Re: [LARTC] rebuilding an OpensourceVideoconferencechattool Hello richard, Experts
On May 20, 2005, at 7:51 AM, Michael Renzmann wrote: Moin. Marc Manthey wrote: Sorry for my offtopic post, Oh mann, wenn Du schon weisst, dass es offtopic ist (und das ist es wirklich), dann poste die Mail doch in die LARTC-Liste. Es gibt sicherlich passendere Foren dafuer. Soviel zum Thema typisch... http://daemlich.net/7499 Ciao, Mike cu smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] iptables traversing read
Hi Is there a program which allow me to see how my traffic goes through my iptables rules? Which accept it, which deny? Right now my router has a little bit of traffic and its hard to see only mine traffic. -- MiĀ³ego Dnia Krystian Antoni ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc The program you will want to use is iptables -nvxL It will show you byte and packet counters for each rule you have on the system. With a little bit of shell programming sill, you can get MRTG to work on it and get a visual representation of your traffic, rather than boring text. This can be done with a script that does a iptables -nvxL, gets the output, greps for the rule you want to graph, cuts away right to the packet and byte counter, and then returns it. This script can gbe added as a target in mrtg.conf...mrtg added to crond.conf...and all the graphics are ready! Google for mrtg...it will be easy! ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] equal bandwidth for all IPs
Do you mean creating class for every IP or you know some other solution that I'm looking for a long time with no success? regards, Andriy Korud -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Krystian AntoniSent: Thursday, May 19, 2005 10:26 PMTo: ro0otCc: lartc@mailman.ds9a.nlSubject: Re: [LARTC] equal bandwidth for all IPsyou will have to use classful traffic shaping (QOS) with HTB / CBQ / HSFC.go to www.lartc.org and they have a pretty good document on how to get it up and running pretty fast :-)if u run in to any problems come back and ask :-) On 5/19/05, ro0ot [EMAIL PROTECTED] wrote: Hi,How can I set equal bandwidth of 512kbit downlink and 256kbit uplink forevery single IP address of 254 IP addresses I have in my LAN?Regards,ro0ot___ LARTC mailing listLARTC@mailman.ds9a.nlhttp://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc-- Miego DniaKrystian Antoni ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] iptables traversing read
On Fri, May 20, 2005 at 09:52:15AM +0300, [EMAIL PROTECTED] wrote: Hi Is there a program which allow me to see how my traffic goes through my iptables rules? Which accept it, which deny? The program you will want to use is iptables -nvxL It will show you byte and packet counters for each rule you have on the system. With a little bit of shell programming sill, you can get MRTG to work on it and get a visual representation of your traffic, rather than boring text. With a little bit of shell programming you can store that data into RRD databases. Easy to graph, easy to calculate over time ranges etc. (Or, maybe, setup MRTG to store stats into RRD bases:) -- _,-=._ /|_/| `-.} `=._,.-=-._., @ @._, `._ _,-. ) _,.-' `G.m-^m`m'Dmytro O. Redchuk ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] equal bandwidth for all IPs
On Thu, 19 May 2005, ro0ot wrote: How can I set equal bandwidth of 512kbit downlink and 256kbit uplink for every single IP address of 254 IP addresses I have in my LAN? See: http://wipl-wrr.sourceforge.net/ The system is made by: Christian Worm Mortensen (worm at dkik.dk) To quote his announce email: The WRR scheduler is an extension to the Traffic Control/network bandwidth management part of the Linux kernels. The scheduler was developed to support distributing bandwidth on a shared Internet connection fairly between local machines. I know a couple of systems which are using WRR in production, but I have not tried it my self. Hilsen Jesper Brouer -- --- Research Assistant Dept. of Computer Science, University of Copenhagen E-mail: [EMAIL PROTECTED], Direct Tel.: 353 21438 --- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HTB + IMQ + IPtables marking.
I tried your way for the whole day. but still with the same result. Maybe i'll try just like Andy Furmis said. set some limit to SFQ. Regards, Rio Martin. On Thursday 19 May 2005 06:07, Krystian Antoni wrote: 1. lines: /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 1 /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 1 /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -d 202.x.1.0/24 -j MARK --set-mark 10 /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -d 202.x.2.0/24 -j MARK --set-mark 20 should be in this order: /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -d 202.x.1.0/24 -j MARK --set-mark 10 /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -d 202.x.2.0/24 -j MARK --set-mark 20 /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 1 /usr/sbin/iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 1 3. performance fix /sbin/tc class add dev imq1 parent 2: classid 2:1 htb rate 768Kbit doesnt have CEIL defined? it has to have it defined so your modem wont queue packets, making your latency go to meet the sky :-) set it to 90-95% of the bandwidth your modem can do /sbin/tc class add dev imq1 parent 2: classid 2:1 htb rate 768Kbit ceil 1000kbit 4. performance fix put some leaf qdisc like SFQ. /sbin/tc qdisc add sfq parent id 2:20 handle 20 : sfq perturb 10 5. performance fix in the classes 2:10 and 2:20 you're using only 256kbit of RATE. change it so their sum is the rate of their parent. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: Re: [LARTC] equal bandwidth for all IPs
On Fri, 20 May 2005 12:00:42 +0200 (CEST) Jesper Dangaard Brouer [EMAIL PROTECTED] wrote: See: http://wipl-wrr.sourceforge.net/ [cut] I know a couple of systems which are using WRR in production, but I have not tried it my self. I use it at about 5 locations, largest one having ~1400 computers. Works like a charm. Fore easy to use script check out my distribution Route Hat http://www.routehat.org (the script is of course usable in other distributions too supposing you have all the patches in iproute/iptables/kernel) Yours sincerely, Peter ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] [SUMMARY] filtering on MAC rather than by SRC address
I worked out how to filter based on SRC IP, you can't with tc. Using iptables PREROUTING you can but I wanted to avoid getting QOS into iptables. I also found you can filter on SRC/DST MAC address. Hmm same thing really so here is what you need to know: the u32 can be used to match any bit in the ip header. Before the ip header, there is a frame header. In that frame header you can find the src and dst mac address. You can trick the u32 filter in using the frame header if you use negative offsets. Decimal Offset Description -14:DST MAC, 6 bytes -8: SRC MAC, 6 bytes -2: Eth PROTO, 2 bytes, eg. ETH_P_IP 0: Protocol header (IP Header) Egress (match Dst MAC): ... match u16 0x 0x at -2 match u32 0xM2M3M4M5 0x at -12 match u16 0xM0M1 0x at -14 Ingress (match Src MAC): ... match u16 0x 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 Where is the Eth Proto Code (from linux/include/linux/if_ether.h): ETH_P_IP= IP = match u16 0x0800 So the below is what I came up with and it works. Simplistic I know. Now that I have the basics working I can build on it now with diferent QOS settings for different packet types (ie ack, ssh, bulk) though I may use L7 filtering using iptables for this. Hey using iptables after all this :\ tc qdisc add dev ppp0 root handle 1:0 htb default 20 tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 # My Laptop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:10 # My Desktop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0x at -2 match u16 0xM4M5 0x at -4 match u32 0xM0M1M2M3 0x at -8 flowid 1:20 # change the MAC's of course. tc -s -d class show dev ppp0 tc -s -d qdisc show dev ppp0 tc -s -d filter show dev ppp0 There you have it. :L -- Hi All, I've been playing with QOS for a short while now and have worked out how to do what I want using HTB. Great queuing discipline btw. My problem is the tc filters I want to setup aren't working because iptables is getting to the packets first and mangling the src address. The iptables script I am using is MonMotha's Firewall 2.3.8 and it includes lots of nice goodies like syn flood rate limiting. The extra bits like this are why I'm using it rather than figuring the iptables configuration out myself. My network configuration is trivial, adsl router connected to linux box connected to two networks, LAN and WLAN. I like having these iptables features but MonMotha's Firewall isn't designed with QOS in mind. My question for this list, is there a recommended iptables router script that everyone here uses designed with QOS in mind or have you all written your own ? Thanks in Advance Lee ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- _ Lee Sanders Computer Systems Engineer Consultant Email: [EMAIL PROTECTED]Professionals Mobile: 040048163277 122 550 929 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
