Re: [LARTC] Dynamically changing ceil (and removing filters)
On Friday 06 February 2004 16:36, Jason Tackaberry wrote: I'm investigating other approaches to managing the very little, extremely over-used pipe we have feeding the residences of our small campus. What wbout wrr qdisc: http://wipl-wrr.sourceforge.net/ The more you download, the slower it goes. Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re:[LARTC] Need help on load balancing
Hi all, Simple, in the iptables you must have two rules for example: iptables -t nat -A POSTROUTING -o eth1 -s IP_RANGE -j SNAT --to IP_EXTERNAL_1 iptables -t nat -A POSTROUTING -o eth2 -s IP_RANGE -j SNAT --to IP_EXTERNAL_2 or if you like you may delete the -s IP_RANGE also. []'s Anderson Hi, I am new to list and have an urgent question. I read the LARTC howto and enter the following commands but I don't know how t o use nat for internal network. I want that all of the clients that h ave IP in range 192.168.2.0/24 and gateway 192.168.2.1 can see internet using both uplinks with failovr feature. What is the nat command t hat I have to enter? Eth0: 192.168.2.1/24 ( internal network ) Eth1: 80.191.30.250/30 ( ISP1 ) Eth2: 213.217.54.245/29 ( ISP2 ) -- ip route add 80.191.30.248 dev eth1 src 80.191.30.250 table isp1 ip route add default via 80.191.30.249 table isp1 ip route add 213.217.54.240 dev eth2 src 213.217.54.245 table isp2 ip route add default via 213.217.54.241 table isp2 ip route add 80.191.30.248 dev eth1 src 80.191.30.250 ip route add 213.217.54.240 dev eth2 src 213.217.54.245 ip rule add from 80.191.30.250 table isp1 ip rule add from 213.217.54.245 table isp2 ip route add 192.168.2.0/24 dev eth0 table isp1 ip route add 213.217.54.240/29 dev eth2 table isp1 ip route add 127.0.0.0/8 dev lo table isp1 ip route add 192.168.2.0/24 dev eth0 table isp2 ip route add 80.191.30.248/30 dev eth1 table isp2 ip route add 127.0.0.0/8 dev lo table isp2 ip route add default scope global nexthop via 80.191.30 .249 dev eth1 weight 1 nexthop via 213.217.54.241 dev eth2 weight 4 --- --- Please help me. Thanks, Saeed Zamani, Technical Manager, Concept FZ LLC. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: ht tp://lartc.org/ __ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re:[LARTC] Multiple uplinks - load balancing
Hi all, I had a problem like that and i solved making a rule with iptables that all traffic to port 25 i was routing to ip that was accept to send. Or you may try to creat a rule when outgoing traffic is via ISP2 you change the source ip. Try a let me know. []'s Anderson Hello! I have set up a LINUX router with two seperate uplinks to do load balancing. I made all the configuration after the NANO -HOWTO to use more than one independent Internet connection document . I patched my 2.4.24 kernel with patches, described in this document. My configuration is: --- #!/bin/bash #-- LAN_IF - LAN interface LAN_IP - LAN IP LAN_NET - LAN network/mask #-- INET1_IF - external interface no. 1 INET1_IP - external IP no. 1 INET1_NET - external network/mask no. 1 INET1_GW - remote gateway no. 1 #-- INET2_IF - external interface no. 2 INET2_IP - external IP no. 2 INET2_NET - external network/mask no. 2 INET2_GW - remote gateway no. 2 #-- echo 1 /proc/sys/net/ipv4/ip_forward /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/modprobe ip_conntrack_irc /sbin/modprobe ip_nat_irc IPTABLES=/usr/sbin/iptables $IPTABLES -t filter -P INPUT ACCEPT $IPTABLES -t filter -P OUTPUT ACCEPT $IPTABLES -t filter -P FORWARD ACCEPT $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P INPUT ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT $IPTABLES -t mangle -P FORWARD ACCEPT $IPTABLES -t mangle -P POSTROUTING ACCEPT $IPTABLES -t nat -F $IPTABLES -t mangle -F $IPTABLES -t filter -F $IPTABLES -t filter -X keep_state $IPTABLES -t nat -X keep_state $IPTABLES -t filter -N keep_state $IPTABLES -t filter -A keep_state -m state -- state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -t filter -A keep_state -j RETURN $IPTABLES -t nat -N keep_state $IPTABLES -t nat -A keep_state -m state -- state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -t nat -A keep_state -j RETURN $IPTABLES -t nat -A PREROUTING -j keep_state $IPTABLES -t nat -A POSTROUTING -j keep_state $IPTABLES -t nat -A OUTPUT -j keep_state $IPTABLES -t filter -A INPUT -j keep_state $IPTABLES -t filter -A FORWARD -j keep_state $IPTABLES -t filter -A OUTPUT -j keep_state /sbin/ip rule del prio 50 table main /sbin/ip rule add prio 50 table main /sbin/ip route del default table main /sbin/ip rule del prio 201 from $INET1_NET table 201 /sbin/ip rule add prio 201 from $INET1_NET table 201 /sbin/ip route add default via $INET1_GW dev $INET1_IF \ src $INET1_IP proto static table 201 /sbin/ip route append prohibit default table 201 metric 1 proto static /sbin/ip rule del prio 202 from $INET2_NET table 202 /sbin/ip rule add prio 202 from $INET2_NET table 202 /sbin/ip route add default via $INET2_GW dev $INET2_IF \ src $INET2_IP proto static table 202 /sbin/ip route append prohibit default table 202 metric 1 proto static /sbin/ip rule del prio 222 table 222 /sbin/ip rule add prio 222 table 222 /sbin/ip route add default table 222 proto static \ nexthop via $INET1_GW dev $INET1_IF \ nexthop via $INET2_GW dev $INET2_IF $IPTABLES -t nat -A POSTROUTING -o $INET1_IF - s $LAN_NET -j SNAT --to-source $INET1_IP $IPTABLES -t nat -A POSTROUTING -o $INET2_IF - s $LAN_NET -j SNAT --to-source $INET2_IP --- -- Load balancing works well, and everything seems to be O K. But there is a problem: two uplinks are from different ISP's, so they have their own SMTP servers. I have to use only one SMT P server to send e-mail, so I set up SMTP server of ISP1 in my e- mail client program. But because of load balancing, SMTP traffic so metimes go through the second line ISP2, and then the SMTP server of ISP1 refuses to accept my message. So I would like to tie SMTP traffic to ISP1 line. Wha t rules should I use? Perhaps I should mark all the SMTP traffic with IPTABLES MARK? I would be very grateful for your help and suggestions. .. Rokas Zakarevicius ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: ht tp://lartc.org/ __ Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] limiting p2p
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thank you mike, its doing great right now. I didnt notice on my script. Thank you ;) - -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Mike Miller Enviado el: miércoles, 04 de febrero de 2004 17:58 Para: GoMi CC: [EMAIL PROTECTED] Asunto: RE: [LARTC] limiting p2p iptables -t mangle -i eth2 -A PREROUTING -p tcp -m ipp2p --ipp2p -j MARK --set-mark 2 iptables -t mangle -i eth2 -A PREROUTING -p tcp -m ipp2p --ipp2p-data -j MARK --set-mark 2 There is no need to use --ipp2p and --ipp2p-data on one box. Use --ipp2p only this should be sufficient for most systems. But IPP2P should work with this ruleset anyway. Please do me a favour and remove both rules containing string matches from your ruleset let it run for a while and give me the full output of iptables -t mangle -L -n -v -x. I guess you're using Kazaa? Is it a (nat-)router or a bridge? Regards, Mike - -- GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBQCT3+n7diNnrrZKsEQL2LgCfWWVyGTE2/fQ/oXNR4kGkjNqrsFUAn157 evWFiLjKNb3bPmMOBFzbfwK3 =EjNs -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Packet Loss !!
We have been using HTB for last 10-11 months without any problem. But from last few days we have been facing huge packet loss when we turn on traffic shaping using HTB. I upgraded to 2.4.24 kernel (without any htb patch), still there is same problem. Avg. traffic is around 2Mbps and 4Mbps at peak hours. There are around 110 HTB classes and SFQ attached to each class. We are using 4 port Tulip (only 2 ports inuse)card and a 3Com 59x card. Previously I was using default quantum and r2q values for all the classes. Somewhere I saw quantum = (link in Kbit) * 1024 / ( 8 * 1500) so I tried by increasing the qntm. value of the mainclass (and other classes with rate above 512K) still there is no improvement. tc qdisc add dev eth2 root handle 3: htb default 256 tc class add dev eth2 parent 3: classid 3:1 htb quantum 786 rate 9mbit ceil 9mbit (this is the main class) These rules are to shape client b/w. There are more 100 rules like this. tc class add dev eth2 parent 3:1 classid 3:11 htb quantum 10 rate 64kbit ceil 64kbittc class add dev eth0 parent 1:1 classid 1:11 htb quantum 10 rate 64kbit ceil 64kbit iptables -t mangle -A FORWARD-s 192.168.0.11 -j MARK --set-mark 11iptables -t mangle -A FORWARD -s 192.168.0.11 -j MARK --set-mark 11 tc filter add dev eth2 protocol ip parent 3: prio 5 handle 11 fw classid 3:11tc filter add dev eth0 protocol ip parent 1: prio 5 handle 11 fw classid 1:11tc qdisc add dev eth2 parent 3:11 sfq perturb 10tc qdisc add dev eth0 parent 1:11 sfq perturb 10 I'm not able to find out what the problem is. For backup I'm thinking to switch to FreeBSD. I'll be glad to read your suggestions. Thanks to everyone. with regards, Birkant Neupane
[LARTC] WRR and masq
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, i have a question reguarding WRR. I have a box with 2 ethernets, i am doing nat, and i have a question. Since i am doing egress traffic, and its done after natting, if i use wrr with src and masq options, will it get the real source address, or since the egress QoS its done after natting it will get the sourde address from ethernet 1?? Anyone? -BEGIN PGP SIGNATURE- Version: PGP 8.0 iQA/AwUBQCUpVn7diNnrrZKsEQIViACcC1LAKlotZr/rHHDTD/HrY9GQ1Q4AoOAP G1d8yQW7LxCuqVK+StVZ77OF =qWAS -END PGP SIGNATURE- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Packet Loss !!
On Saturday 07 February 2004 16:44, Bikrant Neupane wrote: We have been using HTB for last 10-11 months without any problem. But from last few days we have been facing huge packet loss when we turn on traffic shaping using HTB. I upgraded to 2.4.24 kernel (without any htb patch), still there is same problem. Avg. traffic is around 2Mbps and 4Mbps at peak hours. There are around 110 HTB classes and SFQ attached to each class. We are using 4 port Tulip (only 2 ports in use) card and a 3Com 59x card. Previously I was using default quantum and r2q values for all the classes. Somewhere I saw quantum = (link in Kbit) * 1024 / ( 8 * 1500) so I tried by increasing the qntm. value of the main class (and other classes with rate above 512K) still there is no improvement. tc qdisc add dev eth2 root handle 3: htb default 256 tc class add dev eth2 parent 3: classid 3:1 htb quantum 786 rate 9mbit ceil 9mbit (this is the main class) Your quantum is too low. http://www.docum.org/stef.coene/qos/faq/cache/31.html Stef -- [EMAIL PROTECTED] Using Linux as bandwidth manager http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Transparent FTP proxying from localhost?
Hi. I need to do transparent FTP proxying using frox. For my lan i just use: if [ $USE_FTP_PROXY == yes ]; then $IPT -t nat -A PREROUTING -p tcp -i $LAN -d ! $INET_IP --dport 21 \ -j REDIRECT --to-port $FTP_PROXY_PORT fi I wonder what i should use for same effect on localhost. $IPT -t nat -A OUTPUT -p tcp -o $INET -d ! $INET_IP --dport 21 \ -j REDIRECT --to-port $FTP_PROXY_PORT didn't worked :( ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Transparent FTP proxying from localhost?
I wonder what i should use for same effect on localhost. $IPT -t nat -A OUTPUT -p tcp -o $INET -d ! $INET_IP --dport 21 \ -j REDIRECT --to-port $FTP_PROXY_PORT Your local packets don't go via nat and prerouting table. Hope you should enable in kernel NAT_OF_LOCAL_CONNECTIONS (experimental) . Then you will be able to specify some policy. Arkadiusz Binder ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wondershaper htb + multiple ports
Is there a way to apply wondershaper w/ htb to a port range? I have a ftp server on port 65432 and passive ports 5-6. Is there a way to set a range? or do they have to be individually listed? The following doesnt seem to work: # low priority source ports NOPRIOPORTSRC=65432, 5:6 # low priority destination ports NOPRIOPORTDST= Mark ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Marks, MASQ and SNAT
I found the following at: http://lartc.org/howto/lartc.netfilter.html IMPORTANT: We received a report that MASQ and SNAT at least collide with marking packets. Rusty Russell explains it in this posting. Turn off the reverse path filter to make it work properly. The posting link refers to the following: http://lists.samba.org/archive/netfilter I get a 404 whenever I go there. I've done a lot of Googling on this subject and I am only finding very small fragments of information. Can anyone provide me with a link to more info, or lay out the details of the issue for me? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/