[LARTC] Generic Linux Router ? From newbie
Hello list, I apologize for the simplicity of this email. I have been given the task of setting up a failover connection at out office using old parts. Well, a few days and a couple of installs later, I have a successful configuration, but I am having an issue with my iptables setup. As I am new to the routing scene, I wondered if there was someone who would be able to help point me in the right directions. I have a LAN router setup running CentOS 4.2, this box has 4 nics in it. Ips are as Follows. 192.168.19.1 (primariy WAN route) 192.168.20.1 (secondary WAN route) 192.168.21.1 (default PCLAN) 192.168.22.1 (VOIP LAN) Currently I have a Firewall sitting on the Primary WAN connection as well as one on the secondary Wan connection (2 physical Firewalls). There are a few problems which I have not been able to overcome. I have been successful in getting ipfwd working, but now have noticed a new issue. The goal internally was to allow the primary link to fail and then have our internet connection switch to the secondary wan route. (I have to do this through a script since I technically have a network between my primary fw and my secondary fw. (this doesn't usually go down!). This I think is easy enough, my Script will adjust the default route internally for this to be routed out. HOWEVER,, Our office uses a report server they have to be able to hit from the outside of our network when on the road. We have a Port forward setup on the firewalls to forward into the internal port on the server they need to access. But, the problem is, from the outside, users can only hit and access the firewall which is currently the default route for the internal network to get out. The firewall can ping from its internal interface all of the internal networks, but we can't seem to get through otherwise. I would be happy to detail more information if needed, but I wondered if there was someone who would be able to lead me to a configuration which might allow this setup to work. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB and bridge
My objective is to limit bandwidth through each user's IP\ THanks ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB and bridge
I have 2 nic card with fedora installed. Now, do i need to install any bridge or gateway? or straight install and configue HTB? My objective is to limit bandwidth in and out from the ethernet card. Thanks ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Direct queue priority in HTB
Hi, newbie question. In sch_htb.c:htb_dequeue() there is a comment "try to dequeue direct packets as high prio (!) to minimize cpu work". Does that mean that any unclassified packet (no class/filter applicable) is scheduled as the highest priority packet in HTB? If yes, what is the reason that the direct queue is not treated as the lowest priority best-effort? TIA for any info. -- Naren. Narendra C. Tulpule Principal Firmware Engineer, Staff 6450 Sequence Dr +1-858-404-2650 San Diego, CA 92121 [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Shaping incoming VoIP traffic fails
Am Donnerstag, 16. November 2006 17:37 schrieb Larry Brigman: > On 11/15/06, Daniel Musketa <[EMAIL PROTECTED]> wrote: > > I can watch traffic coming in on ppp0 with `iftop` and it never exeeds > > 900kbit. Why could a 2000kbit headroom be not enough for clean receiving > > of 80kbit VoIP data? > > Because [...] what comes first, goes out first. Also if the download > side can send at a higher rate than you line can handle, there > will be a queue of packets at the router handling the bandwidth > limititation. `iftop` shows me a rate of 800kbit for packets going out to the LAN on eth1. This is the ceil value for egress shaping from router to LAN. But I also can watch the download rate of packets coming in from ppp0. And it's never more than 900kbit, so TCP's mechanism of lowering TX speed after delayed/missing ACKs seems to work. To me it looks as if there wasn't a filled queue on the ISP's side of the line. `tc -s ...` shows me a backlog of about 20p in the "download class". I still can't understand why more than 2 Mbit free bandwith and an empty queue can cause drop outs ... mmh ... Daniel ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] HTB prio: global or per class ?
Hi all, Is the prio specification in the htb class global or is it on a per class basis ? A simple example: class 1:10 parent 1: class 1:100 parent 1:10 prio 3 class 1:200 parent 1:10 prio 7 class 1:201 parent 1:200 prio 1 class 1:202 parent 1:200 prio 2 Which class will get excessive bandwidth first? 100 or 201/202 ? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Shaping incoming VoIP traffic fails
On 11/15/06, Daniel Musketa <[EMAIL PROTECTED]> wrote: On Wednesday 15 November 2006 12:07, Daniel Musketa wrote: > Could I setup HTB better than below? Should I reduce eth1's queue length > (now 1000)? If yes, how? The txqueuelen can be changed by ip link set eth1 txqlen I tried values of 100 and 3 but can't hear an improvement. I can watch traffic coming in on ppp0 with `iftop` and it never exeeds 900kbit. Why could a 2000kbit headroom be not enough for clean receiving of 80kbit VoIP data? Because you are not on the controlling side. The router upstream of you doesn't have the concept of priority of the voip traffic so what comes first, goes out first. Also if the download side can send at a higher rate than you line can handle, there will be a queue of packets at the router handling the bandwidth limititation. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Bridge and Router on the same device
On 11/13/06, Net Cerebrum <[EMAIL PROTECTED]> wrote: I want to configure a device with three network interfaces where two of them would bridge two segments of the LAN subnet and the third one would be connected to the WAN link. eth0 - 10.10.10.2/24 to be connected to the internet gateway having IP 10.10.10.1/24 (also the default gateway for the device) eth1 and eth2 bridged as br0 with IP address 172.16.100.1 connected to different segments of the subnet 172.16.100.0/24. WAN (10.10.10.1) | | eth0 (10.10.10.2) -eth1 eth2-- LAN (172.16.100.0/24)LAN (172.16.100.0/24) I plan to configure the Bridge IP ( 172.16.100.1) as the default gateway for the LAN and also regulate the traffic between the two bridged interfaces (eth1 and eth2) using a user space tool. Further since the traffic meant for internet would pass through eth0, there would be a need to regulate the traffic between eth1 and eth0 and also eth2 and eth0. Is the above arrangement feasible ? Would it be possible to define static routes on this device itself involving hosts reachable through either of the interfaces. Thank you in advance. I think it's possible, but, what does "regulating traffic between the two bridged interfaces"? Remember that a bridge works at the data link layer, so I think it won't be possible filter bridged traffic at higher layers (TCP/IP) on the bridge device. Maybe you can filter at network and transport layers on the physical interfaces which are attached to the bridge (eth1, eth2) with iptables if you really need it. Don't know if you mean filtering by saying "regulating". Routing and bridging is possible. The default gateway for the hosts in 172.16.100.0/24 should be 172.16.100.1, and there's nothing wrong with using a IP which is bonded to a bridge interface. For traffic that needs to be routed from the 172.16.100.0/24 network through the WAN interface you can treat the bridge as a physical interface. 10.10.10.1 should be the default gateway for this machine. Regards. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
