TP2010

From Frotmail Projects
Jump to navigation Jump to search

Info

  • Proxy: Squid
    • Let op FD's (file descriptors)
    • WCCP
      • Squid in transparent mode, iptables redirect poort
  • Shaping op cisco
Eerst definities:
 class-map match-all HTTP
   match protocol http
 class-map match-any HighPrio
   match packet length max 384
   match protocol icmp
Dan Policy
 policy-map blaa
  class HTTP
   shape average 10000000
En dan toepassen
 interface fa0/0
  service out blaa


          [  INET  ]
              |
        ______|_______
       |  Cisco 2811  |
       |______________|
              |
       _______|_______
      |  Cisco 3750   |
      |_______________|
         |  |  |  |
         |  |  |  |
     ____|__|__|__|_____             ___
   _|                   |_          /_ /|
  |          LAN          |--------|  | |  <-- Squid
  |_                     _|        |  | |
    |___________________|          |__|/
         |                     ___
         |____________________|___| <-- Client
                             /___/

Testconfig (v1)

class-map match-all HTTP
 match protocol http
class-map match-all Prio
class-map match-any SSH
 match protocol ssh
class-map match-all High
 match class-map SSH
class-map match-any HTTPS
 match access-group name HTTPS
class-map match-any Normal
 match class-map HTTP
 match class-map HTTPS
class-map match-any Prios
 match class-map Normal
 match class-map High
class-map match-all Downstream
 match class-map Prios
class-map match-all Web
 match class-map HTTP
 match class-map HTTPS
class-map match-all Low
!
!
policy-map Prio
policy-map High
 class SSH
policy-map Normal
 class HTTP
  police rate percent 70
    violate-action drop
 class HTTPS
policy-map Prios
 class Normal
  bandwidth percent 70
  service-policy Normal
 class High
  bandwidth percent 30
  service-policy High
policy-map Downstream
 class Downstream
  shape average 1000000
  service-policy Prios
 class class-default
  shape average 100000
policy-map Low
!
interface FastEthernet0
 ip address 192.168.38.249 255.255.255.0
 ip broadcast-address 0.0.0.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Vlan1
 ip address 10.9.0.1 255.255.255.0
 ip broadcast-address 0.0.0.0
 ip nat inside
 ip virtual-reassembly
 service-policy output Downstream
!
ip route 0.0.0.0 0.0.0.0 192.168.38.1
!
ip access-list extended HTTP
 permit tcp any any eq www
ip access-list extended HTTPS
 permit tcp any any eq 443
ip access-list extended Mail
 permit tcp any any eq pop3
 permit tcp any any eq 143
 permit tcp any any eq 993
 permit tcp any any eq 995
 permit tcp any any eq smtp
!

testconfig (v5)

Wanneer verkeer is binnen gekomen heeft het geen nut meer om te shapen. De queue van de provider zit dan al vol. De clue zit hem dus in het upstream shapen (upload naar je ISP) zodat je de eigen queue kan beheren. (WAN-out-shape)

Downstream kunnen we wel policen om zo de TCP sessies te remmen. (WAN-in-police)

Services

ACL

Opmerkingen:
FTP, ipsec, pptp en l2tp: op nbar laten staan?
BIJWERKEN

Gaming

WoW

TCP: 3724, 6112, 6881-6999
Game: TCP 1119 & 3724
Voice: UDP 3724
Downloader (updates): TCP 6112 & 6881-6999

Steam

Steam Client
   * UDP 27000 to 27015 inclusive (Game client traffic)
   * UDP 27015 to 27030 inclusive (Typically Matchmaking and HLTV)
   * TCP 27014 to 27050 inclusive (Steam downloads)
   * UDP 4380
Dedicated or Listen Servers
   * TCP 27015 (SRCDS Rcon port)
Steamworks P2P Networking and Steam Voice Chat
   * UDP 3478 (Outbound)
   * UDP 4379 (Outbound)
   * UDP 4380 (Outbound)
Additional Ports for Call of Duty: Modern Warfare 2 Multiplayer
   * UDP 1500 (outbound)
   * UDP 3005 (outbound)
   * UDP 3101 (outbound)
   * UDP 28960

IM

MSN

Sign in to the Messenger service      TCP 80, 443, 1863
Network Detection                     TCP 7001
                                      UDP 9, 7001
Audio                                 TCP 80, 443, 1863
                                      TCP/UDP 30000 - 65535
Audio (Legacy)                        UDP 5004 – 65535
Webcam and Video Conversations        TCP 80
                                      TCP/UDP 5000 - 65535
File Transfer                         TCP 443, 1863
                                      TCP/UDP 1025 - 65535
File Transfer (Legacy)                TCP 6891 - 6900
Sharing Folders                       TCP 1863
                                      TCP/UDP 1025 – 65535
Whiteboard and Application Sharing    TCP 1503
Remote Assistance                     TCP 3389
                                      TCP/UDP 49152 – 65535
Windows Live Call                     TCP 443, 5061
                                      UDP 5004 - 65525
Games                                 TCP 80, 443, 1863
                                      TCP/UDP 1025 - 65535

Skype

Niet mogelijk vast te stellen?

IRC

TCP 6667

ICQ

TCP 5190

Blocked

Torrent

Op basis van headers?
Is het nodig om dit te blokkeren als we inbound connecties niet door laten?

NNTP

TCP 119

Analyse

DNS

 IPTraf
┌ Packet Distribution by Size ─────────────────────────────────────────────────┐
│                                                                              │
│ Packet size brackets for interface eth0                                      │
│                                                                              │
│                                                                              │
│ Packet Size (bytes)      Count     Packet Size (bytes)     Count             │
│     1 to   75:            6118      751 to  825:               0             │
│    76 to  150:            6710      826 to  900:               0             │
│   151 to  225:             900      901 to  975:               0             │
│   226 to  300:             329      976 to 1050:               0             │
│   301 to  375:             130     1051 to 1125:               1             │
│   376 to  450:             154     1126 to 1200:               0             │
│   451 to  525:             101     1201 to 1275:               0             │
│   526 to  600:              42     1276 to 1350:               0             │
│   601 to  675:               4     1351 to 1425:               0             │
│   676 to  750:               0     1426 to 1500+:              2             │
│                                                                              │
│                                                                              │
│ Interface MTU is 1500 bytes, not counting the data-link header               │
│ Maximum packet size is the MTU plus the data-link header length              │
│ Packet size computations include data-link headers, if any                   │
└ Elapsed time:   0:05 ────────────────────────────────────────────────────────┘

SSH

 Proto/Port ───────── Pkts ─── Bytes ── PktsTo ─ BytesTo  PktsFrom BytesFrom ─
 TCP/22                621     87044       311     16220       310     70824  
Sent: 621 p -> 87044 bytes = 140 bytes pp
Received: 310 p -> 70824 bytes = 228 bytes pp