Re: [LARTC] VPN through PPP
you could use openvpn -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HOWTO unmaintained?
Aye/puts hand up in agreement. A wiki would be great. The problem right now is there is little, and usually not very good, documentation on how to setup queue's and other advanced routing. The end result this list is full of people asking questions and very few who answer. i am totally pro refreshing the lartc howto. and wiki is a great idea -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgphGBb7lGB8P.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] IMQ
ive got such network: || |-| | WORLD |---|ROUTER/server| -- NATED LAN || |-| I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ?? -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
Dariusz Dwornikowski ([EMAIL PROTECTED]) schrieb: I want to use imq on ROUTER, what behaviour to choose ? AA, BA, AB, BB ?? That depends on what you want to do. For example: *) BA - If you want to have all packets on the IMQ after the nat table - so you wouldn't see any internal ips anymore on the IMQ device. *) BB - If you want to have packets with internal ips on the IMQ before the pass the nat table. But you can't match on your external IP with BB. yes but i want to have two IMQ devices... for outside eth and inside eth -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
yes but i want to have two IMQ devices... for outside eth and inside eth Ahmm.. don't know what you mean with that. But if you have a external Interface (ex eth0) on which you want to shape egress and also ingress shaping you simply do: ip link set imq0 up ip link set imq1 up ${IPTABLES} -t mangle -I PREROUTING -i ${EXT_DEV} -j IMQ --todev 0 ${IPTABLES} -t mangle -I POSTROUTING -o ${EXT_DEV} -j IMQ --todev 1 and put your QoS on imq0 and imq1... i want to shape traffic for my clients and do not know what behaviour to choose... in your example will it be possible to match NATed addresses of my clients ? -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
i want to shape traffic for my clients and do not know what behaviour to choose... in your example will it be possible to match NATed addresses of my clients ? you want to match the translated addresses of your clients (- external IP) - then BA is the correct behaviour. no i want match their private addresses. i want imq0 for ext_if and imq1 for internal_if.. so i can traffic shaping on matched NATed ips -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] IMQ
no i want match their private addresses. i want imq0 for ext_if and imq1 for internal_if.. so i can traffic shaping on matched NATed ips Oh ok. I was irritated because you say NATed ips - for me this are all clients after the passed the nat table... So you ned BB. IMQ hook before the postrouting table (where your NAT will happen) and you have internal addresses on the imq device. thank you very much. -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] QOS problem -ng
ok i read everythong and now understand much more.. the problem is that my boss told me to erase whole running server, because he wants to run tests on hardware with windows... (i work with idiot). he is so stubborn that he does not understand that this is qdisc issue. my idea is : to give htb with imq on interfaces to globally cut bws. i would like an advice what is the best solution for network with many access points ? is the incoming bw shaped on internal eth ? is it necessary to mark packets when shaping outgoing bw for nated nets ? -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgp1xViLTdSuR.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] QOS HELP PLEASE
ok i did the calculations and here it is : www.tdi.pozman.pl/fir3 now ping to world from server are superb but. ping to access points in the network are 1-2seconds... people keep on calling and tlling that tranfers on parts of network are 1-3kb/s. i hae to mention that on the old server all was perfect. please anyone :) -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgp3PJXID7CuN.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] QOS problem -ng
ok i gave up. can sb point me docs on how design proper qos rules ? about differences between them and the usage (which for wifi, which for ISPs which for homenet) ill read and do it -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgpElb5on6XAu.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] QOS HELP PLEASE
ive got problems with my network (120 people) ive got big pings (300ms)m whereas there are normally about 19ms. i do not know if my qos is proper (fast i mean). www.tdi.pozman.pl/fir2 - my qos www.tdi.pozman.pl/rules - my firewall can sb tell me if do it ok ? -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgpSgEuyhxuz1.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] QOS HELP PLEASE
so the sun of all rates of speeds of classes for the clients should be less than the rate of the class 1:2 ? or i understand it badly ? -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgpXDBS9bVViI.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] linux ip forwarding problem
On Fri, 17 Jun 2005 13:14:23 -0400 (EDT) Ji Li [EMAIL PROTECTED] wrote: Hi, I have three linux machines, and I want to let one of them forward packets betwen the other two. The forwarding node has two ethernet cards, connecting the two two machines respectively. However, when I ping between the two end points, the forwarding node can receive the ping requests at its eth0, but it never forwards them to its eth1. So is the reverse direction. The forwarding node is Redhat 7.2, kernel 2.4.7-10. The two end points are FC3, 2.6.9-1.667smp. What we have done to enable IP forwarding on the RH7.2 node are: (1) In /etc/sysconfig/network, add FORWARD_IPV4=yes (2) echo 1 /proc/sys/net/ipv4/ip_forward. (3) Change net.ipv4.ip_forward=1 in /etc/sysctl.conf. (4) echo 0 /proc/sys/net/ipv4/conf/eth0/rp_filter echo 0 /proc/sys/net/ipv4/conf/eth1/rp_filter (5) We tried iptables -F to flush the rules, but ip forwarding still doesn' work, so we add some rules as follows. We run iptables to configure firewall to enable IP forwarding. iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT route add net comp1-net gw comp1-ip route add net comp2-net gw comp2-ip on router . -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgpFvurbbwHWV.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Lamer needs help for basic tc setup
When doing NAT u32 will work for downloads shaped on the lan facing interface but not for uploads on the wan interface you need to mark/classify. is it necessary to mark every ip with separate mark ? all clients in my net have the same speed, can i mark them all with for example : 10 ? -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | pgpmIDfLUlYtm.pgp Description: PGP signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] RTNETLINK answers: File exists
On Fri, 10 Jun 2005 19:37:55 -0700 gypsy [EMAIL PROTECTED] wrote: Dariusz Dwornikowski wrote: how can i get rid of that ?? i do del roots before scripting. del ingress? -- gypsy i do nto have ingress, but i fixed it : my script is generated by python program which creates classes like that : { ... classid 10%d , i i++ } when classids reach 10100, RTNETLINK occurs. -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] nesting htbs
On Fri, 10 Jun 2005 00:02:42 +0100 Andy Furniss [EMAIL PROTECTED] wrote: Edward Smith wrote: Hello all, I am running a coop satellite link for my aviation company here in Iraq. (silly blog www.stardotstar.org). I am running tc with htb with good success so far. I am working on improving it though and need some help. Currently I have just 4 classes, syn/ack/ping, webchat, http, and then other. We are really happy with how this has improved our ability to call home from our rooms and do video chat. However, I would like to do a better job of making sure that each IP is getting a fair share because it seems like sometimes one video or audio chat bullies another one into slowing down and one guy is having a great video and audio feed while someone elses audio only is suffering. I've seen some references to wrr and also to making a class for each IP. There doesn't seem to be much current documention on wrr, so I'm trying to set up nested htbs. Here are my questions: 1. Which makes more sense, to nest my 4 classes of traffic inside of a class for each IP, or to make a class for each IP in each of my 4 classes. I'm leaning towards the latter so that someones web traffic can't borrow from the interactive traffic classes. I would do the latter also. I would have just one interactive class and give it a rate that is say 3/4 of the ceil, the bulk classes can still borrow the unused. 2. I've done a test, and can't get any traffic into the nested classes. Here is my code: #1:20 LOW DELAY--CHAT DATA #includes the minimize delay FW TOS tc class add dev ${UPDEV} parent 1:1 classid 1:20 htb rate 200kbit ceil ${UPCEIL}kbit burst 6k prio 1 tc filter add dev ${UPDEV} protocol ip parent 1: pref 20 u32\ match ip tos 0x10 0xff flowid 1:20 tc filter add dev ${UPDEV} protocol ip parent 1: pref 21 handle 5 fw classid 1:20 tc filter add dev ${UPDEV} protocol ip parent 1: pref 21 handle 6 fw classid 1:20 so marking is thing that i need for limiting NATed uploads to internet ? when limiting downloads i do not need marking ? am i right ? -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] RTNETLINK answers: File exists
how can i get rid of that ?? i do del roots before scripting. -- *Dariusz 'tdi' Dwornikowski | Gentoo | admin at pozman.pl | *[JID]:[EMAIL PROTECTED]|[gg]:2266034|[IRC]:[EMAIL PROTECTED] | *[MAIL]:[EMAIL PROTECTED]|[WWW]:www.tdi.pozman.pl | *Serwery,administracja,webapps - www.ProAdmin.com.pl | *Fingerprint:43E21CC46DAFD2F754E91547D59B39F56AAA4B5F | ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc