[LARTC] mark
folks, when marking a packet to band control , what is the diffent between: iptables -t mangle -A PREROUTING -m p2p --p2p all -j CONNMARK --set-mark $P2P_MARK iptables -t mangle -A PREROUTING -m connmark --mark $P2P_MARK -j CONNMARK --restore-mark and iptables -t mangle -A PREROUTING -m p2p --p2p all -j MARK --set-mark $P2P_MARK ?? tried to "patch-o-matic" with connmark and didnot work out (kernel 2.6.9)... .. it works ok with 2.4.x thanks any help ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] limit number of TCP connections.
Hello George, Thanks for adding some more infos related to this question. - Rio.Martin - On Monday 25 October 2004 15:12, George Alexandru Dragoi wrote: > iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW > -m limit --limit 50/s --limit-burst 100 -j ACCEPT > iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j > DROP > > with udps things are a bit simmilar, except you dont need the --syn > > On Mon, 25 Oct 2004 17:45:14 +, Rio Martin. <[EMAIL PROTECTED]> wrote: > > On 25 October 2004 am 06:05, Cristiano Soares wrote: > > > Hi all. I have a simple question. Is that a way to limit the number os > > > TCP or UDP connection of a single HOST in my network? For exemple: I > > > have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and > > > Bittorrent at the same time, and he also is infected by a virus that > > > opens more than 500 TCP ports at the same time. So, i want to limit > > > that host to be able to open no more then 30 TCP connections at once, > > > so he wouldnt hurt the other users. > > > Thanks in advance, > > > Cristiano Soares > > > > Try connlimit patches from Iptables POM > > www.netfilter.org > > > > - Rio.Martin - > > ___ > > LARTC mailing list / [EMAIL PROTECTED] > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] IPSec with 2.6.9 and Windows clients
Hi, is there a good howto for a Linux VPN-Gateway using racoon and IPSec provided with the actual kernel 2.6.9? Also one for how to set up a connection to the gateway using Windows XP and the client shipped with it? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Virtual interfaces shaping
> Lets say i want to limit all outgoing traffic on wlan0 at 512 Mbits. > The problem is that i cannot apply an htb configuration on wlan0, > beacause some traffic is handled by wlan0xxx. > Is there any way i can "gather" traffic from all wlans interfaces, and > shape overall traffic to a limit??? You can with IMQ. But IMQ is not included in the vanila kernel, you'll need to patch it. I'd suggest http://kem.p.lodz.pl/~peter/qnet/ -- damjan | ÐÐÐÑÐÐ This is my jabber ID --> [EMAIL PROTECTED] <-- not my mail address!!! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Virtual interfaces shaping
I am using hostap driver as an Access Point and want to shape on this wireless interface. The thing with hostap driver (and others i think) is that it creates new virtual interfaces (wlanxxx) for every node that associates with it. Lets say i want to limit all outgoing traffic on wlan0 at 512 Mbits. The problem is that i cannot apply an htb configuration on wlan0, beacause some traffic is handled by wlan0xxx. Is there any way i can "gather" traffic from all wlans interfaces, and shape overall traffic to a limit??? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] tc philosophy, will this work?
Correct me if I'm wrong, I just want to help my friend who needs a tc solution with fairness to hosts on a 512K/s DSL line, but few of them should be restricted to 64K/s I thought about htb + esfq (sfq with ip based fairness, not connection) parent class with CEIL=500Kbit (no RULE? see *1) and attached esfq to this parent class, now child class with CEIL=64Kbit and RULE=10.0.0.1 child class with CEIL=64Kbit and RULE=10.0.0.2 child class with CEIL=64Kbit and RULE=10.0.0.N child class with CEIL=500Kbit and RULE=10.0.0.0/24 is this correct? or: *1 maybe here I will need RULE=10.0.0.0/24 ? so the traffic would be directed to the parent and then 64Kbit for each shaped host, and rest (with fairness) to other hosts in the subnet? or the traffic would be shaped to 500Kbit and will never run thru child classes? I would be thankful for any answer that would allow me to understand tc philosophy better ;) -- .: Jakub Głazik (zytek) .: email: [EMAIL PROTECTED] .: JID: [EMAIL PROTECTED] ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Limit traffic that use to download a file
> It seems OK for me (many months) on 2.4 - I haven't tried it on 2.6 > yet. For me it is rock stable, too ;-). > If you want connbytes and connmark you need more than POM though. > > Someone posted a patch to this list a while back that let you use > both together. Someone wants connbytes and connmark at the same time? Here you have it again: http://www.chilan.com/pom-ng-connmarkbytes.tar.bz2 > Andy. -- Kind regards, Tomasz Chilinski ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Limit traffic that use to download a file
EC wrote: Rinto Exandy wrote: Dear All, I want to limit traffic that use by my client to download files directly from browser, I have already limit the traffic for the same purpose to ftp connection. But I don't want to limit traffic that using for browsing the web. Can I do this with IMQ/HTB or any other method to make this happen. There is a patch at www.netfilter.org called connbytes, you could use this to seperate big http downloads from the smaller ones. This patch is considered experimental. It seems OK for me (many months) on 2.4 - I haven't tried it on 2.6 yet. If you want connbytes and connmark you need more than POM though. Someone posted a patch to this list a while back that let you use both together. Andy. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] limit number of TCP connections.
iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW -m limit --limit 50/s --limit-burst 100 -j ACCEPT iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j DROP with udps things are a bit simmilar, except you dont need the --syn On Mon, 25 Oct 2004 17:45:14 +, Rio Martin. <[EMAIL PROTECTED]> wrote: > On 25 October 2004 am 06:05, Cristiano Soares wrote: > > > > Hi all. I have a simple question. Is that a way to limit the number os TCP > > or UDP connection of a single HOST in my network? For exemple: > > I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and > > Bittorrent at the same time, and he also is infected by a virus that opens > > more than 500 TCP ports at the same time. So, i want to limit that host to > > be able to open no more then 30 TCP connections at once, so he wouldnt hurt > > the other users. > > Thanks in advance, > > Cristiano Soares > > > Try connlimit patches from Iptables POM > www.netfilter.org > > - Rio.Martin - > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- Bla bla ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RE: [LARTC] Limit traffic that use to download a file
> >Rinto Exandy wrote: >> Dear All, >> >> I want to limit traffic that use by my client to download files >> directly from browser, I have already limit the traffic for the same >> purpose to ftp connection. But I don't want to limit traffic that using >for >> browsing the web. Can I do this with IMQ/HTB or any other method to >> make this happen. >> > >There is a patch at www.netfilter.org called connbytes, you could use >this to seperate big http downloads from the smaller ones. This patch is considered experimental. EC. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Limit traffic that use to download a file
Rinto Exandy wrote: Dear All, I want to limit traffic that use by my client to download files directly from browser, I have already limit the traffic for the same purpose to ftp connection. But I don't want to limit traffic that using for browsing the web. Can I do this with IMQ/HTB or any other method to make this happen. There is a patch at www.netfilter.org called connbytes, you could use this to seperate big http downloads from the smaller ones. Thank You. Sorry my English is bad. RInto Exandi ___ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] limit number of TCP connections.
On 25 October 2004 am 06:05, Cristiano Soares wrote: > Hi all. I have a simple question. Is that a way to limit the number os TCP > or UDP connection of a single HOST in my network? For exemple: > I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and > Bittorrent at the same time, and he also is infected by a virus that opens > more than 500 TCP ports at the same time. So, i want to limit that host to > be able to open no more then 30 TCP connections at once, so he wouldnt hurt > the other users. > Thanks in advance, > Cristiano Soares Try connlimit patches from Iptables POM www.netfilter.org - Rio.Martin - ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [Fwd: [LARTC] up and down shaping based on IP]
On Thursday 21 October 2004 20:05, Hariett Jones wrote: > do you mean that i should not use two realtek cards ? > can i use realtek and some other ? like AMDtek AN983b ? Yes. > (i understand that nic is ethernet card) Network Interface Card Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Questions about qdisc statistics
Dear all I am new to SNMP and tc. I am looking to get per interface statistics. I know similar questions have been posed, but most of these by people more advanced than where I am. Please suggest me some places where I can learn about statistics gathering for traffic control using either C based coding on Linux or with snmp (It will be great help if someone can suggest a good snmp on linux tutorial to learn it from) Looking forward to your replies. thanks and regards ram On Mon, 25 Oct 2004 11:26:09 +0300, Antonios Chalkiopoulos <[EMAIL PROTECTED]> wrote: > >Can I use round robin database and mrtg tool to generate html files at linux > >routers and call them from windows PC ? > > >If it is impossible , can I use snmp to retrieve data from linux router at > >windows PC (snmp server at linux and snmp client at windows , if i don't > >misunderstand ) and use round robin database and mrtg tool to generate html > >pages at windows ? > > You can do both although i haven't managed to compile succesfully the QoS snmp > extensions with net-snmp although lots of people have been succesfull at > that. > > As far as round robin databases and mrtg (rrdtool is even better than mrtg) > here is a script to help you. Just run: > > php tc.phps <-- In your linux QoS router, and > cp graph.php /srv/www/htdocs/ <-- In the apache htdocs of your linux QoS > router > > > -- regards Sriram D-Link India Ltd. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Limit traffic that use to download a file
On Monday 25 October 2004 07:46, Rinto Exandy wrote: > Dear All, > > I want to limit traffic that use by my client to download files > directly from browser, I have already limit the traffic for the same > purpose to ftp connection. But I don't want to limit traffic that using for > browsing the web. Can I do this with IMQ/HTB or any other method to > make this happen. You can do this if you use squid as a (transparent) proxy server. Squid knows the file size and if you set up delay pools, you can limit the big downloads. Stef -- [EMAIL PROTECTED] "Using Linux as bandwidth manager" http://www.docum.org/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
AW: [LARTC] Re:
Isn’t it possible to asskick this „Wilson“ off the list ? WTF is the sense of posting this shit to a list with mostly advanced users, which will never open up these shitty attachments ? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Wilson Gesendet: Dienstag, 12. April 2005 03:32 An: LARTC Betreff: [LARTC] Re: >Lovely animals
[LARTC] Questions about qdisc statistics
>Can I use round robin database and mrtg tool to generate html files at linux
>routers and call them from windows PC ?
>If it is impossible , can I use snmp to retrieve data from linux router at
>windows PC (snmp server at linux and snmp client at windows , if i don't
>misunderstand ) and use round robin database and mrtg tool to generate html
>pages at windows ?
You can do both although i haven't managed to compile succesfully the QoS snmp
extensions with net-snmp although lots of people have been succesfull at
that.
As far as round robin databases and mrtg (rrdtool is even better than mrtg)
here is a script to help you. Just run:
php tc.phps <-- In your linux QoS router, and
cp graph.php /srv/www/htdocs/ <-- In the apache htdocs of your linux QoS
router
graph.php
Description: application/php
#
# Version 0.01 - 20 Sept 2004
# Version 0.02 - 20 Sept 2004 - 17:21
# Version 0.03 - 22 Sept 2004 - 18:03 --> classes & qdiscs work perfectly
# Version 0.04 - 23 Sept 2004 - 16:00 --> Added checks for tc , rrdtool
# Version 0.05 - 30 Sept 2004 - 12:12 --> GRED virtual channels are properly parsed.
http://developer.osdl.org/dev/iproute2/ \n";
echo "\n\n\n\n";
exit ("iproute2 not installed in this computer\n");
}
exec("which rrdtool",$rrd_tool);
if (!file_exists($rrd_tool[0]))
{
echo "\n\n\n\n";
echo "Download and install rrdtool from \n";
echo "http://people.ee.ethz.ch/~oetiker/webtools/rrdtool//index.html \n";
echo "\n\n\n\n";
exit ("rrdtool not installed in this computer\n");
}
} ## end function
### FUNTION createFiles(); #
function createFiles($tc_command)
{
global $qdisc;
global $counter;
# 1. Execute tc command and store all output lines to --> $tc_lines
exec($tc_command,$tc_lines);
# 2. Go through every line of the tc output
for($i=0;$i $tc_lines
$tc_lines=null;
exec($tc_command,$tc_lines);
# 2. Go through every line of the tc output
for($i=0;$i $token[1] 2--> $token[2] 3--> $token[3] 4--> $token[4] 5--> $token[5] \n";
#1--> Packet 2--> totals: 3--> 0 4--> (bytes 5--> 0)
$pkts=$token[3];
# remove unwanted ')' at the end of the string
$temp=strrchr($token[5], ")");
$sent=substr($token[5],0, -strlen($temp));
# RED - GRED packets!!
$red_line=$tc_lines[$i-1];
$red_token=preg_split("/[\s,]+/",$red_line);
echo "For filename = $filename we have packets dropped: $red_token[3] . $red_token[5] where dropped and $red_token[7] were early dropped\n";
$drops=1; #to-do: to count drops look at line @ i-1 token 3
passthru("rrdtool update $filename N:$sent:$pkts:$drops");
echo("rrdtool update $filename N:$sent:$pkts:$drops\n");
} else
{
$sent=$token[2];
$pkts=$token[4];
$drops=$token[7];
if ( $dp_counter != 0 ) {
$filename=$qdisc[$counter-$dp_counter].".rrd";
$dp_counter=0;
} else
{
$filename=$qdisc[$counter].".rrd";
}
passthru("rrdtool update $filename N:$sent:$pkts:$drops");
echo "passthru rrdtool update $filename N:$sent:$pkts:$drops\n";
$counter++;
}
}
}
}
} ## end function
?>
# qdisc gred 805f:
# DP:1 (prio 8) Average Queue 0b Measured Queue 0b
# Packet drops: 0 (forced 0 early 0)
# Packet totals: 0 (bytes 0) ewma 3 Plog 25 Scell_log 12
# DP:2 (prio 8) Average Queue 0b Measured Queue 0b
# Packet drops: 0 (forced 0 early 0)
# Packet totals: 0 (bytes 0) ewma 3 Plog 22 Scell_log 12
# DP:3 (prio 8) Average Queue 36110b Measured Queue 35428b
# Packet drops: 517 (forced 0 early 517)
# Packet totals: 14128 (bytes 14721376) ewma 3 Plog 20 Scell_log 12
# Sent 14182662 bytes 13611 pkts (dropped 517, overlimits 517 requeues 0)
# backlog 35428b 34p
#qdisc red 4: limit 60b min 3b max 6b
# Sent 5285024 bytes 5072 pkts (dropped 42031, overlimits 42031 requeues 0)
# backlog 63562b 61p
# marked 0 early 42031 pdrop 0 other 0
#qdisc htb 3: r2q 10 default 12 direct_packets_stat 68
# Sent 44076642 bytes 42301 pkts (dropped 42548, overlimits 89997 requeues 0)
# backlog 1043p
#qdisc dsmark 1: indices 0x0040 set_tc_index
# Sent 44083936 bytes 42308 pkts (dropped 42548, overlimits 0 requeues 0)
# backlog 1043p
[LARTC] limit number of TCP connections.
Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network? For exemple: I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP connections at once, so he wouldnt hurt the other users. Thanks in advance, Cristiano Soares
