[LARTC] HTB and bridge...

[zain arrifa'i]

does anyone know about HTB shaping in a bridging
machine?
I currently run my shaper box as bridge and something
is going strange, such as a class cannot send at rate
it supposed to.
I mean if anyone know something about bridging and its
htb shaping behavior.
thanks in advance.

__
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Re: LARTC digest, Vol 1 #730 - 3 msgs

[mikep02]

I will be out of the office from 8/19 until 8/23.  I will be returning on Monday
afternoon, 8/26, and will reply then.

Thank you,

Michael Pellegrino
Softerware, Inc.

___
Subject: LARTC digest, Vol 1 #730 - 3 msgs
From: [EMAIL PROTECTED]
Date: 08/21/02 01:27:45

Send LARTC mailing list submissions to
[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.ds9a.nl/mailman/listinfo/lartc
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of LARTC digest..."


Today's Topics:

   1. iproute and iptables (James Ma)
   2. Re: iproute and iptables (Thilo Schulz)
   3. Re: HTB equivalent for 'bounded' and 'isolated' in CBQ (Amit Kucheria)

--__--__--

Message: 1
From: "James Ma" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Date: Tue, 20 Aug 2002 18:21:52 -0400
Subject: [LARTC] iproute and iptables

This is a multi-part message in MIME format.

--=_NextPart_000_0099_01C24876.7518DE20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear all,

I am newbie. However, I tried iptables recently and succeeded. I don't =
understand the relationship between iptables and iproute2, is iproute =
used to replace iptables?

Thanks,

James

--=_NextPart_000_0099_01C24876.7518DE20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








Dear all,
 
I am newbie. However, I tried iptables =
recently and=20
succeeded. I don't understand the relationship between iptables and =
iproute2, is=20
iproute used to replace iptables?
 
Thanks,
 
James

--=_NextPart_000_0099_01C24876.7518DE20--


--__--__--

Message: 2
From: Thilo Schulz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: [LARTC] iproute and iptables
Date: Wed, 21 Aug 2002 00:26:43 +0200

Am Mittwoch, 21. August 2002 00:21 schrieb James Ma:
> Dear all,
>
> I am newbie. However, I tried iptables recently and succeeded. I don't
> understand the relationship between iptables and iproute2, is iproute u=
sed
> to replace iptables?

No. The iproute2 utilities allow to set various things, such as ip addres=
ses,=20
routing entries or the traffic shaper.
The iptables tool is responsible for the firewall and the rules in there =
- as=20
well as some packet mangling and network address translation. You can com=
bine=20
both tools with the -j MARK directive .. rtfm ;-)

 - Thilo Schulz

--__--__--

Message: 3
Date: Tue, 20 Aug 2002 22:32:13 -0500 (CDT)
From: Amit Kucheria <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [LARTC] HTB equivalent for 'bounded' and 'isolated' in CBQ

On Fri, 16 Aug 2002, Stef Coene wrote:

>> The 'ceil' parameter allows us to implement a part of the 'isolated'
>> definition above. By setting it equal to 'rate', the class does not
>> borrow bandwidth, but what will stop other classes from borrowing its
>> unused bandwidth?
>
> Providing no ceil parameter means rate = ceil.  But this can not be
> used to implement isolated like in cbq. Rate = ceil means the class
> can not use more bandwidth then it's rate. Isolated in cbq means other
> classes can not borrow bandwidth from the class and that's not the
> same.  There is no way you can implement isolated with htb.
>
> But with htb you can do something like this :
>
> Total : 100
> class1   rate 20   ceil 20
> class2   rate 40   ceil 80
> class3   rate 40   ceil 80
>
> class 1 is isolated like in cbq. It can not use more then it's
> rate/ceil and class2 and class3 will never use bandwidth from class1,
> only from each other. Just like the definition of isolated :)

What happens when there is no traffic in class 1? Will class 2 and 3 
share class 1's bandwidth then?

The reason I am asking these questions is because I am trying to see if 
HTB can be used in place of CBQ in Diffserv. Has anybody tried something 
like this?

Regards,
Amit

-- 
I'm an angel!!! Honest!
The horns are just there to hold the halo up straight.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
  Amit Kucheria
  EECS Grad. Research Assistant
 University of Kansas @ Lawrence
   (R): +1-785-830-8521 ||| (C): +1-785-760-2871




--__--__--

___
LARTC mailing list
[EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc


End of LARTC Digest


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB equivalent for 'bounded' and 'isolated' in CBQ

[Amit Kucheria]

On Fri, 16 Aug 2002, Stef Coene wrote:

>> The 'ceil' parameter allows us to implement a part of the 'isolated'
>> definition above. By setting it equal to 'rate', the class does not
>> borrow bandwidth, but what will stop other classes from borrowing its
>> unused bandwidth?
>
> Providing no ceil parameter means rate = ceil.  But this can not be
> used to implement isolated like in cbq. Rate = ceil means the class
> can not use more bandwidth then it's rate. Isolated in cbq means other
> classes can not borrow bandwidth from the class and that's not the
> same.  There is no way you can implement isolated with htb.
>
> But with htb you can do something like this :
>
> Total : 100
> class1   rate 20   ceil 20
> class2   rate 40   ceil 80
> class3   rate 40   ceil 80
>
> class 1 is isolated like in cbq. It can not use more then it's
> rate/ceil and class2 and class3 will never use bandwidth from class1,
> only from each other. Just like the definition of isolated :)

What happens when there is no traffic in class 1? Will class 2 and 3 
share class 1's bandwidth then?

The reason I am asking these questions is because I am trying to see if 
HTB can be used in place of CBQ in Diffserv. Has anybody tried something 
like this?

Regards,
Amit

-- 
I'm an angel!!! Honest!
The horns are just there to hold the halo up straight.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
  Amit Kucheria
  EECS Grad. Research Assistant
 University of Kansas @ Lawrence
   (R): +1-785-830-8521 ||| (C): +1-785-760-2871


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] iproute and iptables

[Thilo Schulz]

Am Mittwoch, 21. August 2002 00:21 schrieb James Ma:
> Dear all,
>
> I am newbie. However, I tried iptables recently and succeeded. I don't
> understand the relationship between iptables and iproute2, is iproute used
> to replace iptables?

No. The iproute2 utilities allow to set various things, such as ip addresses, 
routing entries or the traffic shaper.
The iptables tool is responsible for the firewall and the rules in there - as 
well as some packet mangling and network address translation. You can combine 
both tools with the -j MARK directive .. rtfm ;-)

 - Thilo Schulz
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] iproute and iptables

[James Ma]

Dear all,
 
I am newbie. However, I tried iptables recently and 
succeeded. I don't understand the relationship between iptables and iproute2, is 
iproute used to replace iptables?
 
Thanks,
 
James

[LARTC] Re: LARTC digest, Vol 1 #728 - 11 msgs

[mikep02]

Text Item
Description: Binary data

I will be out of the office from 8/19 until 8/23.  I will be returning on Monday
afternoon, 8/26, and will reply then.

Thank you,

Michael Pellegrino
Softerware, Inc.

___
Subject: LARTC digest, Vol 1 #728 - 11 msgs
From: [EMAIL PROTECTED]
Date: 08/20/02 18:25:03

This item was automatically created and contains MIME Information.

Re: [LARTC] uplink with multiple lines

[Julian Anastasov]

Hello,

On Tue, 20 Aug 2002, Calvin Dodge wrote:

> Two of the modems _do_ have private IP addresses (192.168.x.1) - could
> that be confusing the kernel? If so, do I need to get public IP
> addresses for those modems?

AFAIK, there is not flag "public" for the IP addresses in
Linux, at least, not in IPv4. The kernel does not know anything
about private/reserved IP ranges.

> Do I HAVE to create a patched kernel (ala Anastasov)?

May be not. But you can try to understand the settings
provided in the docs. The essential thing to understand is how
the ip rules and routes are ordered, how the NAT uses the
routing, why the NAT in plain kernels sometimes breaks with
multipath routes, what kind of nexthops the kernel can live
with, can you live without dead gateway detection, if not, how
it works (in kernel? help from user space?), etc.

> May I post the script I used to try this out?

Or if possible to provide reference to it after the 5th
reading of all docs :)

> Thanks, folks!
>
> Calvin Dodge
> Certified Linux Bigot (tm)
> http://www.caldodge.fpcc.net

Regards

--
Julian Anastasov <[EMAIL PROTECTED]>

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Multi Routing Problem.

[Julian Anastasov]

Hello,

On Mon, 19 Aug 2002, Arindam Haldar wrote:

> & applied julian's patch to kernel 2.4.19 & have gone thru the docs at
> the site... i have defined basically 3 groups for clients--> cache,
> cisco, balance.. the name specifies the importance.. this is the details
> of what i did-->

Carefully analyze the docs...

> [root@Lr1 root]# ip rule ls
> 0:  from all lookup local

# direct communications are first priority
ip rule add prio 5 table main

> 10: from EXTnA.124/25 lookup ONE
> 20: from EXTnB.106/26 lookup TWO
> 100:from 192.168.1.10 lookup CACHE
> 101:from 192.168.1.20 lookup CISCO
> 150:from 192.168.1.30 lookup BALANCE
> 200:from all lookup ME
> 32766:  from all lookup main
> 32767:  from all lookup 253

> BUT am **NOT** able to surf at all from internal network... not even
> able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while
> FORWARD is DROP..

First try with all ACCEPT.

> whats missing there ?.. after trying all day i want guidance now...
> awaiting a reply very anxiously

Your setup is a bit strange: internal hosts use some gateways,
the external addresses use different gateways. The problem is that
if you are using NAT and for example 192.168.1.10 is SNAT-ed the
packet will leave with new saddr (the masquerade address). Looking
in your rules there is different gateway for the masquerade
address. This can't work. The current framework requires that:

- if one internal IP is masqueraded to a specific address, you
need the 2 routes to be similar, i.e.:

from INT_IP to TARGET
and
from MASQ_IP to TARGET

to use same gateway and device. This is even mandatory for the
patches. Currently, the first packet for one connection is routed
via the route "from INT_IP to TARGET", the SNAT rules assign
masquerade address at postrouting and then all next packets are
routed via the 2nd route - 1 route per forwarded packet. It is a
bit strange these two routes to use different gateways. Do you
have a good reason for this?

Also note that rules in the form "from 0/0 to ANY_TARGET"
where ANY_TARGET can be any subnet including 0/0 are used for
source address autoselection - the resulting preferred source IP
is used as saddr. It is not used only as "default" rule. So,
playing tricks with different gateways is not possible. The
setup is ambiguous if NAT is involved.

> A.H

Regards

--
Julian Anastasov <[EMAIL PROTECTED]>

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] FreeSWAN and IPROUTE2

[Isamp]

Hi People !!!

I'm a newbie in this list and in this concepts.
Please, I need help to learn more about routing tools on Linux and its interaction 
with FreeSWAN and IPTables.

I just read the "Fun with iproute2 and FreeS/WAN" 
(www.quintilion.com/moat/ipsec+routing/iproute2.html, 
very, very, very good text) document but, I need more !!!

On my project, I'm tinking in a lot of linux boxes with 2 or more uplinks, like this:

 Frame Relay uplink
  /--\
 /\
|+-+/  \+-+|
++Linux Box|---==---|Linux Box|+
|+-+\   IPSEC with /+-+|
 \  FreeS/WAN /
  \  /
   \/
\--+POTS+--/
   Dial on Demand

On my tests, when the tunnel is downed, the routing table is updated but, if the 
tunnel broke, 
the kernel routing table persists with routes added by freeSWAN.

I'm thinking to use OSPF (Zebra or BIRD): on this protocol we have the 'helo' packets 
to determine
the current state of links but, ipsec interface is not a multicast interface !
Reading "Linux Advanced Routing & Traffic Control HOWTO" (http://lartc.org/howto/,
very good document too), in chapter 5.3 we can read 

"GRE is a tunneling protocol that was originally developed by Cisco, and it can do 
a few more things than IP-in-IP tunneling. For example, you can also transport 
multicast traffic and IPv6 through a GRE tunnel.".

So, What I use ? Ipsec tunnels from FreeS/WAN or GRE Tunnels ? Both ? How ?
The traffic over GRE Tunnel are encripted ? How ?

I'm tinking to use the OSPF protocol (Zebra) do make a load balance between FrameRelay 
and
ipsec interfaces but, in same HOWTO ("Fun...") I see the new possibilitie with 
iproute2.
What is better ?

Someone have interest in this solution ? Someone can help me ?

Tanks in Advance .



Isamp


ps.: sorry for my poor english !!!

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] bug in sfq fairness

[EGAL Vincent]

hi,
I found a strange behavior with SFQ qdisc when several TCP flows start
at the same time:  despite having different hash values , they have
a good chances to fall in the same slot which implies no more fairness
than a simple FIFO.
This is due to the fact that the hash table for a flow is not cleared
after dequeuing a slot whith a single packet in queue and so the same slot
might be shared without hash colisions.
proposed patch :
--- kernel/linux-2.4.18/net/sched/sch_sfq.c
Tue May  7 16:22:23 2002
+++ sch_sfq.c   Tue Aug 20 18:07:03 2002
@@ -343,6 +343,7 @@
    if (q->qs[a].qlen == 0)
{
   
a = q->next[a];
   
if (a == old_a) {
+  
q->ht[q->hash[a]] = SFQ_DEPTH;
   
q->tail = SFQ_DEPTH;
   
return skb;
   
}
any comments ?
-- 
Vincent EGAL
Email : [EMAIL PROTECTED]

 

Re: [LARTC] Limit bandwidth for ipsec vpns

[Emmanuel Lacour]

On Mon, Aug 19, 2002 at 02:28:34PM -0400, Michael T. Babcock wrote:
> On Mon, Aug 19, 2002 at 07:01:32PM +0200, Stef Coene wrote:
> > > Is there anyone having an idea on how to limit bandwidth on a linux gw
> > > doing vpns with freeswan, I.E. for a 1Mbit line with 1 ipsec tunnel on
> > > interface ppp0, limiting vpn traffic (esp) to 512kbit and internet
> > > traffic (non vpn) to 512kbit.
> > More info about shaping can be found on www.lartc.org.  And I have some extra 
> > information on www.docum.org.
> > 
> > You have to add a cbq or htb qdisc to your interfaces and create 2 classes.  
> > One for vpn traffic and one for non vpn traffic.  I hope that you use fixed 
> > ports for the vpn traffic so you can use the dst/src port as a filter key.  
> > You can share the same 1mbit or you can limit each class to 512kbit.
> 
> If FreeS/WAN is used, adding a pair of classes to the external interface
> for 'normal' and 'VPN' traffic should suffice.  VPN traffic is identifiable
> as traffic over UDP port 500 and protocols 50 or 51, although you may wish
> to give them their own class with high priority as they do key exchanges.


Thanks, I tried with marking packet with netfilter, but here is one of
my pbms, I can mark esp proto but not non-esp proto:

# This works
# Marking outgoing vpn packets
iptables -t mangle -A OUTPUT -o $IFEXT -p esp -j MARK --set-mark 29
iptables -t mangle -A OUTPUT -o $IFEXT -p udp --dport 500 -j MARK
--set-mark 29

# This doesn't works!!
# Marking outgoing non-vpn packets 
iptables -t mangle -A OUTPUT -o $IFEXT -p ! esp -j MARK --set-mark 39

Any Idea??

> 
> If you gave each 512kbps, then add a root class to ipsec0 of 512kbps and
> work from there on it.
> -- 
> Michael T. Babcock
> CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc)
> http://www.fibrespeed.net/~mbabcock/
> ___
> LARTC mailing list / [EMAIL PROTECTED]
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

-- 
Easter-eggsSpécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76
mailto:[EMAIL PROTECTED]   -http://www.easter-eggs.com
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Multi Routing Problem

[Arindam Haldar]

hi all,
i am trying to do some advance routing for our clients on a multi route 
platform !.. at present am trying on a test bed.. i followed the example 
& applied julian's patch to kernel 2.4.19 & have gone thru the docs at 
the site... i have defined basically 3 groups for clients--> cache, 
cisco, balance.. the name specifies the importance.. this is the details 
of what i did-->
[root@Lr1 root]# ip rule ls
0:  from all lookup local
10: from EXTnA.124/25 lookup ONE
20: from EXTnB.106/26 lookup TWO
100:from 192.168.1.10 lookup CACHE
101:from 192.168.1.20 lookup CISCO
150:from 192.168.1.30 lookup BALANCE
200:from all lookup ME
32766:  from all lookup main
32767:  from all lookup 253

[root@Lr1 root]# ip route ls ta ONE
default via EXtnA.1 dev eth1  src EXTnA.124
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta TWO
default via EXTnB.70 dev eth0  src EXTnB.106
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta CACHE
default via EXTnA.1 dev eth1
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta CISCO
default via EXTnB.70 dev eth0
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta BALANCE
default
 nexthop via EXTnB.70  dev eth0 weight 1
 nexthop via EXTnA.1  dev eth1 weight 1
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta ME
default
 nexthop via EXTnA.1  dev eth1 weight 1
 nexthop via EXTnB.70  dev eth0 weight 1
prohibit default  proto static  metric 1
[root@Lr1 root]# ip addr ls
1: lo:  mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff
 inet EXTnB.106/26 brd EXTnB.127 scope global eth0
3: eth1:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff
 inet EXTnA.124/25 brd EXTnA.127 scope global eth1
4: eth2:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2
[root@Lr1 root]# ip route ls
203.163.146.64/26 dev eth0  scope link
203.163.149.0/25 dev eth1  scope link
192.168.0.0/16 dev eth2  proto kernel  scope link  src 192.168.0.1
127.0.0.0/8 dev lo  scope link

here ONE & TWO are the two external links.. ME is used for local server 
DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the 
clients ip's must follow.. i have enabled ip_forward .. & iptables rules 
are also specified correct .. i.e according to the ip..
BUT am **NOT** able to surf at all from internal network... not even 
able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while 
FORWARD is DROP..
whats missing there ?.. after trying all day i want guidance now...
awaiting a reply very anxiously
A.H


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] unsubscribe

[Alexander Bergal]

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Multi Routing Problem

[Arindam Haldar]

hi all,
i am trying to do some advance routing for our clients on a multi route 
platform !.. at present am trying on a test bed.. i followed the example 
& applied julian's patch to kernel 2.4.19 & have gone thru the docs at 
the site... i have defined basically 3 groups for clients--> cache, 
cisco, balance.. the name specifies the importance.. this is the details 
of what i did-->
[root@Lr1 root]# ip rule ls
0:  from all lookup local
10: from EXTnA.124/25 lookup ONE
20: from EXTnB.106/26 lookup TWO
100:from 192.168.1.10 lookup CACHE
101:from 192.168.1.20 lookup CISCO
150:from 192.168.1.30 lookup BALANCE
200:from all lookup ME
32766:  from all lookup main
32767:  from all lookup 253

[root@Lr1 root]# ip route ls ta ONE
default via EXtnA.1 dev eth1  src EXTnA.124
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta TWO
default via EXTnB.70 dev eth0  src EXTnB.106
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta CACHE
default via EXTnA.1 dev eth1
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta CISCO
default via EXTnB.70 dev eth0
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta BALANCE
default
 nexthop via EXTnB.70  dev eth0 weight 1
 nexthop via EXTnA.1  dev eth1 weight 1
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta ME
default
 nexthop via EXTnA.1  dev eth1 weight 1
 nexthop via EXTnB.70  dev eth0 weight 1
prohibit default  proto static  metric 1
[root@Lr1 root]# ip addr ls
1: lo:  mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff
 inet EXTnB.106/26 brd EXTnB.127 scope global eth0
3: eth1:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff
 inet EXTnA.124/25 brd EXTnA.127 scope global eth1
4: eth2:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2
[root@Lr1 root]# ip route ls
203.163.146.64/26 dev eth0  scope link
203.163.149.0/25 dev eth1  scope link
192.168.0.0/16 dev eth2  proto kernel  scope link  src 192.168.0.1
127.0.0.0/8 dev lo  scope link

here ONE & TWO are the two external links.. ME is used for local server 
DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the 
clients ip's must follow.. i have enabled ip_forward .. & iptables rules 
are also specified correct .. i.e according to the ip..
BUT am **NOT** able to surf at all from internal network... not even 
able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while 
FORWARD is DROP..
whats missing there ?.. after trying all day i want guidance now...
awaiting a reply very anxiously
A.H


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] uplink with multiple lines

[Calvin Dodge]

I've been trying - without success - to aggregate the bandwidth of 3 DSL modems
using the instructions in the HowTo (sections 4.2.1 and 4.2.2).

I _believe_ I'm following the instructions to the letter, but when I add the last 
command (the "ip route" with "nexthop") then nothing goes out through the modems.

Each modem works when I add a single default gateway pointing to it, so I don't 
believe the modems are the problem.   

Two of the modems _do_ have private IP addresses (192.168.x.1) - could that be 
confusing the kernel? If so, do I need to get public IP addresses for those modems?

Do I HAVE to create a patched kernel (ala Anastasov)?

May I post the script I used to try this out?

Thanks, folks!

Calvin Dodge
Certified Linux Bigot (tm)
http://www.caldodge.fpcc.net
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] unsubscribe

[Alexander Bergal]

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Multi Routing Problem.

[Arindam Haldar]

hi all,
i am trying to do some advance routing for our clients on a multi route 
platform !.. at present am trying on a test bed.. i followed the example 
& applied julian's patch to kernel 2.4.19 & have gone thru the docs at 
the site... i have defined basically 3 groups for clients--> cache, 
cisco, balance.. the name specifies the importance.. this is the details 
of what i did-->
[root@Lr1 root]# ip rule ls
0:  from all lookup local
10: from EXTnA.124/25 lookup ONE
20: from EXTnB.106/26 lookup TWO
100:from 192.168.1.10 lookup CACHE
101:from 192.168.1.20 lookup CISCO
150:from 192.168.1.30 lookup BALANCE
200:from all lookup ME
32766:  from all lookup main
32767:  from all lookup 253

[root@Lr1 root]# ip route ls ta ONE
default via EXtnA.1 dev eth1  src EXTnA.124
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta TWO
default via EXTnB.70 dev eth0  src EXTnB.106
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta CACHE
default via EXTnA.1 dev eth1
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta CISCO
default via EXTnB.70 dev eth0
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta BALANCE
default
 nexthop via EXTnB.70  dev eth0 weight 1
 nexthop via EXTnA.1  dev eth1 weight 1
prohibit default  proto static  metric 1

[root@Lr1 root]# ip route ls ta ME
default
 nexthop via EXTnA.1  dev eth1 weight 1
 nexthop via EXTnB.70  dev eth0 weight 1
prohibit default  proto static  metric 1
[root@Lr1 root]# ip addr ls
1: lo:  mtu 16436 qdisc noqueue
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff
 inet EXTnB.106/26 brd EXTnB.127 scope global eth0
3: eth1:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff
 inet EXTnA.124/25 brd EXTnA.127 scope global eth1
4: eth2:  mtu 1500 qdisc pfifo_fast qlen 100
 link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff
 inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2
[root@Lr1 root]# ip route ls
203.163.146.64/26 dev eth0  scope link
203.163.149.0/25 dev eth1  scope link
192.168.0.0/16 dev eth2  proto kernel  scope link  src 192.168.0.1
127.0.0.0/8 dev lo  scope link

here ONE & TWO are the two external links.. ME is used for local server 
DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the 
clients ip's must follow.. i have enabled ip_forward .. & iptables rules 
are also specified correct .. i.e according to the ip..
BUT am **NOT** able to surf at all from internal network... not even 
able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while 
FORWARD is DROP..
whats missing there ?.. after trying all day i want guidance now...
awaiting a reply very anxiously
A.H

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/