OPENVPN服务器下增加网络带宽流量控制
时间:2006-11-24 来源:KZCA
操作系统:CentOS Linux 4.x ( 2.6.9内核 )
VPN服务器:OpenVPN for Linux 2.0.x
VPN客户端:OpenVPN GUI for Windows 1.0.x
eth0 - 服务器外网网卡借口 ( 66.77.88.99 )
tap0 - 服务器VPN网卡借口 ( 10.8.0.1 )
VPN客户端IP: 10.8.0.2
要求:VPN客户端通过OPENVPN GUI软件连接到VPN服务器,然后通过NAT连接到外网,并对客户端进行流量限制.
*** 启动NAT
iptables -t nat -A PREROUTING -d 66.77.88.99 -j DNAT --to 10.8.0.2
iptables -t nat -A POSTROUTING -s 10.8.0.2 -o eth0 -j SNAT --to-source 66.77.88.99
*** 限制VPN客户下载速度为256Kbit/s
tc qdisc add dev tap0 root handle 1: htb default 10
tc class add dev tap0 parent 1: classid 1:1 htb rate 256kbit burst 10k
tc filter add dev tap0 parent 1: protocol ip prio 16 u32 match ip dst 10.8.0.2 flowid 1:1
*** 限制VPN客户上载速度为128Kbit/s
tc qdisc add dev eth0 root handle 2: htb default 10
tc class add dev eth0 parent 2: classid 2:1 htb rate 128kbit burst 10k
tc filter add dev eth0 parent 2: protocol ip prio 16 handle 1 fw flowid 2:1
iptables -t mangle -A PREROUTING -i tap0 -s 10.8.0.2 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i tap0 -s 10.8.0.2 -j RETURN
VPN服务器:OpenVPN for Linux 2.0.x
VPN客户端:OpenVPN GUI for Windows 1.0.x
eth0 - 服务器外网网卡借口 ( 66.77.88.99 )
tap0 - 服务器VPN网卡借口 ( 10.8.0.1 )
VPN客户端IP: 10.8.0.2
要求:VPN客户端通过OPENVPN GUI软件连接到VPN服务器,然后通过NAT连接到外网,并对客户端进行流量限制.
*** 启动NAT
iptables -t nat -A PREROUTING -d 66.77.88.99 -j DNAT --to 10.8.0.2
iptables -t nat -A POSTROUTING -s 10.8.0.2 -o eth0 -j SNAT --to-source 66.77.88.99
*** 限制VPN客户下载速度为256Kbit/s
tc qdisc add dev tap0 root handle 1: htb default 10
tc class add dev tap0 parent 1: classid 1:1 htb rate 256kbit burst 10k
tc filter add dev tap0 parent 1: protocol ip prio 16 u32 match ip dst 10.8.0.2 flowid 1:1
*** 限制VPN客户上载速度为128Kbit/s
tc qdisc add dev eth0 root handle 2: htb default 10
tc class add dev eth0 parent 2: classid 2:1 htb rate 128kbit burst 10k
tc filter add dev eth0 parent 2: protocol ip prio 16 handle 1 fw flowid 2:1
iptables -t mangle -A PREROUTING -i tap0 -s 10.8.0.2 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i tap0 -s 10.8.0.2 -j RETURN
相关阅读 更多 +
