Shulou(Shulou.com)06/01 Report--

This chapter focuses on how to mark connections and packets, which can be used to make queue Queue calls.

So how to do package tagging, let's first understand our own requirements.

1. Mark DNS connections and packages (bidirectional)

two。 Mark all connections to our 192.168.11.0 Universe 24 network segment (bidirectional)

1. Operation procedure:

1. Mark DNS upload connection

So at this time, we first open mangle, click create a rule, and chain selects Prerouting.

Use a tag to connect in the action, mark the connection as DNS_U_conn, and add a comment as "DNS upload chain"

At this point, we have completed the connection tag for dialing PPPOE requests to the intranet to send DNS requests.

two。 Change DNS upload connection tag to package tag

Click add, and then create a rule. Chain chooses Prerouting

Marked as a package tag in the action. Mark it as DNS_U_P and add a comment as "DNS upload package"!

After the upload packet marking is completed, we need to remove the matching passthrough and save CPU resources.

At this point, we have completed the operation of the uploaded DNS connection tag and package tag.

3. Mark the DNS download connection.

Create a new Mangle connection, and select forward this time

Use a tag to connect in the action, mark the connection as DNS_D_conn, and add a comment as "DNS download chain"

4. Change DNS upload connection tag to package tag

Create a new mangle connection

Marked as a package tag in the action. Mark it as DNS_D_P and add a comment as "DNS download package"!

Mark all connections

Follow the actions above to create four more mangle rules

Upload connection is marked as ALL_U_conn, and continue to match

The upload package is marked as ALL_U_P. Remove it and continue to match.

Download connection is marked as ALL_D_conn, keep matching

Download the package marked as ALL_D_P. Remove it and continue to match.

Questions and answers:

1 use prerouting for upload and forward for download. Why?

Because when uploading, you need to go through the gateway NAT to form a mapping table. Download directly through the NAT mapping table to send back data, take the highway, do not need to go through the gateway!

two。 In this case, does it not limit the speed of Ether4 when calling QUEUE queue processing?

Yes, so we can hang Ether4 on a Bridge interface without limiting the speed of Ether4. This example is just for a demonstration of connection marking and package marking.

、

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.