[LARTC] HTB and bridge...
does anyone know about HTB shaping in a bridging machine? I currently run my shaper box as bridge and something is going strange, such as a class cannot send at rate it supposed to. I mean if anyone know something about bridging and its htb shaping behavior. thanks in advance. __ Do You Yahoo!? HotJobs - Search Thousands of New Jobs http://www.hotjobs.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Re: LARTC digest, Vol 1 #730 - 3 msgs
I will be out of the office from 8/19 until 8/23. I will be returning on Monday afternoon, 8/26, and will reply then. Thank you, Michael Pellegrino Softerware, Inc. ___ Subject: LARTC digest, Vol 1 #730 - 3 msgs From: [EMAIL PROTECTED] Date: 08/21/02 01:27:45 Send LARTC mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://mailman.ds9a.nl/mailman/listinfo/lartc or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of LARTC digest..." Today's Topics: 1. iproute and iptables (James Ma) 2. Re: iproute and iptables (Thilo Schulz) 3. Re: HTB equivalent for 'bounded' and 'isolated' in CBQ (Amit Kucheria) --__--__-- Message: 1 From: "James Ma" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Date: Tue, 20 Aug 2002 18:21:52 -0400 Subject: [LARTC] iproute and iptables This is a multi-part message in MIME format. --=_NextPart_000_0099_01C24876.7518DE20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear all, I am newbie. However, I tried iptables recently and succeeded. I don't = understand the relationship between iptables and iproute2, is iproute = used to replace iptables? Thanks, James --=_NextPart_000_0099_01C24876.7518DE20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dear all, I am newbie. However, I tried iptables = recently and=20 succeeded. I don't understand the relationship between iptables and = iproute2, is=20 iproute used to replace iptables? Thanks, James --=_NextPart_000_0099_01C24876.7518DE20-- --__--__-- Message: 2 From: Thilo Schulz <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [LARTC] iproute and iptables Date: Wed, 21 Aug 2002 00:26:43 +0200 Am Mittwoch, 21. August 2002 00:21 schrieb James Ma: > Dear all, > > I am newbie. However, I tried iptables recently and succeeded. I don't > understand the relationship between iptables and iproute2, is iproute u= sed > to replace iptables? No. The iproute2 utilities allow to set various things, such as ip addres= ses,=20 routing entries or the traffic shaper. The iptables tool is responsible for the firewall and the rules in there = - as=20 well as some packet mangling and network address translation. You can com= bine=20 both tools with the -j MARK directive .. rtfm ;-) - Thilo Schulz --__--__-- Message: 3 Date: Tue, 20 Aug 2002 22:32:13 -0500 (CDT) From: Amit Kucheria <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [LARTC] HTB equivalent for 'bounded' and 'isolated' in CBQ On Fri, 16 Aug 2002, Stef Coene wrote: >> The 'ceil' parameter allows us to implement a part of the 'isolated' >> definition above. By setting it equal to 'rate', the class does not >> borrow bandwidth, but what will stop other classes from borrowing its >> unused bandwidth? > > Providing no ceil parameter means rate = ceil. But this can not be > used to implement isolated like in cbq. Rate = ceil means the class > can not use more bandwidth then it's rate. Isolated in cbq means other > classes can not borrow bandwidth from the class and that's not the > same. There is no way you can implement isolated with htb. > > But with htb you can do something like this : > > Total : 100 > class1 rate 20 ceil 20 > class2 rate 40 ceil 80 > class3 rate 40 ceil 80 > > class 1 is isolated like in cbq. It can not use more then it's > rate/ceil and class2 and class3 will never use bandwidth from class1, > only from each other. Just like the definition of isolated :) What happens when there is no traffic in class 1? Will class 2 and 3 share class 1's bandwidth then? The reason I am asking these questions is because I am trying to see if HTB can be used in place of CBQ in Diffserv. Has anybody tried something like this? Regards, Amit -- I'm an angel!!! Honest! The horns are just there to hold the halo up straight. ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^ Amit Kucheria EECS Grad. Research Assistant University of Kansas @ Lawrence (R): +1-785-830-8521 ||| (C): +1-785-760-2871 --__--__-- ___ LARTC mailing list [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc End of LARTC Digest ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] HTB equivalent for 'bounded' and 'isolated' in CBQ
On Fri, 16 Aug 2002, Stef Coene wrote: >> The 'ceil' parameter allows us to implement a part of the 'isolated' >> definition above. By setting it equal to 'rate', the class does not >> borrow bandwidth, but what will stop other classes from borrowing its >> unused bandwidth? > > Providing no ceil parameter means rate = ceil. But this can not be > used to implement isolated like in cbq. Rate = ceil means the class > can not use more bandwidth then it's rate. Isolated in cbq means other > classes can not borrow bandwidth from the class and that's not the > same. There is no way you can implement isolated with htb. > > But with htb you can do something like this : > > Total : 100 > class1 rate 20 ceil 20 > class2 rate 40 ceil 80 > class3 rate 40 ceil 80 > > class 1 is isolated like in cbq. It can not use more then it's > rate/ceil and class2 and class3 will never use bandwidth from class1, > only from each other. Just like the definition of isolated :) What happens when there is no traffic in class 1? Will class 2 and 3 share class 1's bandwidth then? The reason I am asking these questions is because I am trying to see if HTB can be used in place of CBQ in Diffserv. Has anybody tried something like this? Regards, Amit -- I'm an angel!!! Honest! The horns are just there to hold the halo up straight. ^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^ Amit Kucheria EECS Grad. Research Assistant University of Kansas @ Lawrence (R): +1-785-830-8521 ||| (C): +1-785-760-2871 ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] iproute and iptables
Am Mittwoch, 21. August 2002 00:21 schrieb James Ma: > Dear all, > > I am newbie. However, I tried iptables recently and succeeded. I don't > understand the relationship between iptables and iproute2, is iproute used > to replace iptables? No. The iproute2 utilities allow to set various things, such as ip addresses, routing entries or the traffic shaper. The iptables tool is responsible for the firewall and the rules in there - as well as some packet mangling and network address translation. You can combine both tools with the -j MARK directive .. rtfm ;-) - Thilo Schulz ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] iproute and iptables
Dear all, I am newbie. However, I tried iptables recently and succeeded. I don't understand the relationship between iptables and iproute2, is iproute used to replace iptables? Thanks, James
[LARTC] Re: LARTC digest, Vol 1 #728 - 11 msgs
Text Item Description: Binary data I will be out of the office from 8/19 until 8/23. I will be returning on Monday afternoon, 8/26, and will reply then. Thank you, Michael Pellegrino Softerware, Inc. ___ Subject: LARTC digest, Vol 1 #728 - 11 msgs From: [EMAIL PROTECTED] Date: 08/20/02 18:25:03 This item was automatically created and contains MIME Information.
Re: [LARTC] uplink with multiple lines
Hello, On Tue, 20 Aug 2002, Calvin Dodge wrote: > Two of the modems _do_ have private IP addresses (192.168.x.1) - could > that be confusing the kernel? If so, do I need to get public IP > addresses for those modems? AFAIK, there is not flag "public" for the IP addresses in Linux, at least, not in IPv4. The kernel does not know anything about private/reserved IP ranges. > Do I HAVE to create a patched kernel (ala Anastasov)? May be not. But you can try to understand the settings provided in the docs. The essential thing to understand is how the ip rules and routes are ordered, how the NAT uses the routing, why the NAT in plain kernels sometimes breaks with multipath routes, what kind of nexthops the kernel can live with, can you live without dead gateway detection, if not, how it works (in kernel? help from user space?), etc. > May I post the script I used to try this out? Or if possible to provide reference to it after the 5th reading of all docs :) > Thanks, folks! > > Calvin Dodge > Certified Linux Bigot (tm) > http://www.caldodge.fpcc.net Regards -- Julian Anastasov <[EMAIL PROTECTED]> ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Multi Routing Problem.
Hello, On Mon, 19 Aug 2002, Arindam Haldar wrote: > & applied julian's patch to kernel 2.4.19 & have gone thru the docs at > the site... i have defined basically 3 groups for clients--> cache, > cisco, balance.. the name specifies the importance.. this is the details > of what i did--> Carefully analyze the docs... > [root@Lr1 root]# ip rule ls > 0: from all lookup local # direct communications are first priority ip rule add prio 5 table main > 10: from EXTnA.124/25 lookup ONE > 20: from EXTnB.106/26 lookup TWO > 100:from 192.168.1.10 lookup CACHE > 101:from 192.168.1.20 lookup CISCO > 150:from 192.168.1.30 lookup BALANCE > 200:from all lookup ME > 32766: from all lookup main > 32767: from all lookup 253 > BUT am **NOT** able to surf at all from internal network... not even > able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while > FORWARD is DROP.. First try with all ACCEPT. > whats missing there ?.. after trying all day i want guidance now... > awaiting a reply very anxiously Your setup is a bit strange: internal hosts use some gateways, the external addresses use different gateways. The problem is that if you are using NAT and for example 192.168.1.10 is SNAT-ed the packet will leave with new saddr (the masquerade address). Looking in your rules there is different gateway for the masquerade address. This can't work. The current framework requires that: - if one internal IP is masqueraded to a specific address, you need the 2 routes to be similar, i.e.: from INT_IP to TARGET and from MASQ_IP to TARGET to use same gateway and device. This is even mandatory for the patches. Currently, the first packet for one connection is routed via the route "from INT_IP to TARGET", the SNAT rules assign masquerade address at postrouting and then all next packets are routed via the 2nd route - 1 route per forwarded packet. It is a bit strange these two routes to use different gateways. Do you have a good reason for this? Also note that rules in the form "from 0/0 to ANY_TARGET" where ANY_TARGET can be any subnet including 0/0 are used for source address autoselection - the resulting preferred source IP is used as saddr. It is not used only as "default" rule. So, playing tricks with different gateways is not possible. The setup is ambiguous if NAT is involved. > A.H Regards -- Julian Anastasov <[EMAIL PROTECTED]> ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] FreeSWAN and IPROUTE2
Hi People !!! I'm a newbie in this list and in this concepts. Please, I need help to learn more about routing tools on Linux and its interaction with FreeSWAN and IPTables. I just read the "Fun with iproute2 and FreeS/WAN" (www.quintilion.com/moat/ipsec+routing/iproute2.html, very, very, very good text) document but, I need more !!! On my project, I'm tinking in a lot of linux boxes with 2 or more uplinks, like this: Frame Relay uplink /--\ /\ |+-+/ \+-+| ++Linux Box|---==---|Linux Box|+ |+-+\ IPSEC with /+-+| \ FreeS/WAN / \ / \/ \--+POTS+--/ Dial on Demand On my tests, when the tunnel is downed, the routing table is updated but, if the tunnel broke, the kernel routing table persists with routes added by freeSWAN. I'm thinking to use OSPF (Zebra or BIRD): on this protocol we have the 'helo' packets to determine the current state of links but, ipsec interface is not a multicast interface ! Reading "Linux Advanced Routing & Traffic Control HOWTO" (http://lartc.org/howto/, very good document too), in chapter 5.3 we can read "GRE is a tunneling protocol that was originally developed by Cisco, and it can do a few more things than IP-in-IP tunneling. For example, you can also transport multicast traffic and IPv6 through a GRE tunnel.". So, What I use ? Ipsec tunnels from FreeS/WAN or GRE Tunnels ? Both ? How ? The traffic over GRE Tunnel are encripted ? How ? I'm tinking to use the OSPF protocol (Zebra) do make a load balance between FrameRelay and ipsec interfaces but, in same HOWTO ("Fun...") I see the new possibilitie with iproute2. What is better ? Someone have interest in this solution ? Someone can help me ? Tanks in Advance . Isamp ps.: sorry for my poor english !!! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] bug in sfq fairness
hi, I found a strange behavior with SFQ qdisc when several TCP flows start at the same time: despite having different hash values , they have a good chances to fall in the same slot which implies no more fairness than a simple FIFO. This is due to the fact that the hash table for a flow is not cleared after dequeuing a slot whith a single packet in queue and so the same slot might be shared without hash colisions. proposed patch : --- kernel/linux-2.4.18/net/sched/sch_sfq.c Tue May 7 16:22:23 2002 +++ sch_sfq.c Tue Aug 20 18:07:03 2002 @@ -343,6 +343,7 @@ if (q->qs[a].qlen == 0) { a = q->next[a]; if (a == old_a) { + q->ht[q->hash[a]] = SFQ_DEPTH; q->tail = SFQ_DEPTH; return skb; } any comments ? -- Vincent EGAL Email : [EMAIL PROTECTED]
Re: [LARTC] Limit bandwidth for ipsec vpns
On Mon, Aug 19, 2002 at 02:28:34PM -0400, Michael T. Babcock wrote: > On Mon, Aug 19, 2002 at 07:01:32PM +0200, Stef Coene wrote: > > > Is there anyone having an idea on how to limit bandwidth on a linux gw > > > doing vpns with freeswan, I.E. for a 1Mbit line with 1 ipsec tunnel on > > > interface ppp0, limiting vpn traffic (esp) to 512kbit and internet > > > traffic (non vpn) to 512kbit. > > More info about shaping can be found on www.lartc.org. And I have some extra > > information on www.docum.org. > > > > You have to add a cbq or htb qdisc to your interfaces and create 2 classes. > > One for vpn traffic and one for non vpn traffic. I hope that you use fixed > > ports for the vpn traffic so you can use the dst/src port as a filter key. > > You can share the same 1mbit or you can limit each class to 512kbit. > > If FreeS/WAN is used, adding a pair of classes to the external interface > for 'normal' and 'VPN' traffic should suffice. VPN traffic is identifiable > as traffic over UDP port 500 and protocols 50 or 51, although you may wish > to give them their own class with high priority as they do key exchanges. Thanks, I tried with marking packet with netfilter, but here is one of my pbms, I can mark esp proto but not non-esp proto: # This works # Marking outgoing vpn packets iptables -t mangle -A OUTPUT -o $IFEXT -p esp -j MARK --set-mark 29 iptables -t mangle -A OUTPUT -o $IFEXT -p udp --dport 500 -j MARK --set-mark 29 # This doesn't works!! # Marking outgoing non-vpn packets iptables -t mangle -A OUTPUT -o $IFEXT -p ! esp -j MARK --set-mark 39 Any Idea?? > > If you gave each 512kbps, then add a root class to ipsec0 of 512kbps and > work from there on it. > -- > Michael T. Babcock > CTO, FibreSpeed Ltd. (Hosting, Security, Consultation, Database, etc) > http://www.fibrespeed.net/~mbabcock/ > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multi Routing Problem
hi all, i am trying to do some advance routing for our clients on a multi route platform !.. at present am trying on a test bed.. i followed the example & applied julian's patch to kernel 2.4.19 & have gone thru the docs at the site... i have defined basically 3 groups for clients--> cache, cisco, balance.. the name specifies the importance.. this is the details of what i did--> [root@Lr1 root]# ip rule ls 0: from all lookup local 10: from EXTnA.124/25 lookup ONE 20: from EXTnB.106/26 lookup TWO 100:from 192.168.1.10 lookup CACHE 101:from 192.168.1.20 lookup CISCO 150:from 192.168.1.30 lookup BALANCE 200:from all lookup ME 32766: from all lookup main 32767: from all lookup 253 [root@Lr1 root]# ip route ls ta ONE default via EXtnA.1 dev eth1 src EXTnA.124 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta TWO default via EXTnB.70 dev eth0 src EXTnB.106 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta CACHE default via EXTnA.1 dev eth1 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta CISCO default via EXTnB.70 dev eth0 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta BALANCE default nexthop via EXTnB.70 dev eth0 weight 1 nexthop via EXTnA.1 dev eth1 weight 1 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta ME default nexthop via EXTnA.1 dev eth1 weight 1 nexthop via EXTnB.70 dev eth0 weight 1 prohibit default proto static metric 1 [root@Lr1 root]# ip addr ls 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff inet EXTnB.106/26 brd EXTnB.127 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff inet EXTnA.124/25 brd EXTnA.127 scope global eth1 4: eth2: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2 [root@Lr1 root]# ip route ls 203.163.146.64/26 dev eth0 scope link 203.163.149.0/25 dev eth1 scope link 192.168.0.0/16 dev eth2 proto kernel scope link src 192.168.0.1 127.0.0.0/8 dev lo scope link here ONE & TWO are the two external links.. ME is used for local server DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the clients ip's must follow.. i have enabled ip_forward .. & iptables rules are also specified correct .. i.e according to the ip.. BUT am **NOT** able to surf at all from internal network... not even able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while FORWARD is DROP.. whats missing there ?.. after trying all day i want guidance now... awaiting a reply very anxiously A.H ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] unsubscribe
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multi Routing Problem
hi all, i am trying to do some advance routing for our clients on a multi route platform !.. at present am trying on a test bed.. i followed the example & applied julian's patch to kernel 2.4.19 & have gone thru the docs at the site... i have defined basically 3 groups for clients--> cache, cisco, balance.. the name specifies the importance.. this is the details of what i did--> [root@Lr1 root]# ip rule ls 0: from all lookup local 10: from EXTnA.124/25 lookup ONE 20: from EXTnB.106/26 lookup TWO 100:from 192.168.1.10 lookup CACHE 101:from 192.168.1.20 lookup CISCO 150:from 192.168.1.30 lookup BALANCE 200:from all lookup ME 32766: from all lookup main 32767: from all lookup 253 [root@Lr1 root]# ip route ls ta ONE default via EXtnA.1 dev eth1 src EXTnA.124 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta TWO default via EXTnB.70 dev eth0 src EXTnB.106 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta CACHE default via EXTnA.1 dev eth1 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta CISCO default via EXTnB.70 dev eth0 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta BALANCE default nexthop via EXTnB.70 dev eth0 weight 1 nexthop via EXTnA.1 dev eth1 weight 1 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta ME default nexthop via EXTnA.1 dev eth1 weight 1 nexthop via EXTnB.70 dev eth0 weight 1 prohibit default proto static metric 1 [root@Lr1 root]# ip addr ls 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff inet EXTnB.106/26 brd EXTnB.127 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff inet EXTnA.124/25 brd EXTnA.127 scope global eth1 4: eth2: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2 [root@Lr1 root]# ip route ls 203.163.146.64/26 dev eth0 scope link 203.163.149.0/25 dev eth1 scope link 192.168.0.0/16 dev eth2 proto kernel scope link src 192.168.0.1 127.0.0.0/8 dev lo scope link here ONE & TWO are the two external links.. ME is used for local server DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the clients ip's must follow.. i have enabled ip_forward .. & iptables rules are also specified correct .. i.e according to the ip.. BUT am **NOT** able to surf at all from internal network... not even able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while FORWARD is DROP.. whats missing there ?.. after trying all day i want guidance now... awaiting a reply very anxiously A.H ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] uplink with multiple lines
I've been trying - without success - to aggregate the bandwidth of 3 DSL modems using the instructions in the HowTo (sections 4.2.1 and 4.2.2). I _believe_ I'm following the instructions to the letter, but when I add the last command (the "ip route" with "nexthop") then nothing goes out through the modems. Each modem works when I add a single default gateway pointing to it, so I don't believe the modems are the problem. Two of the modems _do_ have private IP addresses (192.168.x.1) - could that be confusing the kernel? If so, do I need to get public IP addresses for those modems? Do I HAVE to create a patched kernel (ala Anastasov)? May I post the script I used to try this out? Thanks, folks! Calvin Dodge Certified Linux Bigot (tm) http://www.caldodge.fpcc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] unsubscribe
-- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multi Routing Problem.
hi all, i am trying to do some advance routing for our clients on a multi route platform !.. at present am trying on a test bed.. i followed the example & applied julian's patch to kernel 2.4.19 & have gone thru the docs at the site... i have defined basically 3 groups for clients--> cache, cisco, balance.. the name specifies the importance.. this is the details of what i did--> [root@Lr1 root]# ip rule ls 0: from all lookup local 10: from EXTnA.124/25 lookup ONE 20: from EXTnB.106/26 lookup TWO 100:from 192.168.1.10 lookup CACHE 101:from 192.168.1.20 lookup CISCO 150:from 192.168.1.30 lookup BALANCE 200:from all lookup ME 32766: from all lookup main 32767: from all lookup 253 [root@Lr1 root]# ip route ls ta ONE default via EXtnA.1 dev eth1 src EXTnA.124 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta TWO default via EXTnB.70 dev eth0 src EXTnB.106 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta CACHE default via EXTnA.1 dev eth1 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta CISCO default via EXTnB.70 dev eth0 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta BALANCE default nexthop via EXTnB.70 dev eth0 weight 1 nexthop via EXTnA.1 dev eth1 weight 1 prohibit default proto static metric 1 [root@Lr1 root]# ip route ls ta ME default nexthop via EXTnA.1 dev eth1 weight 1 nexthop via EXTnB.70 dev eth0 weight 1 prohibit default proto static metric 1 [root@Lr1 root]# ip addr ls 1: lo: mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:50:bf:4b:f7:84 brd ff:ff:ff:ff:ff:ff inet EXTnB.106/26 brd EXTnB.127 scope global eth0 3: eth1: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:b9:69:99 brd ff:ff:ff:ff:ff:ff inet EXTnA.124/25 brd EXTnA.127 scope global eth1 4: eth2: mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:80:c8:b9:69:9a brd ff:ff:ff:ff:ff:ff inet 192.168.0.1/16 brd 192.168.255.255 scope global eth2 [root@Lr1 root]# ip route ls 203.163.146.64/26 dev eth0 scope link 203.163.149.0/25 dev eth1 scope link 192.168.0.0/16 dev eth2 proto kernel scope link src 192.168.0.1 127.0.0.0/8 dev lo scope link here ONE & TWO are the two external links.. ME is used for local server DNS deamon.. the other three viz CACHE CISCO BALANCE are the routes the clients ip's must follow.. i have enabled ip_forward .. & iptables rules are also specified correct .. i.e according to the ip.. BUT am **NOT** able to surf at all from internal network... not even able to ping eth2 !!!.. default INPUT & OUTPUT are set to ACCEPT while FORWARD is DROP.. whats missing there ?.. after trying all day i want guidance now... awaiting a reply very anxiously A.H ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/