[LARTC] How to config ip in 2nd lan card in Linux pc and config ip masq?
Dear Sir, I have install 2 lan card (Micronet Lan Card) in Linux pc, in 1st lan card I will use public ip ( 203.x.x.x) and 2nd lan card I will use private ip (192.168.1.1). But after install the Linux 7.2 in /etc/sysconfig/network- scripts/ only showing ifcfg-eth0 no interface is showing like ifcfg-eth1. My questions are how to enable or config 2nd lan card and config ip in 2nd lan card.? & how to config ip masq to route to get Internet in local workstations.? Pls help me to solve these problem. Thanks & Best regards. __ Md. Ahsanul Haque Chowdhury. E-mail:[EMAIL PROTECTED] , [EMAIL PROTECTED] Web:http://www.neksus.com Web:http://www.link3.net Date:2003-12-06. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] track tunnel connections
[EMAIL PROTECTED] wrote: I have this: publicIP(server)-netA--internet(netC)--netB--172.26.3.0/24 I have tunnel between netA and netB. The tunnel is for manage some network devices what are using private IP from network 172.26.3.0/24. Now if I ping from publicIP (it could be server with nagios). Echo request packet is routed through tunnel and reaches 172.26.3.1(device) but echo reply is routed via default route on netB gateway and NATed out to internet. Question: Could I somehow discover that echo request traveled by tunnel so reply should take same way? What tunneling technology are you using (IPIP, GRE, VPN (ESP/AH/PPTP/...) ) ? Normally you'd configure the tunnel endpoint routers at both sites to have recipriocal routing entries for each others subnet. Also configure on the endpoint hosts a black hole routing entry with a higher metric than the tunnel, so that "Network Unreachables" are correctly returned in the event the tunnel is not configured / down. This is also one measure you can use to stop tunneled data from accidentally escaping onto the Internet. But your subnets need to be correctly configured around the endpoint router so no discovery of the route is necessary by the hosts on the subnet. So I ask: Does your network topology really need to be able to discover tunnel(s) ? Routing protocols exist for this very application, but they generally are to allow two routers to discover each others routes, not for hosts to discover routes. Its not clear if the issue of route discovery is really your problem or just the subnets aren't configured correctly ? Darryl ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] tc -s class problem (with cbq only)
> I have changed kernel to 2.2.22 and have a problem: > > #tc -s class ls dev eth3 > and > #tc show class dev eth3 > and > #tc -s -d class ls dev eth3 > > shows me NOTHING when i use CBQ queues on interface !!! I found where is a problem,,, It occurs only when i use only in one or more class a TBF queue discipline. Even when i use the sample from LARTC.org script. Instead of : (the actual CBQ script) ##tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 i use a tbf queue: #tc qdisc add dev $DEV parent 1:20 handle 30: tbf rate 20kbit buffer 1600 limit 3000 and after that tc -s class ls dev $DEV shows NOTHING !!! if I use a SFQ queue, tc -s class ls dev $DEV works OK. I'm not doing some stupid mistake on that... A.Binder ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue !!!!
Thanks Patrick, But I am not sure if it is possible to apply it to the embedded Linux . -Original Message- From: Patrick McHardy [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 5:42 PM To: Greg Freeman Subject: Re: [LARTC] $100 USD to the first person that can provide the rules/scripts that will solve the QOS latency & bandwidth allocation issue See trash.net/~kabet/hfsc for a packet scheduler which allows delay and bandwidth decoupling. Maybe that helps. Regards, Patrick Greg Freeman wrote: > To stress the urgency and importance of my questions, I am willing to > pay $100 to the first person that can provide me with the scripts/ > rules that will work in my SnapGear firewalls that will solve the > problems I am having. > > Please see the following post: > > > Linux QOS and prioritization of real-time data (RTP/VoIP) > > Thank you! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Split bandwidth equally per IP
Hello Martin, I have recently read your howto from: http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Traffi c-Control-HOWTO.html I quote: "Of the many types of contention for network bandwidth, this is one of the easier types of contention to address in general. By using the SFQ qdisc, traffic in a particular queue can be separated into flows, each of which will be serviced fairly (inside that queue). Well-behaved applications (and users) will find that using SFQ and ESFQ are sufficient for most sharing needs. The Achilles heel of these fair queuing algorithms is a misbehaving user or application which opens many connections simultaneously (e.g., eMule, eDonkey, Kazaa). By creating a large number of individual flows, the application can dominate slots in the fair queuing algorithm. Restated, the fair queuing algorithm has no idea that a single application is generating the majority of the flows, and cannot penalize the user. Other methods are called for." Can you post a real script using esfq, that splits the bandwidth equally per IP? The documentation on esfq is scarce and I have no idea where to start from. Thanks again for your time. -Original Message- From: Martin A. Brown [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2003 7:03 PM To: Mihai Vlad Cc: [EMAIL PROTECTED] Subject: RE: [LARTC] Split bandwidth equally per IP Achtung! There is already an esfq qdisc [0] which does this! This patch may be a good one, but since esfq already exists, perhaps you could try that instead. -Martin [0] http://www.ssi.bg/~alex/esfq/index.html -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] track tunnel connections
hello, I have this: publicIP(server)-netA--internet(netC)--netB--172.26.3.0/24 I have tunnel between netA and netB. The tunnel is for manage some network devices what are using private IP from network 172.26.3.0/24. Now if I ping from publicIP (it could be server with nagios). Echo request packet is routed through tunnel and reaches 172.26.3.1(device) but echo reply is routed via default route on netB gateway and NATed out to internet. Question: Could I somehow discover that echo request traveled by tunnel so reply should take same way? Petr Chloupek [EMAIL PROTECTED] All work and no play makes Jack a dull boy. -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d s:--- a- C++(+++)$ UL+++$>$ P++$ L+++$>$ E-@ [EMAIL PROTECTED] N+ o? K w++> O- M-@ V? PS+ [EMAIL PROTECTED] Y+() PGP+@ t(+) 5? !X@ R(++)>-@ tv-- b++@ DI+ D+ G+ e+ h r+++ y --END GEEK CODE BLOCK-- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imprecision in bandwidth measurement
Tilman Giese (Global View) wrote: Hi, I am experiencing a curious phenomenon. I limited the bandwidth for a specific client to 750KBit. It works well despite of the fact that the client always gets a little bit more bandwidth (around 770KBit to 780KBit). I used different bandwidth and traffic measurement tools like ntop, nettimer or ipac. All show the same, a little bit more bandwidth than allowed. The factor by which the specified bandwidth is increased seems to be proportional to the specified bandwidth. But where is the problem. Is it only a different way of traffic measurement or is this a bug? Maybe, does it depend on some command arguments to create the classes? tc uses 1024 instead of 1000 as factor for kbit (1024^2 for mbit). Usually when talking about network equipment kbit means 1000bit/s and mbit means 100bit/s. In your case, 750*24bit/s = 18000bit/s off. The iproute-rates patch at trash.net/~kaber/hfsc is meant to fix this. Best regards, Patrick ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imprecision in bandwidth measurement
On Friday 05 December 2003 18:23, Tilman Giese (Global View) wrote: > Stef Coene wrote: > >Can you post us your tc commands ? > > # tc qdisc add dev eth0 root handle 1: cbq bandwidth 10MBit allot 1514 > cell 8 avpkt 1000 mpu 64 > # tc filter add dev eth0 parent 1:0 prio 5 protocol ip u32 > > # tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10MBit rate > 10MBit allot 1514 cell 8 weight 1MBit prio 5 maxburst 20 avpkt 1000 bounded > # tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 750KBit > rate 750KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 75KBit maxburst > 21 bounded > # tc class add dev eth0 parent 1:2 classid 1:3 cbq bandwidth 750KBit > rate 50KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 5KBit maxburst 21 > > # tc filter add dev eth0 parent 1: prio 5 u32 match ip src > 192.168.0.33/32 flowid 1:3 I don't see any error in your scripts. I did some tests myself and this is the result : http://docum.org/stef.coene/qos/tests/cbq/bounded/bounded.html I had the same result. The bandwidth you get is a bit more then the configured rate. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Split bandwidth equally per IP
Good point, what has to be done to make this part of the standard linux kernel distribution? > > Achtung! There is already an esfq qdisc [0] which does this! This patch > may be a good one, but since esfq already exists, perhaps you could try > that instead. > > -Martin > > [0] http://www.ssi.bg/~alex/esfq/index.html ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imprecision in bandwidth measurement
Stef Coene wrote: Can you post us your tc commands ? # tc qdisc add dev eth0 root handle 1: cbq bandwidth 10MBit allot 1514 cell 8 avpkt 1000 mpu 64 # tc filter add dev eth0 parent 1:0 prio 5 protocol ip u32 # tc class add dev eth0 parent 1:0 classid 1:1 cbq bandwidth 10MBit rate 10MBit allot 1514 cell 8 weight 1MBit prio 5 maxburst 20 avpkt 1000 bounded # tc class add dev eth0 parent 1:1 classid 1:2 cbq bandwidth 750KBit rate 750KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 75KBit maxburst 21 bounded # tc class add dev eth0 parent 1:2 classid 1:3 cbq bandwidth 750KBit rate 50KBit avpkt 1000 cell 8 prio 5 allot 1514 weight 5KBit maxburst 21 # tc filter add dev eth0 parent 1: prio 5 u32 match ip src 192.168.0.33/32 flowid 1:3 Tilman ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] imprecision in bandwidth measurement
On Friday 05 December 2003 17:51, Tilman Giese (Global View) wrote: > Hi, > > I am experiencing a curious phenomenon. I limited the bandwidth for a > specific client to 750KBit. It works well despite of the fact that the > client always gets a little bit more bandwidth (around 770KBit to > 780KBit). I used different bandwidth and traffic measurement tools like > ntop, nettimer or ipac. All show the same, a little bit more bandwidth > than allowed. The factor by which the specified bandwidth is increased > seems to be proportional to the specified bandwidth. But where is the > problem. Is it only a different way of traffic measurement or is this a > bug? Maybe, does it depend on some command arguments to create the classes? Can you post us your tc commands ? Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Split bandwidth equally per IP
Hello, : In fact letting HTB calculate itself the burst parameter, and : hard-coding the quantum parameter for each leaf class (as Stef : suggested), made the traffic shaping much more accurate than it was : before. (especially the quantum settings > 1500). That Stef guy! Always making good suggestions. : I will make the changes in sch_sfq.c and keeep you all informed with : the results. Achtung! There is already an esfq qdisc [0] which does this! This patch may be a good one, but since esfq already exists, perhaps you could try that instead. -Martin [0] http://www.ssi.bg/~alex/esfq/index.html -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] imprecision in bandwidth measurement
Hi, I am experiencing a curious phenomenon. I limited the bandwidth for a specific client to 750KBit. It works well despite of the fact that the client always gets a little bit more bandwidth (around 770KBit to 780KBit). I used different bandwidth and traffic measurement tools like ntop, nettimer or ipac. All show the same, a little bit more bandwidth than allowed. The factor by which the specified bandwidth is increased seems to be proportional to the specified bandwidth. But where is the problem. Is it only a different way of traffic measurement or is this a bug? Maybe, does it depend on some command arguments to create the classes? Tilman ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Split bandwidth equally per IP
Thanks very much for this reply. In fact letting HTB calculate itself the burst parameter, and hard-coding the quantum parameter for each leaf class (as Stef suggested), made the traffic shaping much more accurate than it was before. (especially the quantum settings > 1500). I will make the changes in sch_sfq.c and keeep you all informed with the results. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, December 05, 2003 5:19 PM To: Stef Coene Cc: Mihai Vlad; [EMAIL PROTECTED] Subject: Re: [LARTC] Split bandwidth equally per IP Here are my untested (but simple) changes to SFQ to make it share outgoing bandwidth "fairly" per ip address (roughly, per local user) instead of being susceptible to being tricked by users with many connections. Don't use this on the wrong side of a NAT box where there is only one source ip address in use. In net/sched/sch_sfq.c: Change: h = iph->daddr; h2 = iph->saddr^iph->protocol; if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && (iph->protocol == IPPROTO_TCP || iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_ESP)) h2 ^= *(((u32*)iph) + iph->ihl); break; To: h = h2 = iph->saddr; break; ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Split bandwidth equally per IP
Here are my untested (but simple) changes to SFQ to make it "fair" on a per ip basis. I believe that this is actually what most people want - equal bandwidth among a number of users without being tricked by users using many connections. In net/sched/sch_sfq.c: h = iph->daddr; h2 = iph->saddr^iph->protocol; if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && (iph->protocol == IPPROTO_TCP || iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_ESP)) h2 ^= *(((u32*)iph) + iph->ihl); break; change to: h = iph->daddr; h2 = iph->saddr^iph->protocol; if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && (iph->protocol == IPPROTO_TCP || iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_ESP)) h2 ^= *(((u32*)iph) + iph->ihl); break; ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] RE: Linux QOS help
-Original Message- From: Teemu Korpela [mailto:[EMAIL PROTECTED] Sent: Thursday, December 04, 2003 9:17 PM To: Greg Freeman Subject: RE: Linux QOS help On Thu, 4 Dec 2003 08:47:27 -0900, Greg Freeman wrote > Looking at the support report on the firewall (list all sorts of > stuff) I saw this.. > > ifconfig -a > eth0 Link encap:Ethernet HWaddr 00:D0:CF:01:A6:52 > inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:20061386 errors:206047 dropped:5857547 > overruns:138637 frame:0 > TX packets:8390751 errors:0 dropped:0 overruns:1 carrier:0 > collisions:0 txqueuelen:100 > Interrupt:5 > > Note the number of errors on this Lan interface, these are read errors? > Is it common to have this many of dropped and overrun packets on a LAN > side? It's not common. I just checked one linux router with half-duplex and another with full-duplex ethernet connection and error counters were zero (except half-duplex interface which had small amount of collisions, but that's normal). Both routers have been running several months now. Maybe your problems is this and not QOS-troubles? The amount of errors and dropped frames is way too high compared to amount of received frames and there is packet loss. One reason for this might be excessive CPU load when you are using ipsec and transferring bulk data like files across the link. CPU time shortage causes dropping of ethernet frames when receiving. What hardware are you using in corp side firewall? -- Teemu ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Split bandwidth equally per IP
Here are my untested (but simple) changes to SFQ to make it share outgoing bandwidth "fairly" per ip address (roughly, per local user) instead of being susceptible to being tricked by users with many connections. Don't use this on the wrong side of a NAT box where there is only one source ip address in use. In net/sched/sch_sfq.c: Change: h = iph->daddr; h2 = iph->saddr^iph->protocol; if (!(iph->frag_off&htons(IP_MF|IP_OFFSET)) && (iph->protocol == IPPROTO_TCP || iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_ESP)) h2 ^= *(((u32*)iph) + iph->ihl); break; To: h = h2 = iph->saddr; break; ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tc -s class problem (with cbq only)
I have changed kernel to 2.2.22 and have a problem: #tc -s class ls dev eth3 and #tc show class dev eth3 and #tc -s -d class ls dev eth3 shows me NOTHING when i use CBQ queues on interface !!! i can olny watch queues (QDISC) with: #tc -s qdisc ls dev eth3 (this is working OK, as earlier) I tried many of tc bin's (from devik, compiled, old , etc) - nothing help. the tc -s class ls dev eth0 works fine, when i used HTB queues. How to solve that problem ? this is trace of problem: open("/proc/net/psched", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40014000 read(3, "000c8000 000f4240 000f4240 0"..., 4096) = 36 close(3)= 0 munmap(0x40014000, 4096)= 0 socket(PF_NETLINK, SOCK_RAW, 0) = 3 bind(3, {sin_family=AF_NETLINK, {sa_family=16, sa_data="[EMAIL PROTECTED]"}, 12) = 0 getsockname(3, {sin_family=AF_NETLINK, {sa_family=16, sa_data="q\3375<[EMAIL PROTECTED]"}, [12]) = 0 time(NULL) = 1070634212 sendto(3, "\24\0\0\0\22\0\1\3\345\224\320?\0\0\0\0\0006\1@", 20, 0, {sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\0\0\0\0\0\0\0\0\24\0\0\0"}, 12) = 20 recvmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16, sa_data="\21\300\0\0\0\0\0\0\0\0\264\0\0\0"}, msg_iov(1)=[{"\264\0\0\0\20\0\2\0\345\224\320?5 recvmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16, sa_data="\301\367\0\0\0\0\0\0\0\0\24\0\0\0"}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\345\224\320?5<\ sendmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16, sa_data="\0\0\0\0\0\0\0\0\0\0$\0\0\0"}, msg_iov(2)=[{"$\0\0\0*\0\1\3\346\224\320?\0\0\0\0", 1 recvmsg(3, {msg_name(12)={sin_family=AF_NETLINK, {sa_family=16, sa_data="\301\367\0\0\0\0\0\0\0\0\24\0\0\0"}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\346\224\320?5<\ _exit(0)= ? Why does it exit's here ?? if i'm sure that there are queues/classes on that interface: here i past them : # tc -s qdisc ls dev eth3 |head -n 10 qdisc tbf 84e3: rate 160Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat 189.2ms Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc tbf 84e2: rate 640Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat 189.2ms Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc tbf 84e1: rate 150Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat 189.2ms Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc tbf 84e0: rate 600Kbit burst 300Kb peakrate 10Mbit minburst 1600b lat 189.2ms PLEASE HELP ME ! A.Binder ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Aliases and Multipath
Thanks guys for such quick response :) coool Well let me go deeper now with my routing issuess. My desirable topology is: LAN Linux Box eth0-- dsl router (dhcp) eth0:1 -- Frame Router ISP1 (fixed ip range) eth0:2 -- Frame Router ISP2 (fixed ip range) Then i would config: eth0according dhcp server aa.aa.aa.aa eth0:1 xx.xx.xx.xx eth0:2 yy.yy.yy.yy The idea is to balance the outgoing traffic through the three ISPs. One little trouble is dhcp renewal (it always tries to set the default gateway, anyone knows how to avoid that? i could find out from dhcp-client-leases and then configure myself at the right place at the right moment). According to the FAQ i need to guarantee first that any request from eth0 IPADDR goes to the right gateway and so on with eth0:1 and eth0:2 (that's reasonable). After that i would do the multipath config. The question goes now with the NAT stuff, how can i do the SNAT after balancing the traffic with the multipath routing? I can't do: iptables -t nat -A POSTROUTING -o eth0 -j SNAT aa.aa.aa.aa iptables -t nat -A POSTROUTING -o eth0:1 -j SNAT xx.xx.xx.xx iptables -t nat -A POSTROUTING -o eth0:2 -j SNAT yy.yy.yy.yy iptables just does not likes eth0:1 neither eth0:2, is this the right behaviour of iptables or what? i read something about NAT in advance routing engine but never used before and i'm little confuse on how it works. Will it crash with iptables NAT engine? Just to finish to build the router i need to do DNAT for my internal servers but that's trivial with iptables but anyway it would be great to know how to do it with a single tool (don't need to do firewalling in this machine so far, just routing and stateless nat, our should it be statefull? h need to think about). Heeey, does anyone knows if someone has translated the LARTC-FAQs to Spanish? I could do that :) I would like to contribute... Kind regards Guillermo -- Guillermo Gomez <[EMAIL PROTECTED]> neotech ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: AW: [LARTC] How to route and queue, based on iptables marked packets, at the same time?
Witaj Jan, W Twoim liście datowanym 5 grudnia 2003 (11:23:25) można przeczytać: JG> Hi, >> Yes, you can. You can do marking in output and it will make a >> difference in routing. Just use the -mangle- tables. >> Checked and verified. I use it. JG> Can I mark the packets in the POSTROUTING table again to influence the queuing? JG> thx, JG> Jan Gerritsen JG> ˙˙˙Ë™¨ĄŠx%ŠË,SůšŠYšź÷lőŻç–m§˙˙™¨Ą™©˙vĎZţy™¨Ą™©˙–+-ŠwčţV«µÁÎY3˙†Űi˙˙ĺj»\ţŠŕ As I already said Yes. -- Pozdrowienia, Robertmailto:[EMAIL PROTECTED] ,S f˘–)ŕ–+-ü°L)šŠYšťŰ=jya¶Úţf˘–f§vĎZž_ćj)fjĺŠËbťú?•Şíps–Lčm¶ź˙•ŞírŠŕ
[LARTC] Linux, RFC2697 and RFC2698
Hi, Do you know if Linux supports the RFC2697 et RFC2698 ? Thanks, Steph __ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
AW: [LARTC] How to route and queue, based on iptables marked packets, at the same time?
Hi, > Yes, you can. You can do marking in output and it will make a > difference in routing. Just use the -mangle- tables. > Checked and verified. I use it. Can I mark the packets in the POSTROUTING table again to influence the queuing? thx, Jan Gerritsen ŔE0¦j)bž b˛ßË™¨Ą™©ÝłÖ§–m§˙ćj)fjwlő©ĺţf˘–f§ţX¬¶)ߣůZ®×9dΆŰi˙ůZ®×(®
Re: [LARTC] forwarding in tcng
On Fri, 5 Dec 2003, Martin A. Brown wrote: Hi Martin. > Johan, > : I have read the tcng reference manual and cannot find information about > : forwarding. Is it possible to farward packets from ingress to egress > : without sending them upwards in layers? > : > : NIC>ingress>forward->egress> > > The reason you find no information about forwarding in the tcng manual, is > that forwarding doesn't happen in the traffic control layer of the Linux > IP stack. I realised this after I had done some research on forwarding on the Internet. :) Thanks!! > As far as I know, there's no way to prevent a packet from being > passed up to the kernel bridge or routing code. So, since you are > probably using this machine as a router, you'll want to take a look at the > KPTD at Stef's site [0]. Actually Im going to build a testplatform, where Im using a Wireless LAN, BSS-topology with a central station (AP) to controll downlink. Dependent on link quality, the AP is going to give access to the radio interface. Stations are using a network card driver that includes the link quality into the ttl_field. The ttl_field was availabla :) At ingress I want to filter packets that are giving information about the link quality. Value 0x81 is indicating that information about the link quality is available. > > Makes sense. > > : dev eth1 { > :$P = bucket(rate 1Mbps, burst 2kB, mpu 64B); > :ingress { > :class (<>) > :if ((ip_ttl & 0x81) == 0x81) && > :(conform $p && count $P); > > Did you really mean to "confirm $p && count $P"? I'd think that was meant > to be "conform $P && count $P". It was ment to be "conform $P && count $P". > :egress { > :class (<$high>) if (((ip_ttl & 0x1E) >> 1) <= 0x0F) && > :(((ip_ttl & 0x1E) >> 1) >= 0x0C); > > Neat bit math (here and above). I'm going to stick this one in my bag of > tricks. Thanks :) > > [ snip ] > > : If forwarding is not possible can I use hash table with tcindex to store > : information at ingress, and use this information at egress? > > I'm not completely certain what your intent is with this hash table, but I > think the answer to your general question is yes. One of the points of > tcindex is that you don't need to run through the same sets of tests on > ingress and egress; tcindex is designed to be reusable packet metadata > during a packet's lifetime on a given host. You may find that Leonardo > Balliache's DiffServ pages can help you with the Linux DiffServ > architecture, in particular, tcindex [1]. I need a table with information of available stations and their link quality for tests, where I am going to generate packets from AP to stations with good quality. I think I have to use tcindex. > > If this is not helpful, try the LARTC HOWTO [2] on DSMARK (and tcindex), > and then try a few of Werner's papers [3]. > > Failing all of that, you might try asking this list again, or checking out > the (fairly inactive) Linux-DiffServ mailing list [4]. > > -Martin > > [0] http://www.docum.org/stef.coene/qos/kptd/ > [1] http://opalsoft.net/qos/DS.htm > http://opalsoft.net/qos/DS-210.htm > [2] http://lartc.org/howto/lartc.adv-qdisc.dsmark.html > [3] http://www.almesberger.net/cv/papers.html > http://www.almesberger.net/cv/papers/dsid-01.ps.gz They have done a great job. > [4] http://diffserv.sourceforge.net/#list > Thank you Martin for this information. /Johan Cimen ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/