[LARTC] 2 DSL providers, 1 GW IP and Vlans
Hi all, I'm trying to put a linux GW running with this seput: Internet -> DSL Modem -> VLAN2 \ eth2.2 Linux > Lan eth2.3 / Internet -> DSL Modem -> VLAN3 The real problema is that each of the DSL modem gives me by dhcp the same GW IP, so only one of the routes could run at the same time, because I have 2 routes 2 Public IP's (in the same network, its a /24 net) and 1 GW IP with 2 diferrent MAC's (each of the DSL modem give out it onw LAN MAC along with the GW IP as part of the DHCP reply) It is posible to run a multiroute/failover config in this situation? -- Saludos. Raúl Alexis Betancor Santana Director Gerente Dimensión Virtual S.L. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Sending and receiving
Hi all. Here's the situation Linux box with eth0 connected to LAN, and eth1 connected to internet via cablemodem. Connected to the lan are some voip devices, ive configured htb in eth1 to save some bandwith for the voip devices. Now i have another issue, at some hours of the days, some servers in the lan downloads data from other servers in internet and they use all bandwith available. My question is the following. Applying some classes to eth0 is a good way to reserve some bandwith for the traffic that comes from internet to the voip devices? I mean, is this a good way to manage the "download" traffic? Thanks and best regards ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Traffic Balance
http://www.lartc.org/howto/lartc.rpdb.multiple-links.html Maybe this could help. > -Mensaje original- > De: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] En nombre de Rafael de Souza > Enviado el: Viernes, 01 de Octubre de 2004 11:50 > Para: [EMAIL PROTECTED] > Asunto: [LARTC] Traffic Balance > > Hi list, > > I have to configure a internet server with linux. > I need configure traffic balance between dsl and cable connection. > Somobody sugestion some solution? > > Thanks > > Rafael de Souza > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] New L7-Filter patterns for Kademlia / eMule?
uhm, could you capture some packets with ethereal to check the contents and make the new pattern? -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Jason Boxman Enviado el: Sábado, 25 de Septiembre de 2004 19:52 Para: [EMAIL PROTECTED] Asunto: [LARTC] New L7-Filter patterns for Kademlia / eMule? I had been using L7-Filter[1] successfully for edonkey/eMule traffic until recently. I upgraded to the latest release of mldonkey, 2.5.28a, which implements eMule compatibility, and with support for Kademlia[2] enabled, network latency increases greatly. [1] http://l7-filter.sourceforge.net/ [2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia Has anyone created a new pattern match for L7-Filter for this protocol? I fetched the latest l7-protocols tarball, but the edonkey.pat hasn't been updated in some time. I'd be happy to capture Kademlia traffic, but I don't know what exactly to do with it thereafter. Thanks. -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] traffic queueing and ipsec vpn
Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress classifiers will act before the packet leave the kernel and enter to the vpn tunnel, is this correct? Here's my situation , i have a "headquarter" box that is a database (to call it with a name) and then a lot of branches that send queries to this database and based on the results, the branches send packets to other branches trough some established IPSEC tunnels. So, hq is the route database, and the branches send voice traffic to other branches. Now i have to set traffic shaping and manage the bandwith for senialization and for voice flows (rtp flows). So i need to be shure that i can classify the packets at the outside interface before them enters to the vpn tunnel. is this correct? Thanks in advance. -- Alexis
Re: [LARTC] Promisc routing
El Viernes 27 Agosto 2004 20:32, Roy escribió: > HI, > > I want to set interface to promisc mode and do all routing with iptables. > Is it somehow possible? as I see now kernel do not pass everything to > ipables. > > Basicaly I want to ignore ethernet addess and use only ip for routing. > > I suppose this may require writting special kernel driver or it is possible > in other way? What are you trying to do?, what you have said is not posible, first because TCP/IP are not physical-layer protocols, that means that speaking about ethernet cards, you could not ignore ethernet adress. You have to take into account on with ISO Network layer level you are speaking. By the way .. what do you want to do? Best regards ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] routing within the same network? is it possible?
Yes you can. Think of this. As this mail says, routing is to move packets between two different networks. Thats right. Ill just let aside the theory and all that bored stuff. Now, very very very very basic, how you define a network? with a network address and a mask. How packets gets routed? by the more specific address. So, 192.168.0.15/32 and 192.168.0.16/32 will be more specific than the lan. so there will be routing. Layer 2 will be who take the packet and carries it to the next hop. So its perfectly legal and believe me that it works if you put a more specific static for a connected lan. An example my connected lan is 192.168.0.0/24 now, i have in 192.168.1.12 a box with 2 interfaces with some connected addresses from this lan (13,14,15), if this addresses are configured in the interface, theres no need for routing, because the box accepts arp requests for 13,14,15 and layer 2 will have the information to switch packet to those addresses. But, what if those addresses are not configured and are just simple used for nat (for example), there is no arp request and arp reply for those addresses, so L2 will not know how to reach those destinations. In this case you can instruct L3 to reach those destinations (yes, routing) like this just if youre using iproute2 just type ip route add 192.168.0.13/32 via 192.168.0.12 ip route add 192.168.0.14/31 via 192.168.0.12 when a request for 13,14,15 need to be passed, there is no arp entry for those addresses, so it will check L3 information that is the routing table in this case, it will find 192.168.0.12/32 as next hop for those addresses, so it will check for a arp entry for 192.168.0.12 (that really exists) and will switch the packet with destination mac > the one that belongs to 192.168.0.12 destination ip address > 13,14,15 hope this helps - Original Message - From: "Yemi Fowe" <[EMAIL PROTECTED]> To: "Victor Catten" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, June 12, 2004 9:39 AM Subject: Re: [LARTC] routing within the same network? is it possible? > With my little knowledge of TCP/IP, i dont think > routing withing thesame network is possible. > Routing means moving from one network to another. > Thank You > Yemi > > > n--- Victor Catten <[EMAIL PROTECTED]> wrote: > > Hello, > > > > Is routing within the same network possible? > > If it is, what configuration should I put for the > > firewall/router shown below? I basically want the > > host debian13 to be able to send packets via a > > multi-homed firewall. I think the multi-homed > > firewall involve some routing. > > > > +---+ > > |debian13 | > > |eth0:192.168.0.13 | > > +---+ > > |eth0 > > | > > |eth0 > > +--+ > > |firewall/router(linux-box)| > > |which configuration here? | > > +--+ > > |eth1 > > | > > +--+ > > | | > > |eth0 |eth0 > > +---+ +---+ > > |eth0:192.168.0.15 | |eth0:192.168.0.16 | > > |debian15 | |debian16 | > > +---+ +---+ > > > > > > Thank you! > > > > Victor > > ___ > > LARTC mailing list / [EMAIL PROTECTED] > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://lartc.org/ > > > > > > __ > Do you Yahoo!? > Friends. Fun. Try the all-new Yahoo! Messenger. > http://messenger.yahoo.com/ > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Script editor using a browser??
running a webserver in this port, with basic authentication and a script in php that read the destination script and put it in a text area for edit, and then clicking a submit button to save the script again? - Original Message - From: "Yemi Fowe" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, June 12, 2004 9:51 AM Subject: [LARTC] Script editor using a browser?? > Hello all, > I have a some scripts on my Linux box, i want to be > able to edit it remotely from a browser login into my > server at a particular port number, just like Webmin, > SWAT etc. eg( http://mylinuxaddy:port). > Does any body have idea of how i can acheive this? > I would appreciate your response. > Thanx > --Yemi > > > > > > __ > Do you Yahoo!? > Friends. Fun. Try the all-new Yahoo! Messenger. > http://messenger.yahoo.com/ > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] making a traffic shaper for wireless users
Hello all, Im new using tc, ive been reading the howto at least 2 or 3 times, but there's a lot information to aquire all of it quickly. I've installed a linux box as firewall for a wireless Network in a hotel, this box is a radius for the access points and it uses iptables to redirect and permit/deny the customers to use the net. So it uses iptables to count the bytes to restrict the user using the bytes transferred. Now i have to create a different bandwith restrictions, i've testing using iptables to mark the users and then restrict the bandwith, but it was in a lab scenario, my question is if i create suppose a classifier for 64kbps, 128kbps, 256kbps and so on. do i have to create different classifiers for each customer? or just sending 2 or more customers to the 128kbps lane, both of them will have 128kbps to use and not 128/users? to restrict incoming and outgoing, i need to set a classifier in both interfaces? for incoming traffic the classifier goes to the LAN interface and for outgoing traffic in the WAN? of course switching the source/destination information at the iptables rules used to mark. Thank you. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] link redundancy...
On Fri, Apr 09, 2004 at 04:19:03PM -0300, Cristiano Soares wrote: >Does anyone know how to make a link redundancy? I have two ADSL lines, and >i want the linux machine to be able to switch between the two lines >everytime the first ADSL line goes down. Thanks a lot. > >Cristiano You'll need BGP4 support for this. GNU Zebra[1] may help you here. [1] www.zebra.org -- Paolo Alexis Falcone [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Getting crazy with marking packets
El Wednesday 18 February 2004 22:05, Corey Hickey escribió: > Raúl Alexis Betancort Santana wrote: > > Hi all .. I'm getting crazy triying to undestand why my packets are not > > going by the ISP I want them to .. :S > > > > I mark smtp and pop3 packets on PREROUTING with -j MARK setting it mark > > to 0x02 .. then with ip rule add fwmark table mail.traffic its supposed > > they will only go out by ISP1, but they are going out by a random provier > > from my list of ones ... :( > > > > Any hit please ? ... what are I'm doing wrong? .. I have read the > > archives and searched at google with no success ... > > Perhaps you need to add a default route for mail.traffic? > ip route add default via dev table \ > mail.traffic The mail.traffic table has a multipath route with diferent weights, I want traffic to go by ISP1, but if it gets down, go by ISP2, but it is going out by the ISP it get at random .. ip route add table mail.traffic default nexthop via dev eth1 weight 1 nexthop via dev eth1 weight 200 ip rule add fwmark 0x02 table mail.traffic iptables -A PREROUTING -t mangle -p tcp --dport 25 -j MARK --set-mark 0x02 iptables -A PREROUTING -t mangle -p tcp --dport 110 -j MARK --set-mark 0x02 Also I have other problem now .. on my multiroute (it is called that way) table for the rest of traffic (the reverse order with weigths as on the mail.traffic table), when GW1 gets down, traffic go out by GW2, thats ok .. but when GW1 get online again traffic continues going by GW2, I have tryed with "ip route flush cache", but it continues the same ... going out by GW2, no matter the weights they have, no matter that GW1 is online again. Any way to solve this ? Best Regards ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Getting crazy with marking packets
Hi all .. I'm getting crazy triying to undestand why my packets are not going by the ISP I want them to .. :S I mark smtp and pop3 packets on PREROUTING with -j MARK setting it mark to 0x02 .. then with ip rule add fwmark table mail.traffic its supposed they will only go out by ISP1, but they are going out by a random provier from my list of ones ... :( Any hit please ? ... what are I'm doing wrong? .. I have read the archives and searched at google with no success ... ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multipath problems
Hi all, I'm getting lot of problems with a multihomed linux router.
I have 3 lines conected to my Linux Box, with 2.6.1 kernel with DgD patches,
and I have setup it that it does load balancing between the 3 lines, but I
have a problem with sending specific traffic (mail one) throught only one of
the lines. let me put my config bellow ..
--- Multiroute.sh -
#!/bin/bash
# CONFIGURATION
IP=/sbin/ip
PING=/bin/ping
#--- LINK PART -
# EXTIFn - interface name
# EXTIPn - outgoing IP
# EXTMn - netmask length (bits)
# EXTGWn - outgoing gateway
#---
# LINK 1 ADSL ISP1
EXTIF1=eth1
EXTIP1=aaa.bbb.ccc.ddd
EXTM1=30
EXTGW1=aaa.bbb.ccc.eee
# LINK 2 ADSL ISP2
EXTIF2=eth1
EXTIP2=bbb.ccc.ddd.eee
EXTM2=26
EXTGW2=bbb.ccc.ddd.fff
# LINK 3 Cable ISP3
EXTIF3=eth1
EXTIP3=ccc.ddd.eee.fff
EXTM3=30
EXTGW3=ccc.ddd.eee.ggg
#ROUTING PART
# removing old rules and routes
echo "removing old rules"
${IP} rule del prio 50 table main
${IP} rule del prio 201 from ${EXTIP1}/${EXTM1} table 201
${IP} rule del prio 202 from ${EXTIP2}/${EXTM2} table 202
${IP} rule del prio 203 from ${EXTIP3}/${EXTM3} table 203
${IP} rule del prio 221 table 221
echo "flushing tables"
${IP} route flush table 201
${IP} route flush table 202
${IP} route flush table 203
${IP} route flush table 221
echo "removing tables"
${IP} route del table 201
${IP} route del table 202
${IP} route del table 203
${IP} route del table 221
# setting new rules
echo "Setting new routing rules"
# main table w/o default gateway here
${IP} rule add prio 50 table main
${IP} route del default table main
# identified routes here
${IP} rule add prio 201 from ${EXTIP1}/${EXTM1} table 201
${IP} rule add prio 202 from ${EXTIP2}/${EXTM2} table 202
${IP} rule add prio 203 from ${EXTIP3}/${EXTM3} table 203
${IP} route add default via ${EXTGW1} dev ${EXTIF1} src ${EXTIP1} proto static
table 201
${IP} route append prohibit default table 201 metric 1 proto static
${IP} route add default via ${EXTGW2} dev ${EXTIF2} src ${EXTIP2} proto static
table 202
${IP} route append prohibit default table 202 metric 1 proto static
${IP} route add default via ${EXTGW3} dev ${EXTIF3} src ${EXTIP3} proto static
table 203
${IP} route append prohibit default table 203 metric 1 proto static
# mutipath
${IP} rule add prio 221 table 221
${IP} route add default table 221 proto static \
nexthop via ${EXTGW3} dev ${EXTIF3} weight 1\
nexthop via ${EXTGW2} dev ${EXTIF2} weight 100\
nexthop via ${EXTGW1} dev ${EXTIF1} weight 200
# Multipath for email traffic.
${IP} route add default table mail.traffic proto static \
nexthop via ${EXTGW1} dev ${EXTIF1} weight 1 \
nexthop via ${EXTGW2} dev ${EXTIF2} weight 250\
nexthop via ${EXTGW3} dev ${EXTIF3} weight 100
${IP} rule add prio 230 fwmark 0x02 table mail.traffic
${IP} route flush cache
- Multiroute.sh
Then I mark the pakets coming from the lan and going to internet mail
servers ...
iptables -A PREROUTING -t mangle -s ${LAN}/${LAN_MASK} -d !
${DMZ1}/${DMZ1_MASK} -p tcp --dport 25 -j MARK --set-mark 0x02
iptables -A PREROUTING -t mangle -s ${LAN}/${LAN_MASK} -d !
${DMZ1}/${DMZ1_MASK} -p tcp --dport 110 -j MARK --set-mark 0x02
The idea is that mail traffic going to internet try to go out allways by ISP1
but if it fails (that is why the weight are so diferents) by ISP2 and if that
one fails too try to go out by ISP3, but in the real scenario mail traffic is
going out by a radom provider :( ... for the rest of traffic priorities
should be reversed ... first ISP3,then ISP2 and finaly ISP1 and that part is
running more or least ... sometimes one conection goes out by ISP2 but that's
not a big problem ..
I'm doing something wrong ?, why my mail.traffic table is not working as it is
supposed to
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Problems with multipath routing.
Hi all, I have setup two multipath route tables on my system for doing
failover routing, What I want it's that if GW at route1 of the MP is dead,
traffic goes by route2, for doing that I have created the multipath routes as
follows:
ip route add table mail.traffic proto static nexthop via ${GW1} dev eth1
weight 1 nexthop via ${GW2} dev eth1 weight 250
But it does not run as I espected, I want that most (all if posible) the
traffic goes by GW1, and if it is down (DgD patches are applied) traffic must
goes by GW2, the kernel it's not taking into account the weight parameter or
maybe I'm doing it wrong.
Any hit will be apreciated ...
Best regards
___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bandwith Aggregation
I forgot to mention that I'm running Debian Sid, with kernel 2.6.1 patched with NANO patchs and iproute2 with HTB support (but by now I'm not interested on clasiffiying traffic, that will be later) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bandwith Aggregation
El Martes, 13 de Enero de 2004 19:36, Robert Kurjata escribió: > For the start read my posting from 15th Oct 03 as an working example. I have just a question about your script (I found it on the archives)... I have 3 DSL lines, linke you, but all of them are conected to a switch and then to my eth1 interface on wich I have 3 public ip's and 2 public ip's ranges, let me try to draw it. DMZ Zone | eth3 DSL1\ | DSL2 - - Switch - eth1 [Linux Box] - eth0 -Switch - LAN DSL3 / | eth2 | LDMS What I need is to send all SMTP/POP3 traffic throught DSL1, and the rest of traffict througth a load balancing between DSL2 and DSL3 giving preference on DSL3 over DSL2 (moreover because DSL3 it's a 2Mbits simetric line with the local cable company, and DSL2 it's a ADSL 256Kbit), but if DSL1 fails, the SMTP/POP3 traffic should go out by any of the other interfaces, also if DSL2 or DLS3 get out, rest of traffic should go by DSL1. The LDMS link its used only for IPSec tunnels and should never be user for nomal traffic. DSL1 -> ADSL 256 with a /30 public range on the ethernet side. DSL2 -> ADSL 256 in bridge mode, so I have it's public IP on my side. DSL3 -> Cable 2Mbit with a /30 public range on the ethernet side. By now I only have setup a simple link with it's gateway using DSL1 for all traffic, and I'm been unable to do that if a ssh conection (for example) reach eth1 by DSL3 or reach eth2 by LDMS and get answered by the same link. May someone give me a hit on what I'm doing wrong or what must I do to get it working. Best regards ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Multihomed router problems
Hi all, i'm new at LARTC, and after reading the docs I found no solution to my problem ... On one side I have eth0 conected to the LAN, on the other side I have eth1 conected to a switch and to 3 DSL routers with 3 diferent providers, and also eth2 conected to a cisco 2600 conected to a LDMS line. I have readed the larct docs about multihomed conections to internet, but I'm been unable to setup the routes with iproute2. I have setup a default multihop route, but if I receive a ssh conection throught one of the DSL lines it get not answered by the same line, it's answered throught the default route, How could I change this? I want to begin by answering the traffic by the line it is coming in. On eth1 I have 3 publics IP's, one from each DSL provider. Any sugestions? .. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Bandwith limitation
El Mon, Mar 10, 2003 at 08:42:06PM +0200, Evgeni Gechev escribió: > > Some topic-related observations: > AMD Athlon XP1700+ (1466), 4xRealtek8139, 5-6Mbit/s - nearly reaching the limit > of machine capabalities Change the 4 Realtek by 4 REAL nics, as the kernel driver of the realtek cards sais ... "... Realtek redefine the concept of low end hardware with this chipset ..." > P4 2000, 3com905C+BROADCOM BCM5701, 40-50Mbit/s - far better behavior > Same configuration on both, thousands of iptables rules, and on the p4 machine > there are 200-250 concurrent pppoe sessions (none on the athlon) I think is not a matter of the hardware (CPU/Mem I mean), but a matter of having good nics, good switches, and a very good planed and inplemented network struture. If you want good performance, a tunning over the kernel network related parameters would be good too. Best regards -- _ _ // Raúl A. Betancort Santana/> A Dream is an answer to __ \\ // <[EMAIL PROTECTED]> // question that we don't know (oo) \\ // Dimensión Virtual S.L. // how to ask. / \/ \ // \> A Linux Solution Provider pgp0.pgp Description: PGP signature
