[LARTC] Limiting B/W
hi, can anyone help me out in limiting the bandwidth for a particular user in Redhat linux 7.2 used as a proxy server. Regs, Ganesh
[LARTC] Multiple connections with dinnamically assigned ips
I´m trying to connect my local network to the internet using 2 ADSL connections, very similar to what is discussed here: http://lartc.org/howto/lartc.rpdb.multiple-links.html but i have some differences: - i will use 2 identical ADSL connections from the same provider with 600 kbits download / 300 kbits upload each - i will have 2 dynamically allocated adresses (from the same range cause its the same provider) - The majority of the bandwidth will be used by p2p programs (mainly emule). So, here is my big question: the p2p traffic will be "load balanced" too, even if is created by just one source inside my local network? If not... its possible to create some rule that can load balance this traffic (e.g. one emule user get nearly the 1200 kbits download for himself)? i was thinking of a "Odd-Couple" configuration (e.g. all the ips ending with 1,3,5,7,9 will go through one connection, and the other use the another connection) but seems very inneffective... someone have a better idea? I readed all the articles and web pages google could give me but i still don´t know exactly which instructions i will use... Someone have a similar case running and can give me some article that talk about this situation? of have some config files or tips to give me? every help is always welcome! Tks in advance Fernando Favero P.S.: Before someone suggest: My ISP don´t wanna help me... they don´t will "merge" the 2 lines to me or something like that...its just me and you guys! :)
[LARTC] R2q stuff
Hi, im using this script to shape traffic as I want..i get this log on
the kernel
Log:
HTB: quantum of class 10020 is big. Consider r2q change.
HTB init, kernel part version 3.13
HTB init, kernel part version 3.13
How worryed should I be :) ???
Thanks people!?
#!/bin/bash -x
fast_mark=1
ultra_fast_mark=2
slow_mark=3
interfaz_externa="eth1"
interfaz_interna="eth0"
iptables="/usr/local/sbin/iptables"
average_port="22 80 8080 3128 443 53 110 5190 259 1041 1723 1863
6667 6668 6669"
p2p_port="1214 4600:4700 1100:1300 21 6346 3135 3531 1911 21
3995 4242 2780 2527 2152 21"
p2p_multiport="5:6"
uplink_bw=1524
downlink_bw=1524
red_interna1="10.0.0.0/8"
red_interna3="172.0.3.0/24"
red_interna2="xxx.xxx.xxx.xxx/27"
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
# ICMP
$iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark
$fast_mark
# TRAFICO OUT
for i in $average_port
do
$iptables -t mangle -N FORW_FAST_OUT_DST_$i
$iptables -t mangle -A FORWARD -i $interfaz_interna -o
$interfaz_externa -p tcp -m mport --ports $i -j FORW_FAST_OUT_DST_$i
$iptables -t mangle -A FORW_FAST_OUT_DST_$i -j MARK --set-mark
$fast_mark
done
# dns fast
$iptables -t mangle -A FORWARD -p udp -m mport --ports 53 -j
MARK --set-mark $fast_mark
for i in $p2p_port
do
$iptables -t mangle -N FORW_P2P_OUT_DST_$i
$iptables -t mangle -A FORWARD -i $interfaz_interna -o
$interfaz_externa -p tcp -m mport --ports $i -j FORW_P2P_OUT_DST_$i
$iptables -t mangle -A FORW_P2P_OUT_DST_$i -j MARK --set-mark
$slow_mark
done
# TRAFICO IN
for i in $average_port
do
$iptables -t mangle -N FORW_FAST_IN_DST_$i
$iptables -t mangle -A FORWARD -i $interfaz_externa -o
$interfaz_interna -p tcp -m mport --ports $i -j FORW_FAST_IN_DST_$i
$iptables -t mangle -A FORW_FAST_IN_DST_$i -j MARK --set-mark
$fast_mark
done
for i in $p2p_port
do
$iptables -t mangle -N FORW_P2P_IN_DST_$i
$iptables -t mangle -A FORWARD -o $interfaz_interna -i
$interfaz_externa -p tcp -m mport --ports $i -j FORW_P2P_IN_DST_$i
$iptables -t mangle -A FORW_P2P_IN_DST_$i -j MARK --set-mark
$slow_mark
done
$iptables -t mangle -N FORW_P2P_IN_DST_MULTIPORT
$iptables -t mangle -A FORWARD -p tcp -m mport --ports
$p2p_multiport -j FORW_P2P_IN_DST_MULTIPORT
$iptables -t mangle -A FORW_P2P_IN_DST_MULTIPORT -j MARK
--set-mark $slow_mark
# p2p probar unas coas
$iptables -t mangle -A PREROUTING -m p2p -j CONNMARK --set-mark
$slow_mark
$iptables -t mangle -A PREROUTING -m connmark --mark $slow_mark
-j CONNMARK --restore-mark
# TRAFICO GENERADO POR EL SERVER HACIA INTERNET
for i in $average_port
do
$iptables -t mangle -N OUT_SERVER_OUT_DST_$i
$iptables -t mangle -A OUTPUT -o $interfaz_externa -p tcp -m
mport --ports $i -j OUT_SERVER_OUT_DST_$i
$iptables -t mangle -A OUT_SERVER_OUT_DST_$i -j MARK --set-mark
$fast_mark
done
# TRAFICO GENERADO POR EL SERVER HACIA LA RED INTERNA
$iptables -t mangle -A OUTPUT -o $interfaz_interna -j MARK
--set-mark $ultra_fast_mark
# CLASES PARA EL TRAFICO EXTERNO
tc qdisc del dev $interfaz_externa root2> /dev/null >
/dev/null
tc qdisc del dev $interfaz_externa ingress 2> /dev/null >
/dev/null
tc qdisc add dev $interfaz_externa root handle 1: htb default 20
tc class add dev $interfaz_externa parent 1: classid 1:1 htb
rate ${uplink_bw}kbit
#tc class add dev $interfaz_externa parent 1:1 classid 1:10 htb
rate $[5*$uplink_bw/10]kbit ceil $[6*$uplink_bw/10]kbit prio 1
#tc class add dev $interfaz_externa parent 1:1 classid 1:20 htb
rate $[3*$uplink_bw/10]kbit ceil $[4*$uplink_bw/10]kbit prio 2
#tc class add dev $interfaz_externa parent 1:1 classid 1:30 htb
rate $[3*$uplink_bw/10]kbit ceil $[3*$uplink_bw/10]kbit prio 3
# modificacion viernes 28/2004
tc class add dev $interfaz_externa parent 1:1 classid 1:10 htb
rate $[5*$uplink_bw/10]kbit ceil $[6*$uplink_bw/10]kbit prio 1
tc class add dev $interfaz_externa parent 1:1 classid 1:20 htb
rate $[4*$uplink_bw/10]kbit ceil $[4*$uplink_bw/10]kbit prio 2
tc class add dev $interfaz_externa parent 1:1 classid 1:30 htb
rate $[1*$uplink_bw/10]kbit ceil $[2*$uplink_bw/10]kbit prio 3
tc qdisc add dev $interfaz_externa parent 1:10 handle 10: sfq
perturb 10
tc qdisc add dev $interfaz_externa parent 1:20 handle 20: sfq
perturb 10
tc qdisc add dev $interfaz_externa parent 1:30 handle 30: sfq
perturb 10
tc filter add dev $interfaz_externa protocol ip prio 1 parent 1:
handle $fast_mark fw classid 1:10
tc f
[LARTC] routing within the same network? is it possible?
Hello, Is routing within the same network possible? If it is, what configuration should I put for the firewall/router shown below? I basically want the host debian13 to be able to send packets via a multi-homed firewall. I think the multi-homed firewall involve some routing. +---+ |debian13 | |eth0:192.168.0.13 | +---+ |eth0 | |eth0 +--+ |firewall/router(linux-box)| |which configuration here? | +--+ |eth1 | +--+ | | |eth0 |eth0 +---+ +---+ |eth0:192.168.0.15 | |eth0:192.168.0.16 | |debian15 | |debian16 | +---+ +---+ Thank you! Victor ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Re: [ANNOUCE] iproute2 update
Hi, Anyone bothered to check : http://en.wikipedia.org/wiki/Kibi this discussion just is too silly. ;-) regards, pieter frans On 9 Jun 2004 at 21:21, Stef Coene wrote: > On Wednesday 09 June 2004 01:31, Stephen Hemminger wrote: > > But should we break existing scripts?? One possibility would be to make > > things case dependant (K = 1024 and k = 1000) or something like that. > I vote for yes. > What we can do, is use an other name so the difference is clear that it's not > tc, but the new tc. Mhh, why don't call this newtc? Or tcnew? Or tc2? > So people can use tc and not change the scripts, or use tcnew and change all > scripts accordingly. > > Stef > > -- > [EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > --00- , , /\ ((__-^^-, -^^-__)) `- _---'`---_ -' `---|o` 'o|---' \ ` / ): :( :o_o: "-" Support Free Software : http://www.gnu.org/fsf/fsf.html and sign the petition : petition.eurolinux.org/index_html ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] [ANNOUCE] iproute2 update
Hi, Anyone bothered to check : http://en.wikipedia.org/wiki/Kibi this discussion just is too silly. ;-) regards, pieter frans --00- , , /\ ((__-^^-, -^^-__)) `- _---'`---_ -' `---|o` 'o|---' \ ` / ): :( :o_o: "-" Support Free Software : http://www.gnu.org/fsf/fsf.html and sign the petition : petition.eurolinux.org/index_html ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] multiple connections; update: ACK not being received by client
On Thu, Jun 10, 2004 at 03:35:49PM -0400, David Magda wrote: [...] > __ > ||- ppp0 -- Dynamic IP (PPPoE on eth2) > Internal eth0 | GW | > ||- eth1 -- Static IP -> Static's GW > [...] > Using tcpdump I get the following results. This is listening on > eth1 as I try to SSH to the destination from an internal box (using > lynx to connect to the same destination results in a web page): [...] Examing the output of tcpdump a bit more closely, it seems that the host where the SSH client is trying to connect from never gets the ACK in the TCP setup handshake. It's being sent by the server, it's received on the external interface of the the gateway, but it never makes it to the internal network. The client machine keeps trying to setup a TCP connection, but never receives the ACK. This is the interface (the client keeps trying to setup the TCP connection): tcpdump: listening on eth0 02:26:10.873080 [SSH client].37705 > [SSH server].22: S\ 769441999:769441999(0) win 5840 (DF) [tos 0x10] 02:26:13.866409 [SSH client].37705 > [SSH server].22: S\ 769441999:769441999(0) win 5840 (DF) [tos 0x10] The external interface is getting the ACK (not from the same session, but gets the point accross): 02:26:11.527294 [GW Ext. IP].ssh > [SSH server].49161: P \ 224:336(112) ack 1 win 10944 (DF) [tos 0x10] The ACK for the TCP connection setup is being sent by the server: tcpdump: listening on fxp0 02:26:10.933176 [SSH server NATed].37705 > [SSH server].22: S \ 769441999:769441999(0) win 5840 (DF) [tos 0x10] 02:26:10.933226 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) 02:26:13.923678 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) 02:26:13.926659 [SSH server NATed].37705 > [SSH server].22: S \ 769441999:769441999(0) win 5840 (DF) [tos 0x10] 02:26:13.926712 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) 02:26:19.923038 [SSH server].22 > [SSH server NATed].37705: S \ 1054657654:1054657654(0) ack 769442000 win 65535 \ (DF) I've tried doing an SSH connection to multiple hosts and it's always the same thing. Here are my iptable rules: gw2:~# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere SNAT all -- anywhere anywhere to: Chain OUTPUT (policy ACCEPT) target prot opt source destination gw2:~# iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK tcp -- 192.168.108.0/24 anywhere tcp \ dpt:ssh MARK set 0x4 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination IP rule list: gw2:~# ip rule list 0: from all lookup local 32765: from all fwmark4 lookup 4 32766: from all lookup main 32767: from all lookup default Routing tables: gw2:/home/mpathix# ip route show table main dev ppp0 proto kernel scope link src 69.158.104.154 63.250.109.128/29 dev eth1 proto kernel scope link src 192.168.108.0/24 dev eth0 proto kernel scope link src default via dev ppp0 gw2:/home/mpathix# ip route show table 4 dev ppp0 proto kernel scope link src 69.158.104.154 63.250.109.128/29 dev eth1 proto kernel scope link src 192.168.108.0/24 dev eth0 proto kernel scope link src default via dev eth1 So basically packets are getting out, but they're not getting back in. Any suggestions? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
