Re: [LARTC] Linux as T1 router
Hi, I do not have experience with running a linux router with a T-1 card in it, but I _do_ run a linux box which serves as an egress device and provides policy based routing across three different ISPs using source addresses This network has about 1200 workstations and uses around 30 different Class C networks.. iproute2 provides a nice way of allocating Internet traffic generated by all these machines across two different T-1s and a 3 Meg connection depending on where the traffic originates... and it runs on a standard desktop PC (i.e., cheap) with a couple of NIC cards in it... iproute2 also provides the ability to 'blackhole' a particular host (or hosts) and deny access to the Internet for those who misbehave or become infected with one scanning virus or another... I am looking for a nice command line tool that I could run on this policy based router that would allow me to more easily identify misbehavers and machines with viruses... I have tried a few tools such as jnettop, iftop, iptraf, pktstat and darkstat, but while each does what it was designed to do fairly nicely, I haven't yet found the tool I am looking for... Any suggestions out there?? Regards, Dave On Fri, 12 Jan 2007 [EMAIL PROTECTED] wrote: > Hello All, > > I am thinking about using a linux server as a T1 router. I have searched > the list, but have not found a discussion about what I'm trying to do. I > have a situation where the Cisco router I'm using will not handle the > additional bandwidth I added recently. Unfortunately, I cannot afford the > Cisco unit that will. I would like to know if anyone has successfully done > this. I have been looking at the Sangoma T1 cards. Would anyone be so kind > as to share their experience in this area. Any advice would be much > appreciated. > > Thanks, > -G > > ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Linux as T1 router
On 01/12/07 12:25, [EMAIL PROTECTED] wrote: I am thinking about using a linux server as a T1 router. I have searched the list, but have not found a discussion about what I'm trying to do. I have a situation where the Cisco router I'm using will not handle the additional bandwidth I added recently. Unfortunately, I cannot afford the Cisco unit that will. I would like to know if anyone has successfully done this. I have been looking at the Sangoma T1 cards. Would anyone be so kind as to share their experience in this area. Any advice would be much appreciated. What you are proposing should not be a problem at all. I personally have not used Linux as a T1 router (yet). Consider if you will that there are people using Linux to filter / bridge / rate limit / you name it with gigabit network interfaces, so I don't think the 1.5 Mbps that a T1 will present will be a problem at all. My only concern would be in which card you choose and what sort of interface it presents to the system in addition to what sort of management tools you have available. I would recommend that you try to stay away from proprietary vendor provided drivers. Not that they will not work, but how many different kernel versions will they support? Will you be able to do what you want to do with it down the road, or will you be locked in to a specific configuration? Just my $.02 worth. Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] filtering in layer 2 [but is not a bridge]
On 01/11/07 06:01, Zoilo Gomez wrote: Isn't an AP just a bridge with a wireless interface? In a sense, yes. However the 802.11 wireless side of the bridge is a very complex physical layer, (IMHO) more so than 802.3 ethernet. Host AP is probably listening to requests at the physical tranceiver level. If the Host AP is operating in an AP mode (wouldn't it be?) it will have to be involved in passing the traffic from one 802.11 client to another. This is really a form of bridging on the physical layer, not layer 2 in the kernel. Thus EB / IP Tables will not help here. I have not (yet) personally worked with Host AP, though I plan to. As such, I'm not sure if it includes functionality to filter the traffic that it sees. I wonder if it would be a possibility to (theoretically) move / extend the functionality of Host AP such that each associated wireless client would (logically / theoretically) appear as a separate interface to a custom bridge that could then be presented / controlled via EBTables. However, this is quite likely exceeding the 802.11 specification in such a way that it would really no longer be 802.11. Something to keep in mind is that in Infrastructure wireless mode, one wireless client has to talk to the AP and have the AP talk to another wireless client on it's behalf. I believe this is the ""bridging that the OP is referring to. Note, I use the term bridging loosely here. On a side note, how well do you like Host AP? Grant. . . . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Linux as T1 router
Hello All, I am thinking about using a linux server as a T1 router. I have searched the list, but have not found a discussion about what I'm trying to do. I have a situation where the Cisco router I'm using will not handle the additional bandwidth I added recently. Unfortunately, I cannot afford the Cisco unit that will. I would like to know if anyone has successfully done this. I have been looking at the Sangoma T1 cards. Would anyone be so kind as to share their experience in this area. Any advice would be much appreciated. Thanks, -G ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Example on using fwmark with masks. Please help!!
Hi, could anyone provides any example about the use of ip route command to force the use of one route using masks in the mark? The configuration is: 1 LAN (zlan0) iface N WAN (wan0 ... wanN) ifaces with static IPs and load balanced. iptables 1.3.7 kernel 2.6.19.2 iproute 2.6.19 I'm yet setting marks into packets for QoS and its working, I now want to set some bits (OR) at the end of the mark. For example, I want to use 0x8000 to add another mark to the packet for routing. The packet is market yet with a QoS mark (--set-mark), 0x5 (for example). I need: 1) The packet been marked with 0x8000 OR 0x0005 = 0x8005 2) Route the packet with 0x8005 AND 0x8000 = 0x8000 over wan0 (for example) 3) Classify the packet with 0x8005 AND 0x0005 into wan0 1:4 class (for example) I know how to do this not having sense about MASKs, but ... Could anybody put here how to do it with them? Another question: What is the length of the mask? 16bit? 32bit? Thanks!! ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc