[LARTC] Not routing for 1 host?
Hi, I want to stop routing for 1 particular host in my network. I thought that this would do it: iptables -D INPUT -d aaa.bbb.ccc.ddd -j DROP iptables -D INPUT -s aaa.bbb.ccc.ddd -j DROP But that still shows traffic. What is the corract way to do that? Groeten, Joost Kraaijeveld Askesis B.V. Molukkenstraat 14 6524NB Nijmegen tel: 024-3888063 / 06-51855277 fax: 024-3608416 e-mail: [EMAIL PROTECTED] web: www.askesis.nl ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] QoS Solution for an ISP - Need help on my build tryout
Hello all, I am doing many trys on put a QoS Solution to work at my ISP/WISP. I have this network topology: router <> eth0.srv <> eth1.srv <> clients I just want to make that ALL http, mail, ssh and icmp traffic have preference in any instace. So, what I tryed to do was this: My link has 3096 Kbps upload and 3096 Kbps download (it is a ppp from a telecom) I set a class (tc class) in both interfaces making all trafic going to default class 1:20 that has prio 5. In this class I put a max velocidade of 2500 Kbps. Them I made a filter that will direct all marked (with mark 40) packets to class 1:10 in both interfaces and this class has prio 1 and parent to 1:0. I have marked packges like this: iptables -t mangle -A PREROUTING -p tcp -m tcp --dport 80 -j MARK --set-mark 40 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 40 I made this for every port and every protocol I want but I could not make this QoS works fine. This is still too slow (http browsing). Can someone help me? Att, Nataniel Klug ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] FTP problem in Load Balancing.....
Am Montag, 3. April 2006 14:47 schrieb Sandeep Agarwal: > Hi, > > Now the load balancing is working fine. Thanks for the list members. > Now two problems i am facing... > > 1. Users are not able to download the file though FTP connection. > They are using IE from their desktop as they was doing earlier > like ftp://ftp.site.com > on to page right click & login as the user/pass allocated to > them. They are able to see the contents at there but whenever they > are going to download the file, msg appears as you do not have the > privileges to download. > Any pointer where I am wrong? Seems, that her ftp-data connection seems to go out thru another uplink then the control connection. Most ftp-servers denies this (site-to-site) transfer mode. I don't know any available solution to this problem, except to route all ftp-traffic (data and control connection) thru a specific device. For this you need to select all ftp-packets (iptables) and route them thru one of your uplink devices (simple ip rule add fwmark ... stuff) For non-pasv ftp-transfer mode it's possible to implement a patch to the ftp-nat-helper module for selection proper (means the same) uplink device under respect of uplink device from control connection. But so far there is no patch i know about. -- Markus Schulz ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc patched doesn't work with WFQ
On Mon, 03 Apr 2006 09:25:04 +0200 Julien Bisconti <[EMAIL PROTECTED]> wrote: > > > gypsy wrote: > > Julien Bisconti wrote: > >> Hi, > >> > >> I was searching for few days in this mailing list but I didn't find how to > >> solve my tc problem. > >> Feel free to ask me more details if you think there are relevant. > >> > >> I'm using a Gentoo 2.4.32-gentoo-r2 and I'm trying to test a *weighted > >> fair queuing* (WFQ) > >> implementation. See http://home.sch.bme.hu/~tusi/wfq/ > >> > >> I patched the kernel and loaded the sch_wfq module, I patched iproute2/tc > >> and compile everything. > > > > I think you will find that the patch to iproute2 is too old. The > > iproute used to create it has a date in year 2000 and iproute2 has > > changed substantially since then. > > Thank you so MUCH!!! > > > > > I suggest you contact the author and request a new patch. > > I sent him email but no reply so far. I think I'm going to do it by myself. > > Thank you again. > > Julien Also, since tc supports shared libraries for additional queue disciplines. You could set it up to build a .so and put in /usr/lib/tc. Then you wouldn't need to rebuild all of iproute2. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] multiple gateways problem
I have the following situation: I have a linux box (not in router-mode) with 2 NICs and 2 gateways. I want to be able to switch gateways when one of them is "down". The tricky part is that, by "down" I dont mean an unreachable gateway, but a gateway that is reacable but for some reason cannot route packets. any pointers would be appreciated ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] FTP problem in Load Balancing.....
Hi, Now the load balancing is working fine. Thanks for the list members. Now two problems i am facing... 1. Users are not able to download the file though FTP connection. They are using IE from their desktop as they was doing earlier like ftp://ftp.site.com on to page right click & login as the user/pass allocated to them. They are able to see the contents at there but whenever they are going to download the file, msg appears as you do not have the privileges to download. Any pointer where I am wrong? 2. In case of nexthope down, I have to manually down the interface & do the required changes as suggested on the list. As my programming skills is zero, can someone send me the scripts to automatically this process? Thank you Sandeep ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc patched doesn't work with WFQ
gypsy wrote: > Julien Bisconti wrote: >> Hi, >> >> I was searching for few days in this mailing list but I didn't find how to >> solve my tc problem. >> Feel free to ask me more details if you think there are relevant. >> >> I'm using a Gentoo 2.4.32-gentoo-r2 and I'm trying to test a *weighted fair >> queuing* (WFQ) >> implementation. See http://home.sch.bme.hu/~tusi/wfq/ >> >> I patched the kernel and loaded the sch_wfq module, I patched iproute2/tc >> and compile everything. > > I think you will find that the patch to iproute2 is too old. The > iproute used to create it has a date in year 2000 and iproute2 has > changed substantially since then. Thank you so MUCH!!! > > I suggest you contact the author and request a new patch. I sent him email but no reply so far. I think I'm going to do it by myself. Thank you again. Julien > -- > gypsy > > -- Julien BISCONTI <[EMAIL PROTECTED]> M.Sc. student in Computer Science, University of Namur FUNDP, Belgium ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
