set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
add name="PCQ_Down" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name="PCQ_Up" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name="default-small" kind=pfifo pfifo-limit=2000
/ queue simple
add name="PCQ_Main" target-address=192.168.1.0/24 dst-address=0.0.0.0/0 \
interface=all parent=none direction=both priority=8 queue=PCQ_Up/PCQ_Down limit-at=0/0 \
max-limit=512000/2000000 total-queue=default-small disabled=no
add name="Slow" target-address=192.168.1.0/24 dst-address=0.0.0.0/0 \
interface=all parent=PCQ_Main packet-marks=mark_slow direction=both priority=8 \
queue=PCQ_Up/PCQ_Down limit-at=0/0 max-limit=256000/1250000 total-queue=default-small \
disabled=no
add name="Fast" target-address=192.168.1.0/24 dst-address=0.0.0.0/0 \
interface=all parent=PCQ_Main packet-marks=mark_fast direction=both priority=1 \
queue=PCQ_Up/PCQ_Down limit-at=0/0 max-limit=512000/2000000 total-queue=default-small \
disabled=no
add name="Midd" target-address=192.168.1.0/24 dst-address=0.0.0.0/0 \
interface=all parent=PCQ_Main packet-marks=mark_midd direction=both priority=5 \
queue=PCQ_Up/PCQ_Down limit-at=0/0 max-limit=256000/2000000 total-queue=default-small \
disabled=no
/ ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=mark_slow passthrough=yes comment="Mark All" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="winbox" disabled=no
add chain=prerouting protocol=icmp action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="DNS" disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8139 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment=" " disabled=no
add chain=prerouting protocol=tcp dst-port=7709 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7711 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8601 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=22220-22230 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=8000-8008 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="QQ" disabled=no
add chain=prerouting protocol=udp dst-port=27000-27100 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games CS" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games qq https " disabled=no
add chain=prerouting protocol=tcp dst-port=6020-6100 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games zhengtu" disabled=no
add chain=prerouting protocol=tcp dst-port=9010-9020 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games wendao" disabled=no
add chain=prerouting src-address=192.168.1.0/24 protocol=tcp dst-port=80 src-address-list=!src2 action=add-src-to-address-list address-list=src1 \
address-list-timeout=3s comment="TimeOut1" disabled=no
add chain=prerouting src-address=192.168.1.0/24 protocol=tcp dst-port=80 action=add-src-to-address-list address-list=src2 address-list-timeout=3h \
comment="TimeOut2" disabled=no
add chain=prerouting dst-address=192.168.1.1 protocol=tcp dst-port=9999 action=add-src-to-address-list address-list=handlimit address-list-timeout=1h \
comment=" " disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.gif action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="AutoWeb80" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.jpg action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.htm action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.html action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.asp action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.aspx action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.php action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="" \
disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=.swf action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="" \
disabled=no
add chain=prerouting dst-address-list=web80 aaction=mark-packet new-packet-mark=mark_midd passthrough=yes comment="AutoWeb80" disabled=no
add chain=prerouting src-address-list=web80 add chain=prerouting dst-address-list=web80 action=mark-packet new-packet-mark=mark_midd passthrough=yes comment="" disabled=no
add chain=prerouting dst-address-list=web80 action=mark-packet new-packet-mark=mark_midd passthrough=yes comment="" disabled=no
在六楼的基础上改的,删除了MSIE因为迅雷的标识中好像也有这个,成功后可以在simple Queues中看到浏览网页走的是Midd 下载走的是Slow(对从80端口走的下载软件都有用),顺便说一下我是两根1MADSL,局域网网段是192.168.1.0/24
[ 本帖最后由 jiansuper 于 2008-6-17 15:40 编辑 ] 再加上这个就更OK了
/ ip firewall mangle
add chain=prerouting src-address=10.200.0.0/15 protocol=udp \
src-port=1000-65535 packet-size=800-1500 src-address-list=p2p-udp \
action=mark-packet new-packet-mark=P2PUP passthrough=yes comment="P2P-UDP" \
disabled=no
add chain=prerouting src-address=10.200.0.0/16 protocol=!tcp \
connection-limit=15,32 action=add-src-to-address-list address-list=p2p-udp \
address-list-timeout=30s comment="" disabled=no
add chain=prerouting src-address=10.200.0.0/15 protocol=tcp dst-port=!80 \
packet-size=800-1500 src-address-list=p2p-20 action=mark-packet \
new-packet-mark=P2PUP passthrough=yes comment="P2P-TCP" disabled=no
add chain=prerouting src-address=10.200.0.0/15 protocol=tcp dst-port=!80 \
connection-limit=20,32 packet-size=800-1500 action=add-src-to-address-list \
address-list=p2p-20 address-list-timeout=30s comment="" disabled=no
#注意10.200.0.0/15是我内网源地址,你使用前改成你的源.
/ queue simple
add name="P2P-all" dst-address=0.0.0.0/0 interface=ydwan parent=none \
packet-marks=P2PUP direction=download priority=8 queue=Pcq_UP_C/Pcq_UP_C \
limit-at=64000/64000 max-limit=200000/128000 total-queue=default-small \
disabled=no
#queue=Pcq_UP_C自己建一个PCQ
#interface=ydwan 是ROS出口,我内网全是PPPOE上网,所以只好用出口限制.
#以是只是限制了P2P上传流量,别的限制应该很简单了.
/ ip firewall filter
add chain=forward protocol=udp src-port=10000-65535 \
time=20h-23h,sat,fri,thu,wed,tue,mon,sun src-address-list=p2p-udp \
action=drop comment="P2P-UDP" disabled=no
#再加个drop也很不错
是2兆ADSL
:lol有个问题哦
add chain=prerouting src-address=10.200.0.0/16 protocol=!tcp \connection-limit=15,32 action=add-src-to-address-list address-list=p2p-udp \
address-list-timeout=30s comment="" disabled=no
这句是错误的,非tcp是不可以在connection-limit设置,系统提示错误,,最麻烦就是这里,udp的线程数限制不了 效果不错. 这种做法有误,在做了NAT之后,要先标记连接,然后才能标记数据包。官方的wiki上面说的。。。passthrough=yes:没有理解意思(官方的:忽略这条规则,并继续到下一条),就用默认的,
[ 本帖最后由 wbyz20 于 2008-9-6 10:44 编辑 ] 本帖最后由 dalookda88 于 2009-6-1 02:20 编辑
彻底解决讯雷下载时打开网页慢的问题
我的是2兆ADSL
/ queue simple
add name="PCQ_Main" target-addresses=192.168.0.0/24,10.10.10.0/24 dst-address=0.0.0.0/0 \
interface=all parent=none direction=both priority=8 queue=PCQ_Up/PCQ_Down limit-at=0/0 \
max-limit=512000/2000000 total-queue=default-small disabled=no
add name="Slow" target-addresses=192.168.0.0/24,10.10.10.0/24 dst-address=0.0.0.0/0 \
interface=all parent=PCQ_Main packet-marks=mark_slow direction=both priority=8 \
queue=PCQ_Up/PCQ_Down limit-at=0/0 max-limit=256000/1250000 total-queue=default-small \
disabled=no
add name="Fast" target-addresses=192.168.0.0/24,10.10.10.0/24 dst-address=0.0.0.0/0 \
interface=all parent=PCQ_Main packet-marks=mark_fast direction=both priority=1 \
queue=PCQ_Up/PCQ_Down limit-at=0/0 max-limit=512000/2000000 total-queue=default-small \
disabled=no
add name="Midd" target-addresses=192.168.0.0/24,10.10.10.0/24 dst-address=0.0.0.0/0 \
interface=all parent=PCQ_Main packet-marks=mark_midd direction=both priority=5 \
queue=PCQ_Up/PCQ_Down limit-at=0/0 max-limit=256000/2000000 total-queue=default-small \
disabled=no
/ queue type
set default name="default" kind=pfifo pfifo-limit=50
set ethernet-default name="ethernet-default" kind=pfifo pfifo-limit=50
set wireless-default name="wireless-default" kind=sfq sfq-perturb=5 sfq-allot=1514
set synchronous-default name="synchronous-default" kind=red red-limit=60 red-min-threshold=10 red-max-threshold=50 red-burst=20 red-avg-packet=1000
set hotspot-default name="hotspot-default" kind=sfq sfq-perturb=5 sfq-allot=1514
add name="PCQ_Down" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000
add name="PCQ_Up" kind=pcq pcq-rate=64000 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
add name="default-small" kind=pfifo pfifo-limit=2000
/ ip firewall mangle
add chain=prerouting action=mark-packet new-packet-mark=mark_slow passthrough=yes comment="Mark All" disabled=no
add chain=prerouting protocol=tcp dst-port=8291 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="winbox" disabled=no
add chain=prerouting protocol=icmp action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="DNS" disabled=no
add chain=prerouting protocol=udp dst-port=53 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8139 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment=" " disabled=no
add chain=prerouting protocol=tcp dst-port=7709 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=7711 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=8601 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=tcp dst-port=22220-22230 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="" disabled=no
add chain=prerouting protocol=udp dst-port=8000-8008 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="QQ" disabled=no
add chain=prerouting protocol=udp dst-port=27000-27100 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games CS" disabled=no
add chain=prerouting protocol=tcp dst-port=443 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games qq https " disabled=no
add chain=prerouting protocol=tcp dst-port=6020-6100 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games zhengtu" disabled=no
add chain=prerouting protocol=tcp dst-port=9010-9020 action=mark-packet new-packet-mark=mark_fast passthrough=yes comment="games wendao" disabled=no
......
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=80 src-address-list=!src2 action=add-src-to-address-list address-list=src1 \
address-list-timeout=3s comment="TimeOut1" disabled=no
add chain=prerouting src-address=192.168.0.0/24 protocol=tcp dst-port=80 action=add-src-to-address-list address-list=src2 address-list-timeout=3h \
comment="TimeOut2" disabled=no
add chain=prerouting dst-address=192.168.0.1 protocol=tcp dst-port=9999 action=add-src-to-address-list address-list=handlimit address-list-timeout=1h \
comment=" " disabled=no
add chain=prerouting protocol=tcp dst-port=80 content=MSIE action=add-dst-to-address-list address-list=web80 address-list-timeout=5m comment="AutoWeb80" \
disabled=no
add chain=prerouting dst-address-list=web80 action=mark-packet new-packet-mark=mark_midd passthrough=yes comment="AutoWeb80" disabled=no
你的做法我很喜欢。
本人是菜乌~在Windows 终端程机粘贴你的脚本,结果不行。
我的ros是2.9.27板本的.全是3兆ADSL,5线l负载均衡,客户机全是pppoe拔号。可不可以帮我做脚本。希望帮忙~~ pool1 10.10.10.0/24 网段是192.168.2.0/24 思路很不错 收藏一个,不知道有效吗。 支持!!! 謝謝.分享,先收藏以後再試試.哈哈. 顶个有点道理