限速更高层次运用(技术分享)
一般我们用ros限速只是使用了max-limit,其实ros限速可以更好的运用。比如我们希望客户打开网页时速度可以快一些,下载时速度可以慢一些。ros2.9就可以实现。
max-limit------我们最常用的地方,最大速度
burst-limit--------突破速度的最大值
burst-thershold--------突破速度的阀值
burst-time-------突破速度的时间值
解释一下图片的限制意义
当客户机在30秒(burst-time)内的平均值小于突破速度阀值(burst-thershold)180K时,客户机的最大下载速率可以超过最大限速值(max-limit)200K,达到突破最大值(burst-limit)400K,如果30秒内平均值大于180K,那客户机的最大速度只能达到200K。
这样也就是当我们开网页时可以得到一个更大的速度400K,长时间下载时速度只能得到200K,使我们的带宽可以更有效的利用
route OS 端口映射及回流设置端口映射 :
ip->Firewall-> Destination NAT -> +
General 页
Src. address 0.0.0.0/0
src. port
interfalce all
Dst.address 外网映射IP /32
Dst.port 映射端口
protocol tcp
ACTION 页:
Action nat
to Dst.address 内网映射IP -内网映射IP
to Dst.port 映射端口
做如上设置可以解决本身内网IP映射到外网,别人就可以访问你的内网资源,但是头痛的事来了,你自己却无法通过自己的外网访问自己怎么办呢?现在我来告诉大家怎么解决这个问题。你接着照下如下设置,你将发现,你的烦恼将不能再困扰你了。
其实很简单,跟我来吧。
ip->Firewall-> Source NAT -> +
General 页:
src.address 内网映射IP /32
src.port
Dst.address 内网映射IP网段 /24 (如果你的映射IP为192.168.1.1,那么这里你应该填上 192.168.1.0 /24)
Dst port 映射端口
out.interface all
protocol tcp
ACTION页:
Action nat
to src.address 0.0.0.0 - 0.0.0.0
to src.ports 映射端口
OK,经过如此设置,你将发现,不论你是在自己的内网还是别处访问自己的公网IP都能准确地访问到你所映射的资源了
RO之限IP的TCP连接数(限线程),来自每个IP地址最多允许有15个并发连接
/ip firewall rule forward add protocol=tcp tcp-options=syn-only connection-limit=15 \
action=drop
專門限制一個IP的連接數
/ip firewall rule forward add protocol=tcp tcp-options=syn-only
src-address=192.168.0.249/32 connection-limit=15 action=drop
PCQ集体限速
1.
/ queue type
add name="PCQ-up" kind=pcq pcq-rate=128000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name="PCQ-down" kind=pcq pcq-rate=300000 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
2.
/ ip firewall mangle add chain=prerouting action=mark-packet new-packet-mark=all-mark passthrough=yes
/ queue tree
add name="PCQdown" parent=内网卡 queue=PCQ-down packet-mark=all-mark
add name="PCQup" parent=ether1 queue=PCQ-up packet-mark=all-mark
3.
/ tool traffic-monitor
add name="PCQdownon" interface=外网卡 traffic=received trigger=above threshold=700000 on-event=downon comment="" disabled=no
add name="PCQdownoff" interface=外网卡 traffic=received trigger=below threshold=150000 on-event=downoff comment="" disabled=no
add name="PCQupon" interface=外网卡 traffic=transmitted trigger=above threshold=320000 on-event=upon comment="" disabled=no
add name="PCQupoff" interface=外网卡 traffic=transmitted trigger=below threshold=100000 on-event=upoff comment="" disabled=no
独立于PCQ之外不受限制
例子 192.168.0.20 和192.168.0.21不受限制
/ ip firewall mangle
add chain=prerouting src-address=192.168.0.20 action=mark-connection \
new-connection-mark=nopcqlimit passthrough=yes comment="" disabled=no
add chain=prerouting src-address=192.168.0.21 action=mark-connection \
new-connection-mark=nopcqlimit passthrough=yes comment="" disabled=no
add chain=prerouting connection-mark=nopcqlimit action=accept comment="" \
disabled=no
add chain=prerouting action=mark-packet new-packet-mark=all passthrough=yes \
comment="" disabled=no
封端口
/ ip firewall filter add chain=forward protocol=tcp dst-port=21 action=drop comment="Blockade FTP"
封IP
/ ip firewall filter add chain=forward dst-address=58.60.13.38/32 action=drop comment="Blockade QQ.COM"
端口映射
/ ip firewall nat add chain=dstnat dst-address=(202.96.134.134) protocol=tcp dst-port=80 to-addresses=(192.168.0.1) to-ports=80 action=dst-nat comment="WEB SERVER"
限线程数
:for xbs from 1 to 200 do={/ip firewall filter add chain=forward src-address=(192.168.0. . $xbs) protocol=tcp connection-limit=35,32 action=drop}
封域名
/ ip firewall filter
add chain=forward content=www.qq.com action=reject comment="Blockade QQ.COM"
HTTP网址转向
/ ip firewall nat add chain=dstnat src-address=192.168.0.0/24 dst-address=61.152.235.147 protocol=tcp dst-port=80 action=dst-nat to-addresses=58.60.184.245 to-ports=80 disabled=no comment="QQ TO SZWBLM"
封电驴
/ ip firewall filter
add chain=forward protocol=tcp dst-port=4661-4662 action=drop comment="No Emule"
add chain=forward protocol=tcp dst-port=4242 action=drop
add chain=forward dst-address=62.241.53.15 action=drop
封哇嘎
/ ip firewall filter
add chain=forward content=www.vagaa.com action=reject comment="No VaGaa"
add chain=forward content=vagaa.com action=reject
add chain=forward protocol=tcp dst-port=40750 action=drop
add chain=forward protocol=udp dst-port=40750 action=drop
add chain=forward protocol=tcp dst-port=2004 action=drop
add chain=forward protocol=udp dst-port=2004 action=drop
add chain=forward protocol=tcp dst-port=2005 action=drop
add chain=forward protocol=udp dst-port=2005 action=drop
add chain=forward protocol=tcp dst-port=16521 action=drop
add chain=forward protocol=udp dst-port=16521 action=drop
封QQ直播
/ ip firewall filter
add chain=forward protocol=udp dst-port=13000-14000 action=drop comment="No QQLive"
禁PING
/ ip firewall filter add chain=output protocol=icmp action=drop comment="No Ping"
封PPLIVE
/ ip firewall filter
add chain=forward protocol=tcp dst-port=8008 action=drop comment="No PPlive TV"
add chain=forward protocol=udp dst-port=4004 action=drop
add chain=forward dst-address=218.108.237.11 action=drop
封BT
/ ip firewall filter
add chain=forward protocol=tcp dst-port=16881 action=drop comment="No BitSpirit"
封QQ
/ ip firewall filter
add chain=forward src-address=10.5.6.7/32 action=accept comment="No Tencent QQ"
ad ch forward pr tcp dst-po 8000 act drop
ad ch forward pr udp dst-po 8000 act drop
ad ch forward pr udp dst-po 8000 act drop
add chain=forward dst-address=61.144.238.0/24 action=drop
add chain=forward dst-address=61.152.100.0/24 action=drop
add chain=forward dst-address=61.141.194.0/24 action=drop
add chain=forward dst-address=202.96.170.163/32 action=drop
add chain=forward dst-address=202.104.129.0/24 action=drop
add chain=forward dst-address=202.104.193.20/32 action=drop
add chain=forward dst-address=202.104.193.11/32 action=drop
add chain=forward dst-address=202.104.193.12/32 action=drop
add chain=forward dst-address=218.17.209.23/32 action=drop
add chain=forward dst-address=218.18.95.153/32 action=drop
add chain=forward dst-address=218.18.95.165/32 action=drop
add chain=forward dst-address=218.18.95.220/32 action=drop
add chain=forward dst-address=218.85.138.70/32 action=drop
add chain=forward dst-address=219.133.38.0/24 action=drop
add chain=forward dst-address=219.133.49.0/24 action=drop
add chain=forward dst-address=220.133.40.0/24 action=drop
add chain=forward content=sz.tencent.com action=reject
add chain=forward content=sz2.tencent.com action=reject
add chain=forward content=sz3.tencent.com action=reject
add chain=forward content=sz4.tencent.com action=reject
add chain=forward content=sz5.tencent.com action=reject
add chain=forward content=sz6.tencent.com action=reject
add chain=forward content=sz7.tencent.com action=reject
add chain=forward content=sz8.tencent.com action=rejec
add chain=forward content=sz9.tencent.com action=rejec
add chain=forward content=tcpconn.tencent.com action=reject
add chain=forward content=tcpconn2.tencent.com action=reject
add chain=forward content=tcpconn3.tencent.com action=reject
add chain=forward content=tcpconn4.tencent.com action=reject
add chain=forward content=tcpconn5.tencent.com action=reject
add chain=forward content=tcpconn6.tencent.com action=reject
add chain=forward content=tcpconn7.tencent.com action=reject
add chain=forward content=tcpconn8.tencent.com action=reject
add chain=forward content=qq.com action=reject
add chain=forward content=www.qq.com action=reject
没有评论:
发表评论