crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

qos pour le vlan radin

Browse source 
darcs-hash:20080909235709-af139-1ac09c4a975546fcb8a06499139f9ac5927466e5.gz
This commit is contained in:
Jeremie Dimino 2008-09-10 01:57:09 +02:00
parent bb146029a0
commit 0109427ab8
2 changed files with 16 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

20
gestion/gen_confs/firewall.py
View file

@ -35,7 +35,7 @@ from ldap_crans import AssociationCrans, Machine, MachineWifi
from affich_tools import *
from commands import getstatusoutput
from iptools import AddrInNet, NetSubnets, IpSubnet
from config import NETs, mac_komaz, mac_wifi, mac_titanic, conf_fw, p2p
from config import NETs, mac_komaz, mac_wifi, mac_titanic, conf_fw, p2p, vlans, debit_max_radin
syslog.openlog('firewall')
debug = 1
@ -1181,13 +1181,19 @@ class firewall_sable(firewall_rouge):
"-j MARK --set-mark %s" % conf_fw.mark['proxy'])
iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
# Proxy transparent sur le vlan accueil
iptables("-t nat -i eth0.7 -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128")
iptables("-t nat -i eth0.7 -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT")
if_radin = "eth0.%d" % vlans["radin"]
if_accueil = "eth0.%d" % vlans["accueil"]
# Proxy transparent sur le vlan radin
iptables("-t nat -i eth0.6 -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.42.0.1:3128")
iptables("-t nat -i eth0.6 -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT")
# Proxy transparent pour les vlans radin et accueil
for interface in [if_radin, if_accueil]:
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128" % interface)
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT" % interface)
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface)
# Limite de débit sur le vlan radin
tc("qdisc del dev %s root" % if_radin)
tc("qdisc add dev %s root htb" % if_radin)
tc("class add dev %s root htb rate %d ceil %d" % (if_radin, debit_max_radin, debit_max_radin))
def nat_table(self):
firewall_rouge.nat_table(self)