[LARTC] Please help in choosing the right patches
Dear Sir, Please help me in building the right solution. My requirement is: 1st I want to club both ISP bandwidth to get 512kbps. 2nd, In normal condition, it should be in Load balancing. 3rd , In ISP Failover condition, traffic will automatically route to working ISP. What I have: I have installed the RHEL 3.0 with 3 Network Card. Kernel is 2.4.21-9EL I have the link from two ISP both 256kbps. Both ISP given 8 real IP Pool. One ISP is through Lease line, terminated at my router CISCO 1841. Output of this is connected to ETH1 2nd ISP is through Ethernet & connected to ETH2 ETH0 is connected to the Local zone. What I have done: I have gone through http://www.ssi.bg/~ja/nano.txt AND further http://www.ssi.bg/~ja/ & got confused in choosing the right patch. Please suggest if I will choose Jumbo Patch patch-2.4.20-ja1.diff , is any other patches also required after this? If yes, is there any sequence in applying these patches? Awaiting your valuable suggestion. Thanking you, Sandeep Agarwal ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wireless router or Access Poing
Hi. On Tue, 2006-02-07 at 00:20 -0300, LinuXKiD wrote: > There is some distro or minidistro in order to do that ? Voyage Linux: http://www.voyage.hk/software/voyage.html Or, as an "extension" of Pebble (someone else mentioned that already): http://www.voyage.hk/software/pebble-voyage.html Bye, Mike ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Limited quantity of filters.
Konrad wrote: > > $TC filter add dev imq0 parent 1:0 prio 5 protocol ip u32 > $TC filter add dev imq0 parent 1:0 prio 5 handle 2: protocol ip u32 > divisor 256 > for ((j=0; j<=7; j++)) > do > for ((i=0; i<=255; i++)) > do > q=`printf "%x\n" $i` > $TC filter add dev imq0 protocol ip parent 1:0 u32 ht 2:$q: match ip > src 10.0.$j.$i flowid 1:10 > echo "$q 10.0.${j}.$i" > done > done > $TC filter add dev imq0 protocol ip parent 1:0 prio 5 u32 ht 800:: match > ip src 10.0.0.0/16 hashkey mask 0x00ff at 12 link 2: > echo "Another filter" > $TC filter add dev imq0 protocol ip parent 1:0 prio 4 u32 match ip src > 10.0.0.1 flowid 1:10 > # (1:10 is the example, in reality this filters will send packets to > different classes) > > This short script create filters. This script can create only about 1789 > filters. After that we have this: Konrad, Specify a prio in each 'filter add' line. The SAME prio for each filter. Not specifying any filter won't work, but with a prio you can load at least 64K filter lines. Search this mailing list for "please document" in July 2004. -- gypsy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Limit bandwidth per IP
I would like to limit the amount of bandwidth each IP in a network gets.For example I have a network that runs at 10mbit. I have a class C 192.168.1.0/24 that makes up this network. Is there any simple way I can say each IP in that class C gets 56k with out making a rule for each IP?Thanks,Rob Kobiske ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] wireless router or Access Poing
Pebble. http://www.nycwireless.net/pebble/ LinuXKiD wrote: Hi, I want to set up a Linux as Access Point, and maybe, as router too. There is some distro or minidistro in order to do that ? thanks in advance andres ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] wireless router or Access Poing
Hi, I want to set up a Linux as Access Point, and maybe, as router too. There is some distro or minidistro in order to do that ? thanks in advance andres ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] About two IFs with the same IP and the multipath
Hi there, I'm trying to achieve the classic load balancing using the multipath. The gateways are: A (tunl0) and B (tunl1) This is the classical situation covered by the HOWTO: one computer with two Internet connections. The problems come when I try to use the same IPs for both A and B. So A is 10.229.25.8 and B 10.229.25.8. I cannot do otherwise, I'm forced to use the same IPs. For the rules which select the sources I've tried to use the `iif' option instead of the `from' one. 32764: from all iif tunl1 lookup main 202 32765: from all iif tunl0 lookup main 201 These rules don't work and this means that the packets choose a different gw each time and the TCP connections are killed. I've tried also with: 32764: from 10.229.25.0/24 iif tunl1 lookup 202 32765: from 10.229.25.0/24 iif tunl0 lookup 201 and 32764: from 10.229.25.8 iif tunl1 lookup 202 32765: from 10.229.25.8 iif tunl0 lookup 201 but with no results. Is there a way to solve this problem? A netfilter hack? You can understand better the the whole situation here: http://marc.theaimsgroup.com/?l=linux-net&m=113550638110682&w=2 and here: http://marc.theaimsgroup.com/?l=linux-net&m=113636640615375&w=2 Best regards -- :wq! "I don't know nothing" The One Who reached the Thinking Matter '.' [ Alpt --- Freaknet Medialab ] [ GPG Key ID 441CF0EE ] [ Key fingerprint = 8B02 26E8 831A 7BB9 81A9 5277 BFF8 037E 441C F0EE ] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Multipath Routing Problem
I currently have 4 DSL lines set up to load balance for my lan. The multipath works fine for connections the originate from the linux gateway (such as browsing the internet in KDE or using wget), but all the traffic from hosts on the lan is routed through only one of the DSL lines (as seen using ntop and 'ip route show cache') . What would cause this to happen? Thanks Charlie Meyer ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Limited quantity of filters.
$TC filter add dev imq0 parent 1:0 prio 5 protocol ip u32 $TC filter add dev imq0 parent 1:0 prio 5 handle 2: protocol ip u32 divisor 256 for ((j=0; j<=7; j++)) do for ((i=0; i<=255; i++)) do q=`printf "%x\n" $i` $TC filter add dev imq0 protocol ip parent 1:0 u32 ht 2:$q: match ip src 10.0.$j.$i flowid 1:10 echo "$q 10.0.${j}.$i" done done $TC filter add dev imq0 protocol ip parent 1:0 prio 5 u32 ht 800:: match ip src 10.0.0.0/16 hashkey mask 0x00ff at 12 link 2: echo "Another filter" $TC filter add dev imq0 protocol ip parent 1:0 prio 4 u32 match ip src 10.0.0.1 flowid 1:10 # (1:10 is the example, in reality this filters will send packets to different classes) This short script create filters. This script can create only about 1789 filters. After that we have this: (...) f9 10.0.7.249 fa 10.0.7.250 fb 10.0.7.251 fc 10.0.7.252 fd 10.0.7.253 RTNETLINK answers: File exists We have an error talking to the kernel fe 10.0.7.254 RTNETLINK answers: File exists We have an error talking to the kernel ff 10.0.7.255 RTNETLINK answers: File exists We have an error talking to the kernel Another filter RTNETLINK answers: File exists We have an error talking to the kernel amidala:~# After this I can't create any more filters on this device. What should I do when I have 10 subnets or more? I want to create more filters. Who knows how? Below this text we have next example... creating filters well, but it's too slow! for ((j=0; j<=10; j++)) do for ((i=0; i<=255; i++)) do $TC filter add dev imq0 protocol ip parent 1:0 prio 4 u32 match ip src 10.0.$j.$i flowid 1:10 echo "10.0.$j.$i" done done I need more powerful solution. Need some help... Any suggestions? -- Konrad ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] p2p marking, again
Bah, I don't know why I didn't notice this before in your previous email. It's obvious now that you gave the states output: iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark that line is horribly wrong, it should be: iptables -t mangle -A DSL-IN -p tcp -j CONNMARK --restore-mark The whole point is that ipp2p can't match on every packet! so you save the mark and then restore it. However, you were conditionally restoring the mark only when ipp2p matched, which completely defeats the purpose. There's also no reason to have the "-m ipp2p --ipp2p" when saving the mark, as this adds more work than is neccasary. Instead of: iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark I'd suggets: iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j CONNMARK --save-mark As this match would be much faster, and would mean no redundant work on matching ipp2p. I'd also suggest combining your tcp and udp matches for ipp2p into 1. I'd also suggest not using the -m ipp2p -ipp2p instead listing out the protocols to match, even if it's all of them. For some reason, -ipp2p doesn't match all of the safe to identify protocols. I used it at one point but then after updating it stopped including bittorrent. As listed on the ipp2p docs right now: -m ipp2p --ipp2p -m ipp2p --edk --kazaa --gnu --dc are identical, meaning --ipp2p only matches edonkey, kazaa, gnutella, and directconnect. Leaving out the very easy to match and common Bittorrent. I'd suggest using: -m ipp2p --edk --kazaa --gnu --dc --bit In the end this would result in this for your script: #restore mark iptables -t mangle -A DSL-IN -p tcp -j CONNMARK --restore-mark #skip rest of chain if packet already marked iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT #match p2p traffic. iptables -t mangle -A DSL-IN -m ipp2p --bit --edk --kazaa --gnu --dc -j MARK --set-mark 7 #save mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j CONNMARK --save-mark - Jody On 2/6/06, Vaidas <[EMAIL PROTECTED]> wrote: > > > > Hey, one more question for ipp2p > > > > iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK > --restore-mark > > iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT > > iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 > > iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark > > iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK --set-mark 7 > > by this set of commands, should all p2p packets mark well ? Because very > little of them are marked on my server… > > Chain DSL-IN (1 references) > > pkts bytes target prot opt in out source > destination > >13708 2260152 CONNMARK tcp -- anyany anywhere > anywhereipp2p v0.8.1_rc1 --ipp2p CONNMARK restore > >11456 2016247 ACCEPT tcp -- anyany anywhere > anywhereMARK match !0x0 > > 2252 243905 MARK tcp -- anyany anywhere > anywhereipp2p v0.8.1_rc1 --ipp2p MARK set 0x7 > > 2252 243905 CONNMARK tcp -- anyany anywhere > anywhereipp2p v0.8.1_rc1 --ipp2p CONNMARK save > > 183300 3958 MARK udp -- anyany anywhere > anywhereipp2p v0.8.1_rc1 --ipp2p MARK set 0x7 > > > > Only few Kbytes of tcp, ant few mbytes of udp.. but downloading was up on > 320kbps all night > > __ > > Vaidas > > VDXnet sistemų administratorius > ___ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] ip rule, fwmark, mangle and src IP
I made a script to test if in a moultiple gateway setup all default connection are up, regardless of the fact that that gateway is the default gw. Suppose adsl1 and adsl2 are present, and all traffic goes by default to adsl1, and you want to test if adsl2 is ok. 1. I use mangles from iptables to mark icmp packets to some test machines 2. I set up a routing table for each adsl 3. I use 'ip rule' to route marked packets to the gw I am testing This works 'almost' correctly. In some situations I need to force the src address with 'ping -I ' becouse the kernel seems to attach the src address reguardless of the *real* path that the packet takes. Under these circumstances the provider refuses to route the packets. Eg: /10.0.0.1-> (gw1) 10.0.0.254(adsl1: table adsl1 w/ default 0.254) FW \ 192.168.1.1 -> (gw2) 192.168.1.254 (adsl2: table adsl2 w/ default 1.254) suppose 10.0.0.254 is the default gateway for table 'main'. iptables -t mangle -A OUTPUT -d $TEST -p icmp -j MARK --set-mark $MARK ip rule add fwmark $MARK table adsl2 Now a ping to $TEST would result in icmp packets sent to gw2 *but* with src 10.0.0.254 even thought i used 'src 192.168.1.1' when setting the route on gw2 . Is it possible that the kernel routine thath attaches the IP to the packet comes before the 'ip rule' that looks for the fwmark? Thanke or the attention sandro *:-) -- Sandro Dentella *:-) e-mail: [EMAIL PROTECTED] http://www.tksql.orgTkSQL Home page - My GPL work ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] p2p marking, again
Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK --set-mark 7 by this set of commands, should all p2p packets mark well ? Because very little of them are marked on my server… Chain DSL-IN (1 references) pkts bytes target prot opt in out source destination 13708 2260152 CONNMARK tcp -- any any anywhere anywhere ipp2p v0.8.1_rc1 --ipp2p CONNMARK restore 11456 2016247 ACCEPT tcp -- any any anywhere anywhere MARK match !0x0 2252 243905 MARK tcp -- any any anywhere anywhere ipp2p v0.8.1_rc1 --ipp2p MARK set 0x7 2252 243905 CONNMARK tcp -- any any anywhere anywhere ipp2p v0.8.1_rc1 --ipp2p CONNMARK save 183300 3958 MARK udp -- any any anywhere anywhere ipp2p v0.8.1_rc1 --ipp2p MARK set 0x7 Only few Kbytes of tcp, ant few mbytes of udp.. but downloading was up on 320kbps all night __ Vaidas VDXnet sistemų administratorius ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc