ip -m multiport --ports $udp_ports -j RETURN"
COMMAND_LOCAL10="iptables -t mangle -A FORWARD -p tcp -s $ip -m multiport --ports $tcp_ports -j MARK --set-mark $parent2"
COMMAND_LOCAL10b="iptables -t mangle -A FORWARD -p tcp -s $ip -m multiport --ports $tcp_ports -j RETURN"
echo "Trafico Local reconocido con ip destino: $LOCAL_IPADDR"
$COMMAND_LOCAL1
$COMMAND_LOCAL2
$COMMAND_LOCAL3
$COMMAND_LOCAL4
if [ "$zph" = "zph_yes" ] ; then
echo "Zero Penalti Hit ACTIVADO"
$COMMAND_LOCAL5
$COMMAND_LOCAL5b
fi
$COMMAND_LOCAL6
$COMMAND_LOCAL9
$COMMAND_LOCAL9b
$COMMAND_LOCAL10
$COMMAND_LOCAL10b
if [ "$squid" = "squid_yes" ] ; then
if [ -e $estado_de_squid ] ; then
. $estado_de_squid
else
estado_de_squid="down"
fi
if [ "$estado_squid" = "up" ] ; then
if [ "$ifmac" = "mac_yes" ] ; then
COMMAND1d="iptables -t nat -A PREROUTING -i $IF_LOCALBR -p tcp -s $ip --match mac --mac-source $mac --dport 80 -j REDIRECT --to-port $squidport"
echo "Squid transparente para: $ip ACTIVADO"
$COMMAND1d
else
COMMAND1d="iptables -t nat -A PREROUTING -i $IF_LOCALBR -p tcp -s $ip --dport 80 -j REDIRECT --to-port $squidport"
echo "Squid transparente para: $ip ACTIVADO"
$COMMAND1d
fi
else
echo "Squid no esta levantado, evitando proxy transparente"
fi
else
echo "Squid transparente para: $ip DESACTIVADO"
fi
echo "Comenzando filtrado de trafico de BAJADA y SUBIDA para la clase $class con la ip: $ip "
iptables -t mangle -A POSTROUTING -o $IF_LOCALBR -d $ip -m mark --mark $parent2 -j RETURN
iptables -t mangle -A POSTROUTING -o $IF_LOCALBR -d $ip -j MARK --set-mark $class
iptables -t mangle -A PREROUTING -i $IF_LOCALBR -s $ip -m mark --mark $parent2 -j RETURN
iptables -t mangle -A PREROUTING -i $IF_LOCALBR -s $ip -j MARK --set-mark $class
echo "............................................"
}
if [ -r /argentoqos/class.conf ]; then
echo "Configuring ARGENTO BR QOS rules..."
LINE=0
cat /argentoqos/class.conf | while read FWDRULE; do
LINE=$(($LINE+1))
FWDRULE=`echo "$FWDRULE" | cut -f 1 -d \# | tr [A-Z] [a-z]`
case "$FWDRULE" in
\#*|"") continue ;;
enqueue_parent*) $FWDRULE ;;
enqueue_simple_class*) $FWDRULE ;;
enqueue_simple_id*) $FWDRULE ;;
esac
done
fi
iptables -t mangle -A PREROUTING -i $IF_LOCALBR -j IMQ --todev imq0
argentoqos/firewall.conf
- Código: Selecionar todos
#Aqui se daran permisos a ips y macs en el bridge
#
#Drop all se borra o comenta, dejara de bloquear lo desconocido.
#allow arp permite que el trafico arp pase por el bridge.
drop_all #si se comenta esta linea el bridge no es seguro
allow_arp #si se comenta esta linea el trafico arp es bloqueado
allow_dhcp
#
#allow_mac 00:00:00:00:00:00
#allow_ip 192.168.1.48
#allow_ip_mac 192.168.1.48 xx:xx:xx:xx:xx:xx
##############################################################################
##############################################################################
#allow_ip_mac 192.168.1.24 00:02:A5:01:B1:3E
#
argentoqos/simple_class
- Código: Selecionar todos
enqueue_simple_class|4|254|40|90|120|384|parent_match_yes|2500|2500|2500|4000|
enqueue_simple_class|4|255|50|512|1000|2000|parent_match_yes|5000|6000|8000|9000|
argentoqos/simple_id
- Código: Selecionar todos
enqueue_simple_id|4|254|192.168.0.10|squid_yes|zph_yes|0x10|mac_no|00:90:f5:62:6e:db|ACTIVO|ENVIAR|Jorge|
enqueue_simple_id|4|254|192.168.0.11|squid_yes|zph_yes|0x10|mac_no|00:50:04:71:63:ad|ACTIVO|ENVIAR|virtual|
enqueue_simple_id|4|254|192.168.1.254|squid_yes|zph_yes|0x10|mac_no|00:00:00:00:00:00|ACTIVO|ENVIAR|casa|
enqueue_simple_id|4|255|192.168.1.134|squid_yes|zph_yes|0x10|mac_no|00:00:00:00:00:00|ACTIVO|ENVIAR||
enqueue_simple_id|4|255|192.168.1.157|squid_yes|zph_yes|0x10|mac_no|00:00:00:00:00:00|ACTIVO|ENVIAR|lapto|
argentoqos/services.conf
- Código: Selecionar todos
#Aqui se configura que servicio arranca al inicio
squid="yes" # Inicia Squid
Squidcacheaux="yes"
qos="yes" # Arranca el qos
split="no" # Arranca el split
nopaga="yes"
puertonopaga="99"