[LARTC] GeoIP?
Hi all, does anybody know what happened to GeoIP (www.geoip.net)? It seems I just get an empty page if I try go to the site now... Thanks, Justin ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to balance OUTBOUND traffic by packet if..
[EMAIL PROTECTED] wrote: I am still looking for a solution to this problem... [EMAIL PROTECTED] wrote: Hi, Yes i did give this a try a couple of times before with no success /sbin/iptables -I OUTPUT -m nth --every 2 --packet 1 -t mangle -j MARK --set-mark 0x2 /sbin/iptables -I OUTPUT -m nth --every 2 --packet 0 -t mangle -j MARK --set-mark 0x1 ip rule : 0: from all lookup local 201:from all fwmark 0x2 lookup 202 201:from all fwmark 0x1 lookup 201 32766: from all lookup main ip route show table 202 default via 212.199.28.244 dev ppp1 proto static src 80.178.89.120 ip route show table 201 default via 212.199.26.111 dev ppp0 proto static src 84.94.148.214 ip route show table main 212.199.26.111 dev ppp0 proto kernel scope link src 84.94.148.214 212.199.28.244 dev ppp1 proto kernel scope link src 80.178.89.120 default proto static equalize nexthop via 212.199.26.111 dev ppp0 weight 1 nexthop via 212.199.28.244 dev ppp1 weight 1 I must admit I am more into tc than ip so I've never tried it. My guess is that you need to get rid of equalize/weights as these load balance per connection and the routes get cached. Andy. More things I would try - mark in postrouting, snat to the adress of downlink you want return to use. Get rid of the src adresses in in tables. Andy. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to balance OUTBOUND traffic by packet if..
Andy Furniss wrote: mark in postrouting, Oops - I mean mark in forward aswell as output - do snat in postrouting nat table. Andy. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] dynamic bandwidth allocation
Hi, Hope someone can help me. I am a student who hass been given a project to develop a dynamic bandwidth service. I currently have a linux router which at the moment gives users static bandwidth and assigns each of them to a bucket. I have not gotten information yet as to whether each bucket is serviced in a round robin fashion or whether certain buckets get preferential treatment (i.e. bucket 1 service 60% as opposed to bucket 2 40%). I need to implement dynamic bandwidth/traffic shaping based on certain types of traffic/applications e.g.voice or based on particluar users. So basically if voice traffic is being delayed and not getting through,the bandwidth should be dynamically adjusted to accommodate this and then readjusted once the problem is resolved. I have researched the iproute 2 package,tc, packet priorities, tos bytes, queues etc the last few days but I am actually confused at this stage by all the information. I have also come across a scripting tool called pacemaker from st josephs university in america which seems close to what I want but not quite it. If anyone could offer me advice on how I should approach this, whether it's do-able and an estimation of what kind of task Im undertaking i.e. how difficult and how much time this might take, I would be VERY grateful. As I have not worked in industry before and am not very familiar with linux, I dont know how possible/difficult this project is or even how to approach it. Thanks in advance, Aisling. ---Legal Disclaimer--- The above electronic mail transmission is confidential and intended only for the person to whom it is addressed. Its contents may be protected by legal and/or professional privilege. Should it be received by you in error please contact the sender at the above quoted email address. Any unauthorised form of reproduction of this message is strictly prohibited. The Institute does not guarantee the security of any information electronically transmitted and is not liable if the information contained in this communication is not a proper and complete record of the message as transmitted by the sender nor for any delay in its receipt. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] hashing filters
Hi all, I am a newbie and I have not played a lot with tc utility. I have red maybe everything thathas to do withmassive filtering (maybe not everything).If you can help meon this I wouldappriciate that very much. I use tc utility with iproute2-ss040831. I want to limit bandwidth for the 192.168.0.0/16 subnet usingthis script. tc qdisc del dev eth0 roottc qdisc add dev eth0 root handle 1: htbtc class add dev eth0 parent 1: classid 1:2 htb rate 100Mbit ceil 100MBit tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/16 hashkey mask 0x00ff at 12 link 2:tc class add dev eth0 parent 1:2 classid 1:3 htb rate 128Kbit ceil 128Kbit j=0; while [ $j -le 254 ] do i=0; while [ $i -le 254 ] do hexi=`echo "obase=16; $i" | bc` tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done j=$((j+1))done somewhere at 192.168.8.7/32 it appears on the screen this message RTNETLINK answers: File existsWe have an error talking to the kernel Can you tell me please what am I doing wrong. Thank you in advance Valton
[LARTC] Good pratice with a Linux Gateway / Traffic Shapping
Hi, I am the network administrator of my company, I know quite well Windows networking and a few about Linux and its amazing routing and QOS capabilities. Right now, we have a bustable T1, which mean that the bill increase with out T1 use. I have decided to find a way to shape the traffic so I can stay at a raisonable speed of 256 kb/s (Up/down) on my T1. I have linux gateway with 2 nics behind a PIX firewall. Right know, the gateway and the pix are configured in a way so I can have a network segment inside my internal network. The Linux version is suse PRO 9.2 My questions are (yes, they are several questions) what is the best method to use to shape the traffic on my linux gateway ? I know that there is several possibilities, like wondershaper script , htb.init script and even l7-filter but I still confused about the right procedure that I have to use. most probably, I have to customize my script so it can reflect what I want, I know also that I have to learn pretty much on those different shaping methods, but is there some good books/ internet site where I can find some usefull information about that ? I also looking for some guides that could help me to begin the project. also, is there a way to make the shaping different for particular ips or protocols ? I know that I can mark some packets but still confused how to make all the stuff work. The linux world is so huge that I am pretty lost ... so different method, so many considerations, patches to apply, stuff like that. I want to learn and master my network, and working hard is not a problem. The problem is maybe when a newby starts to enter the linux world, it is quite confusing ... Anyway, I am ready to work hard on this project and I hope I can count on the linux community to give me a little help. I know that those questions are maybe already been asked by other people in the same situation. So I will try to create a guide as the project will evolve and make it available on the net for everybody. I really need some advices here because I know that it is possible. Any help will be apreciated. Sorry for my english ... Romain Pelissier 9900 Cavendish Blvd., suite 200 St-Laurent, QC H4M 2V2 T 514.333.6600 /126 F 514.333.1080 [EMAIL PROTECTED] www.sqliaison.com ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Good pratice with a Linux Gateway / Traffic Shapping
Hi! I am not very experienced, but maybe i can help you. TechSupport wrote: Hi, I am the network administrator of my company, I know quite well Windows networking and a few about Linux and its amazing routing and QOS capabilities. Right now, we have a bustable T1, which mean that the bill increase with out T1 use. I have decided to find a way to shape the traffic so I can stay at a raisonable speed of 256 kb/s (Up/down) on my T1. I have linux gateway with 2 nics behind a PIX firewall. Right know, the gateway and the pix are configured in a way so I can have a network segment inside my internal network. The Linux version is suse PRO 9.2 My questions are (yes, they are several questions) what is the best method to use to shape the traffic on my linux gateway ? I think you should use HTB method. http://luxik.cdi.cz/~devik/qos/htb/ Limit the incoming and/or outgoing bandwith, maybe make some subclasses to have garantied bandwith for web, mail, etc. You should attach an SFQ qdisc to the most popular classes. I know that there is several possibilities, like wondershaper script , htb.init script and even l7-filter but I still confused about the right procedure that I have to use. most probably, I have to customize my script so it can reflect what I want, I know also that I have to learn pretty much on those different shaping methods, but is there some good books/ internet site where I can find some usefull information about that ? I also looking for some guides that could help me to begin the project. also, is there a way to make the shaping different for particular ips or protocols ? I know that I can mark some packets but still confused how to make all the stuff work. The linux world is so huge that I am pretty lost ... so different method, so many considerations, patches to apply, stuff like that. I want to learn and master my network, and working hard is not a problem. The problem is maybe when a newby starts to enter the linux world, it is quite confusing ... Anyway, I am ready to work hard on this project and I hope I can count on the linux community to give me a little help. I know that those questions are maybe already been asked by other people in the same situation. So I will try to create a guide as the project will evolve and make it available on the net for everybody. I really need some advices here because I know that it is possible. Any help will be apreciated. This site helped me a lot, to understand: http://www.knowplace.org/shaper/ I didn't use any prepared scripts but write my own using iptables and tc basic commands. If you are a network administrator i recommend this to you too, because this is the way to really understand what you do. -- Udv, Nandor Ps. Welcome to the linux community! ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Connection tracking flush
Hi all, Is there a way i can flush the connection tracking on my box (after a restart in iptables)? If the connection tracking module is unloaded and reloaded, my job will be accomplished i think. The bad thing is i want this tracking module to exist in kernel code and not loaded as a module. Regards, DB ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] 2 internet connections for 2 different purposes
Well, I found a FAQ on the site of shorewall.net site, the config files for the iptables setup I'm using. http://shorewall.net/FAQ.htm#faq32 but it's not what I want to do. So for nowI've got the incoming NAT working for the dmz network, if you come in eth4 on a proper address I route you to eth3 the dmz network and translate it to a 10.2 address. My problem seems to be the outgoing. I don't understand how I tell all machines who are on the 10.1.x.x network connected via eth0 to go out of the ISP connected via eth2. Also, I don't understand how I make machines on the 10.2.1.x network on eth3 to use the interenet connection via eth4. anyone care to get me going in the right direction? Thanks in advance Brooke Chris Bennett wrote: When you say you are so close but can't get your head around the final part... what do you mean? Exactly what is working and what is not? How far have you gotten? - Original Message - From: brooke [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Sent: Wednesday, December 29, 2004 4:56 PM Subject: [LARTC] 2 internet connections for 2 different purposes I've got a linux machine (fedora core 3) with 4 network cards. I looked at the howto and the only example that is close to what I need to do is section 4.2 on multiple uplink providers. I feel like I'm so close but just can't get my head around the final part. Here is what I have eth2 and eth4 connect to 2 different isps. I want all connections the come from my dmz on eth3 to go out of my connection on eth4 I want all connections from my local network on eth0 to go out of my connection on eth2 can anyone help me out with this? thanks in advance Brooke ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Need help regarding TBF Token rate setting
On Tuesday 11 January 2005 12:21, sanjeev ravindran wrote: Hi, I would like to know how to specify the token rate when a tbf qdic is created using tc tool.. Will it be a default value when tbf qdisc is created? http://lartc.org/manpages/tc-tbf.html The token fill rate is rate / timer (Hz) Stef ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] hashing filters
Hi, with a Tomasz suggestions I tried with the setup below but it appears at the same place, the same error. RTNETLINK answers: File exists We have an error talking to the kernel Is there any other way? Regards, Valton - tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:2 htb rate 100Mbit ceil 100MBit tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256 #tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/16 hashkey mask 0x00ff at 12 link 2: tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/24 hashkey mask 0x00ff at 16 link 2: tc class add dev eth0 parent 1:2 classid 1:3 htb rate 128Kbit ceil 128Kbit j=0; while [ $j -le 254 ] do i=0; while [ $i -le 254 ] do hexi=`echo obase=16; $i | bc` echo tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done j=$((j+1)) done - Original Message - From: Tomasz Paszkowski [EMAIL PROTECTED] To: Valton Hashani [EMAIL PROTECTED] Cc: lartc@mailman.ds9a.nl Sent: Wednesday, January 12, 2005 2:11 PM Subject: Re: [LARTC] hashing filters On Wed, Jan 12, 2005 at 01:27:18PM +0100, Valton Hashani wrote: Hi all, I am a newbie and I have not played a lot with tc utility. I have red maybe everything that has to do with massive filtering (maybe not everything). If you can help me on this I would appriciate that very much. I use tc utility with iproute2-ss040831. I want to limit bandwidth for the 192.168.0.0/16 subnet using this script. tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:2 htb rate 100Mbit ceil 100MBit tc filter add dev eth0 parent 1:2 handle 2: protocol ip u32 divisor 256 tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/16 hashkey mask 0x00ff at 12 link 2: change to: tc filter add dev eth0 protocol ip parent 1: u32 match ip dst 192.168.0.0/24 hashkey mask 0x00ff at 16 link 2: tc class add dev eth0 parent 1:2 classid 1:3 htb rate 128Kbit ceil 128Kbit j=0; while [ $j -le 254 ] do i=0; while [ $i -le 254 ] do hexi=`echo obase=16; $i | bc` add hiere: echo tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 and show us results. tc filter add dev eth0 protocol ip parent 1:2 u32 ht 2:$hexi: match ip dst 192.168.$j.$i flowid 1:3 i=$((i+1)) done j=$((j+1)) done somewhere at 192.168.8.7/32 it appears on the screen this message RTNETLINK answers: File exists We have an error talking to the kernel Can you tell me please what am I doing wrong. -- Tomasz Paszkowski ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Test version of iproute2
There is an new version of iproute2 for testing. http://developer.osdl.org/dev/iproute2/download/iproute2-2.6.10-ss050112.tar.gz Mostly simple merges, but could have some issues. Jamal did I get everything you sent? [Masahide Nakamura] ipmonitor shows IPv6 prefix list notification update to iproute2 xfrm for ipv6 [Stephen Hemminger] fix compile warnings when building 64bit system don't include asm/byteorder.h warning about ip route nat no longer supported [Catalin(ux aka Dino) BOIE] fwmark in u32 filters [Andi Kleen] netlink manual page [Thomas Graf] tc testsuite [Jamal Hadi Salim] iptables tc support mirror and redirect actions -- Stephen Hemminger [EMAIL PROTECTED] ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Load balancing / Traffic shaping project looking for help
This looks really nice! I really would like to try it out, but there is no code on the sourceforge site released yet. Unfortunately I am not the person you are looking for as my understanding of the advanced routing concepts is not that good yet, thats why I am interested in your tool :) How much of this actually works? micah On Wed, 12 Jan 2005 12:59:07 -0500, Aaron Wolfe [EMAIL PROTECTED] wrote: Hi, I've managed to create a web based interface to some of the advanced routing capabilities in Linux. Currently it is functional (and pretty, i think :) although far from perfect. I'm looking for people with better programming skills and/or understandings of advanced routing concepts in Linux than I have who'd like to help out with the project. The overall goals are: #1 to make advanced routing and traffic shaping very easy for those just getting started #2 allow admins to easily backup or restore multiple versions of an entire linux router's configuration (fw, routing, traffic shaping, interface settings etc) via a single text file, much like a cisco router #3 make it all pretty enough that the nontechnical CIO types say wow and let us use linux routers in production more often. The current system is a collection of perl CGI scripts and a background process that keeps an eye on things. It supports high availability via the heartbeat project and uses Julian Anastasov's kernel patches to support load balanced routing with dead gateway detection. The background process can start a dialup connection if all other connections have failed. rrdtool is used to generate lots of pretty graphs locally, and the system supports snmp and zabbix remote monitoring. If you're interested (and especially if you'd like to help!) please check out the project page: http://sourceforge.net/projects/kdtrg/ thanks -Aaron ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] How to balance OUTBOUND traffic by packet if..
[EMAIL PROTECTED] wrote: I am still looking for a solution to this problem... [EMAIL PROTECTED] wrote: Hi, Yes i did give this a try a couple of times before with no success /sbin/iptables -I OUTPUT -m nth --every 2 --packet 1 -t mangle -j MARK --set-mark 0x2 /sbin/iptables -I OUTPUT -m nth --every 2 --packet 0 -t mangle -j MARK --set-mark 0x1 Had a go at this on 2.6.9 / iptables 1.2.11 and it seeems nth is broken. I'll try again tomorrow. Andy. ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Need help regarding TBF Token rate setting
Thank you so much for ur response Stef, I have one more doubt that I would like to clear... If I set the rate in kbps at which i want my data to flow, the token rate will be automatically taken and i dont have to set it, right? Thank you for ur time... regards sanjeev - Original Message - From: Stef Coene [EMAIL PROTECTED] To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Need help regarding TBF Token rate setting Date: Wed, 12 Jan 2005 18:44:46 +0100 On Tuesday 11 January 2005 12:21, sanjeev ravindran wrote: Hi, I would like to know how to specify the token rate when a tbf qdic is created using tc tool.. Will it be a default value when tbf qdisc is created? http://lartc.org/manpages/tc-tbf.html The token fill rate is rate / timer (Hz) Stef ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- __ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/