|
Limitarea vitezei unei anumite conexiuni se poate face foarte ushor in MacOS X. Zilele trecuta am avut nevoie de asha ceva pentru ca dadusem un upload mare la flickr care perturba destul de neplacut restul legaturilor.
Primul pas: gasirea IP-ului care trebuie limitat.
alexandra:~ raz$ lsof -i tcp -P -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
...
iPhoto 25979 raz 20u IPv4 0x03aed7e4 0t0 TCP 192.168.4.11:53133->68.142.214.24:80 (ESTABLISHED)
...
alexandra:~ raz$
Urmatorul pas e inspectatul listei de reguli de filtrare:
alexandra:~ raz$ sudo ipfw -at list
02000 737703 65999581 Sun Nov 26 00:11:57 2006 allow ip from any to any via lo*
02010 0 0 deny ip from 127.0.0.0/8 to any in
02020 0 0 deny ip from any to 127.0.0.0/8 in
02030 0 0 deny ip from 224.0.0.0/3 to any in
02040 0 0 deny tcp from any to 224.0.0.0/3 in
02050 1611762 571826403 Sun Nov 26 00:11:57 2006 allow tcp from any to any out
02060 4573890 5814225410 Sun Nov 26 00:11:57 2006 allow tcp from any to any established
02070 0 0 allow tcp from any to any dst-port 3283 in
02080 0 0 allow tcp from any to any dst-port 5900 in
02090 5 300 Fri Nov 24 18:00:13 2006 allow tcp from any to any dst-port 22 in
02100 0 0 allow tcp from any to any dst-port 9001 in
02110 2 128 Tue Nov 21 22:43:07 2006 allow tcp from any to any dst-port 548 in
02120 0 0 allow tcp from any to any dst-port 427 in
02130 0 0 allow tcp from any to any dst-port 80 in
02140 0 0 allow tcp from any to any dst-port 427 in
02150 0 0 allow tcp from any to any dst-port 443 in
12190 6 360 Fri Nov 24 02:40:42 2006 deny tcp from any to any
65535 1613689 168518942 Sun Nov 26 00:11:42 2006 allow ip from any to any
alexandra:~ raz$
Dupa cum se poate ushor vedea regula 02050 da voie tot traficului outbound sa treaca. Pentru a putea face shaping-ul trebuie ca regula noastra sa stea inainte.
alexandra:~ raz$ sudo ipfw add 02041 pipe 1 ip from any to www.flickr.vip.mud.yahoo.com out
02041 pipe 1 ip from any to 68.142.214.24 out
alexandra:~ raz$
Urmeaza apoi configurarea pipe-ului:
alexandra:~ raz$ sudo ipfw pipe 1 config bw 200kbit/s queue 10kbytes
alexandra:~ raz$
In final rezultatul arata cam asha:
alexandra:~ raz$ sudo ipfw -a list
02000 739192 66178995 allow ip from any to any via lo*
02010 0 0 deny ip from 127.0.0.0/8 to any in
02020 0 0 deny ip from any to 127.0.0.0/8 in
02030 0 0 deny ip from 224.0.0.0/3 to any in
02040 0 0 deny tcp from any to 224.0.0.0/3 in
02041 673 995125 pipe 1 ip from any to 68.142.214.24 out
02050 1633799 603670369 allow tcp from any to any out
02060 4585980 5815034499 allow tcp from any to any established
02070 0 0 allow tcp from any to any dst-port 3283 in
02080 0 0 allow tcp from any to any dst-port 5900 in
02090 5 300 allow tcp from any to any dst-port 22 in
02100 0 0 allow tcp from any to any dst-port 9001 in
02110 2 128 allow tcp from any to any dst-port 548 in
02120 0 0 allow tcp from any to any dst-port 427 in
02130 0 0 allow tcp from any to any dst-port 80 in
02140 0 0 allow tcp from any to any dst-port 427 in
02150 0 0 allow tcp from any to any dst-port 443 in
12190 6 360 deny tcp from any to any
65535 1613721 168521663 allow ip from any to any
alexandra:~ raz$
That’s all. :P
Lectura suplimentara: man ipfw.
|