[LARTC] Layer 7 application blocking via tc/iptables?
Hi All, I hope this is the correct place to ask about this, but can someone give me an example of blocking a certain application via the layer 7 patch and iproute/iptables? For more of a specific example, I'm trying to block certain instant messaging clients on my network, and I have yet to find a way to do it (using mark or otherwise). Any help would be greatly appreciated! Thanks, Derek ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Port forward and two ISP
Remus <[EMAIL PROTECTED]> wrote: Hi folks, I have a question regarding some port forward via diffrent route. Ok, my configuration is like this: I have to Internet lines. 1 is for the email server 2 (default) is for web browsing. Linux box (firewall/router) Local network 192.168.0.x I did IP routing for particular local IP (email server) via not the default route, everything works fine. But how to route via line 1 some IP port for the IP which one already has default route via 2 line ? For example for the IP 192.168.0.20 - the TCP ports 80,443 go via default route (line 2) and the TCP port 110 goes via second route (line 1). DO the subnetting and route the traffic based on subnet from the specific gateway. Any ideas? Thanks in advance Remus Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo.
Re: Re[2]: [LARTC] QOS and gameserver lags
On Tuesday 26 August 2003 23:25, Tom Verbeek wrote: > Monday, August 25, 2003, 7:25:39 PM, Stef wrote: > > SC> Can you check the bandwidth used in the different classes? I have a > script on SC> www.docum.org that can do this for you. I ask this because > you have SC> different prio's and you have to be sure you never overlimit a > class (send SC> more then the rate) or the latency can go up. > > OK, I checked the bandwidth with monitor_tc.pl: everythings looks > okay. The increased latenca does not come from different prios. But I > still put every class on prio 0. Ok. > SC> You also have to check the quantum values. For the 10 kbit class, > quantum = 10kbit / 8 (bit ->> byte) / 10 (r2q) = 12.5 byte and this < mtu = > 1500 byte. SC> So add quantum 1500 if you create that class. > > OK. I set quantum 1500 on the small class. Ok. > But the solution to my problem is much simpler: > > my Provider says I get 192 kbits upstream. > When I do an ftp upload to a close server I get 175 kbits. > But to make my linux router the bottleneck I need to limit the rate to > 160 kbits > > Can anybody explain the difference in the numbers? You have to limit the traffic on the linux router to less then your modem can handle so at least your modem is not the bottleneck. So if you modem can handle 192kbit, I should take 185kbit or so. > Please see the current version of my shaper here: > > http://www.designobjekt.de/test/rc.trafficshaper > > Now I only get minimally increased latency when playing > online games and having 100% upstream traffic at the same time. If the script is working you are fine with the 160kbit ceil, I should leave it like that. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Performanace fo the Iptables Server
On Wednesday 27 August 2003 19:50, hare ram wrote: > Hi Stef > > Thats right, if i make cron job run every 5min, so i will loose only 5min > of data. > > i was not understand > " You can record the difference between the 2 reads and discard > negative values. " > > you mean to say first 5min and next 5min bytes increasing ok > if not i will discard and take new values you mean. You can also store the difference between 2 readings. Otherwise your counters will increase forever. > If i make the log to mysql, so it will be 24hours right > is there anything i can make every 5min dump the data to Mysql using ULOG You can try to redirect the ULOG to a named pipe or a shell script. Named pipe example : mkfifo test echo 1 > test & echo 2 > test 1 echo 3 > test & cat test 3 2 1 [1] Doneecho 1 >test [2]- Doneecho 2 >test [3]+ Doneecho 3 >test So the numbers 1, 2 and 3 were cached in the named pipe untill the cat command was executed. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Performanace fo the Iptables Server
Le mer 27/08/2003 à 19:41, Stef Coene a écrit : > On Wednesday 27 August 2003 19:31, hare ram wrote: > > Hi Stef > > > If you really want it very detailed (src/dst - address/port), you indeed have > to log it to mysql or so. > You can calulcate the number of updates you have to do mysql and simulate this > on a test box. As the mark you can put on the packet is quiet long you can use a mask system : [IP user][proto]. Next the script has only to split the information contained in the mark. That's add a multiplicative factor to the number of rules but that's all. So no need to use mysql. By the way you will need use connmark to track non linear protocol like ftp. BR, -- Eric Leblond Nufw : http://www.nufw.org signature.asc Description: Ceci est une partie de message=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Re: [LARTC] Performanace fo the Iptables Server
Hi Stef Thats right, if i make cron job run every 5min, so i will loose only 5min of data. i was not understand " You can record the difference between the 2 reads and discard negative values. " you mean to say first 5min and next 5min bytes increasing ok if not i will discard and take new values you mean. If i make the log to mysql, so it will be 24hours right is there anything i can make every 5min dump the data to Mysql using ULOG hare - Original Message - From: "Stef Coene" <[EMAIL PROTECTED]> To: "hare ram" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2003 11:11 PM Subject: Re: [LARTC] Performanace fo the Iptables Server > On Wednesday 27 August 2003 19:31, hare ram wrote: > > Hi Stef > > > > How about Source and Desitination port, and protocol wise bytes transfer ( > > like http, ftp, icmp, udp), if i want to track. > > > > next limitation, if the Server goes down, the traffic will be zero, that > > will be another Limitation > Not true. If you record the counters each 5 minutes, you loose max 5 minutes > of counters. You can record the difference between the 2 reads and discard > negative values. > > > If i send the all the traffic to Mysql, so i can get the old data to. > > > > may be you can correct me if, i may be wrong thinking > > > > correct me with the best methods to do > If you really want it very detailed (src/dst - address/port), you indeed have > to log it to mysql or so. > You can calulcate the number of updates you have to do mysql and simulate this > on a test box. > > Stef > > -- > > [EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Performanace fo the Iptables Server
On Wednesday 27 August 2003 19:31, hare ram wrote: > Hi Stef > > How about Source and Desitination port, and protocol wise bytes transfer ( > like http, ftp, icmp, udp), if i want to track. > > next limitation, if the Server goes down, the traffic will be zero, that > will be another Limitation Not true. If you record the counters each 5 minutes, you loose max 5 minutes of counters. You can record the difference between the 2 reads and discard negative values. > If i send the all the traffic to Mysql, so i can get the old data to. > > may be you can correct me if, i may be wrong thinking > > correct me with the best methods to do If you really want it very detailed (src/dst - address/port), you indeed have to log it to mysql or so. You can calulcate the number of updates you have to do mysql and simulate this on a test box. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Performanace fo the Iptables Server
Hi Stef How about Source and Desitination port, and protocol wise bytes transfer ( like http, ftp, icmp, udp), if i want to track. next limitation, if the Server goes down, the traffic will be zero, that will be another Limitation If i send the all the traffic to Mysql, so i can get the old data to. may be you can correct me if, i may be wrong thinking correct me with the best methods to do hare - Original Message - From: "Stef Coene" <[EMAIL PROTECTED]> To: "hare ram" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2003 10:47 PM Subject: Re: [LARTC] Performanace fo the Iptables Server > On Wednesday 27 August 2003 19:03, hare ram wrote: > > Hi Stef > > > > thanks for the reply > > > > yes i would like to do accounting the source IP > > so i need to log them all the traffic, > > so i will know each IP how much transfering DATA > > > > with my configuration, is there any performance issue > > i may have more than thousands of passing through this firewall or qos > > server > > > > so my PC will have any performance issue or, > > this configuration need any modification > You don't have to log each packet to do accounting. If you create 1 iptables > rule for each src address, you know how many packets and bytes that that src > address transmitted. > > iptables -A INPUT -s 192.168.1.0 > iptables -A INPUT -s 192.168.1.1 > iptables -A INPUT -s 192.168.1.2 > > iptables -L -v -n > Chain INPUT (policy DROP 47 packets, 5842 bytes) > pkts bytes target prot opt in out source destination > 0 0all -- * * 192.168.1.0 0.0.0.0/0 > 0 0all -- * * 192.168.1.1 0.0.0.0/0 > 0 0all -- * * 192.168.1.2 0.0.0.0/0 > > Stef > > -- > > [EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Performanace fo the Iptables Server
On Wednesday 27 August 2003 19:03, hare ram wrote: > Hi Stef > > thanks for the reply > > yes i would like to do accounting the source IP > so i need to log them all the traffic, > so i will know each IP how much transfering DATA > > with my configuration, is there any performance issue > i may have more than thousands of passing through this firewall or qos > server > > so my PC will have any performance issue or, > this configuration need any modification You don't have to log each packet to do accounting. If you create 1 iptables rule for each src address, you know how many packets and bytes that that src address transmitted. iptables -A INPUT -s 192.168.1.0 iptables -A INPUT -s 192.168.1.1 iptables -A INPUT -s 192.168.1.2 iptables -L -v -n Chain INPUT (policy DROP 47 packets, 5842 bytes) pkts bytes target prot opt in out source destination 0 0all -- * * 192.168.1.0 0.0.0.0/0 0 0all -- * * 192.168.1.1 0.0.0.0/0 0 0all -- * * 192.168.1.2 0.0.0.0/0 Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Performanace fo the Iptables Server
Hi Stef thanks for the reply yes i would like to do accounting the source IP so i need to log them all the traffic, so i will know each IP how much transfering DATA with my configuration, is there any performance issue i may have more than thousands of passing through this firewall or qos server so my PC will have any performance issue or, this configuration need any modification thanks hare - Original Message - From: "Stef Coene" <[EMAIL PROTECTED]> To: "hare ram" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2003 9:00 PM Subject: Re: [LARTC] Performanace fo the Iptables Server > On Wednesday 27 August 2003 07:46, hare ram wrote: > > Hi all > > > > I have RH 9.0 > > PIII with 550Mhz > > 512MB RAM > > > > working fine with Iptables+TC+HTB > > > > Now i want o make accounting system using ULOG > > > > so i introduced to send all logs to Mysql > > So i can make my own Graphs > > > > iptables -A INPUT -j ULOG > > iptables -A FORWARD -j ULOG > > iptables -A OUTPUT -j ULOG > > > > > > the Server is connected to Several Clients > > > > does this server will have any Impact of performance > > or this PC can handle Easily > > > > how can caluculate the PC configuration, > The needed configutation also depends on how many logs you will have and how > you are going to proces them. > And do you really want to log everything? If you are interested in what's > going thru your firewall, you can also log the connections. Or you can > install ntop on the firewall. > > Stef > > -- > > [EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.oftc.net > > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Monitoring traffic
On Wednesday 27 August 2003 03:00, Alex wrote: > This approach is not good for me because I curently have 90 clients to > count traffic for and I expect another 50 in the next month, maybe more. I > have used this script that you say, but it would be a pain to implement > that for so many clients adn it would also put a good amount of load on the > machine running this setup. So I need something else... this works, but I > should create specific mrtg.cfg files for each client ( I don't think I can > specify htmldir and such... for every entry in mrtg.cfg) adn this is > another issue besides the most important one, THE LOAD! > > Thanks anyway.but maybe some of you know any better solutions? I don't think there is a solution, but it's not so difficult to script this. You can use iptables counters to count the packets and rrdtool to create the graphs. And you need some scripts so you can easy add more clients. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Performanace fo the Iptables Server
On Wednesday 27 August 2003 07:46, hare ram wrote: > Hi all > > I have RH 9.0 > PIII with 550Mhz > 512MB RAM > > working fine with Iptables+TC+HTB > > Now i want o make accounting system using ULOG > > so i introduced to send all logs to Mysql > So i can make my own Graphs > > iptables -A INPUT -j ULOG > iptables -A FORWARD -j ULOG > iptables -A OUTPUT -j ULOG > > > the Server is connected to Several Clients > > does this server will have any Impact of performance > or this PC can handle Easily > > how can caluculate the PC configuration, The needed configutation also depends on how many logs you will have and how you are going to proces them. And do you really want to log everything? If you are interested in what's going thru your firewall, you can also log the connections. Or you can install ntop on the firewall. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] multiple c-classes routing
Hi guys, I know this is a questions/advice mailgroup, but I'm looking for someone who has experience in routing mulitple c-classes to a single server, and I'm not sure where else to look. If you have experience in this area, and would like some paypal cash email me. thanks, saul.
[LARTC] Port forward and two ISP
Hi folks, I have a question regarding some port forward via diffrent route. Ok, my configuration is like this: I have to Internet lines. 1 is for the email server 2 (default) is for web browsing. Linux box (firewall/router) Local network 192.168.0.x I did IP routing for particular local IP (email server) via not the default route, everything works fine. But how to route via line 1 some IP port for the IP which one already has default route via 2 line ? For example for the IP 192.168.0.20 - the TCP ports 80,443 go via default route (line 2) and the TCP port 110 goes via second route (line 1). Any ideas? Thanks in advance Remus
[LARTC] Performanace fo the Iptables Server
Hi all I have RH 9.0 PIII with 550Mhz 512MB RAM working fine with Iptables+TC+HTB Now i want o make accounting system using ULOG so i introduced to send all logs to Mysql So i can make my own Graphs iptables -A INPUT -j ULOG iptables -A FORWARD -j ULOG iptables -A OUTPUT -j ULOG the Server is connected to Several Clients does this server will have any Impact of performance or this PC can handle Easily how can caluculate the PC configuration, any help hare With ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Monitoring traffic
This approach is not good for me because I curently have 90 clients to count traffic for and I expect another 50 in the next month, maybe more. I have used this script that you say, but it would be a pain to implement that for so many clients adn it would also put a good amount of load on the machine running this setup. So I need something else... this works, but I should create specific mrtg.cfg files for each client ( I don't think I can specify htmldir and such... for every entry in mrtg.cfg) adn this is another issue besides the most important one, THE LOAD! Thanks anyway.but maybe some of you know any better solutions? Alex - Original Message - From: "Gabriel Lorenzo" <[EMAIL PROTECTED]> To: "Alex" <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2003 12:32 AM Subject: Re: [LARTC] Monitoring traffic > Here is my tip. > > Install MRTG (www.mrtg.org ) into your Server/Gateway , if its a eg Cisco > Router where > the customers are atached install a Computer with Linux with mrtg and query > with mrtg the Cisco router > on eachinterface where you have customers attached, otherwise do it on your > Gateway and wuery your Interfaces- > While Mrtg creates automatically HTML pages with the results of daily, > weekly, monthly and yearly traffic statistics. > you need also to run a script writen by Joseph Wendel called Mrtg Totalizer, > very cool!, which counts the packets in/out > collected by Mrtg. So you have both the totals packets consumed by your > customers and the average statistics graphs. > the next thing is to create individual html sites for each customer with > .htaccess password restrictions, maybe using > virtual domains for every customer for have them seperated. > > I hope this helps. > > If you need some more advice send me a mail > > Regards Osgaldo. > > > > - Original Message - > From: "Alex" <[EMAIL PROTECTED]> > To: "LARTC" <[EMAIL PROTECTED]> > Sent: Tuesday, August 26, 2003 10:55 PM > Subject: [LARTC] Monitoring traffic > > > > Does anybody know a good ip traffic monitoring software that has multiuser > > capability? > > I need some type of software with an interface on which users can login > with > > their user/pass and see how much traffic (how many megabytes) they > consumed > > over a certain period of time. Speed graphs are NOT a must, just something > > to show them hou much traffic they did. > > I'm currently using net-acct mysql but with little success because on RH9 > > the netacctd daemon dies unexpectedly sometimes without any error. > > > > Thanks! > > > > Alex > > > > > > ___ > > LARTC mailing list / [EMAIL PROTECTED] > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/