RE: [LARTC] Loadbalancing and failover using TC and Iptables

2005-08-08 Thread :: L i n u XK i D :: 

I've read next link:

- I'm not sure this is still a good link
- http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking


is really neccessary mark pakets on this way ?


[... snip ...]

# iptables -A POSTROUTING -t mangle -j MARK --set-mark 1 \
-m state --state NEW -o ppp0
# iptables -A POSTROUTING -t mangle -j MARK --set-mark 2 \
-m state --state NEW -o ppp1
# iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark \
-m state --state NEW

[... snip ...]


# iptables -A POSTROUTING -t nat -m mark --mark 1 \
-j SNAT --to-source 11.1.1.1
# iptables -A POSTROUTING -t nat -m mark --mark 2 \
-j SNAT --to-source 22.2.2.2







- hareram wrote:
-  
-  Hi all
-  
-  iam trying to deploy loadbalance and failover
-  
-  My setup description
-  --Fedora Core 4
-  --Linux  2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386
-  GNU/Linux
-  --tc utility, iproute2-ss050314
-  --ip utility, iproute2-ss050314
-  --iptables v1.3.0
- 
- You say nothing about Julian's patch, so I assume you did not patch your
- kernel.  You must do that.
- http://www.ssi.bg/~ja/
- 
- http://www.geocities.com/mctiew/ffw/dual.htm
- 
- I'm not sure this is still a good link
- http://selab.edu.ms/twiki/bin/view/Networking/MultihomedLinuxNetworking
- so here is an old copy
- http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html
- --
- gypsy
- ___
- LARTC mailing list
- LARTC@mailman.ds9a.nl
- http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] what is tcp window size ?

2005-07-30 Thread :: L i n u XK i D :: 
what is tcp window size ?

thank you
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] what is tcp window size ?

2005-07-30 Thread :: L i n u XK i D :: 

Thank you very much...

What values are recommended for diferent situations ?

for a Vsat link ? ADSL ? LAN ? ... and so on...

is important to set this value on linux ?

If you have a URL to get more information, please post
it .

thanks again...

andres.


- 
- 
- The TCP header has a 16 bits field that specifies (and now
- I'm quoting from the RFC 793): The number of data octets
- beginning with the one indicated in the acknowledgment
- field which the sender of this segment is willing to
- accept. In plain english: how much useful data you can
- accept from the sender.
- 
-  what is tcp window size ?
-  
-  thank you
- 
- 
- __
- Do You Yahoo!?
- Tired of spam?  Yahoo! Mail has the best spam protection around 
- http://mail.yahoo.com 
- ___
- LARTC mailing list
- LARTC@mailman.ds9a.nl
- http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] block p2p: ARES

2005-07-08 Thread :: L i n u XK i D :: 

Hi !

I've tried last the fantastic ipp2p kernel module.
My results are that:

Ares can be DROPED only
Emule, Kazaa and EDonkey 2000 can be limited and/or Droped.

And for this I have to use:

.
FW=/usr/local/sbin/iptables

# If I don't put next rule, Ares are not marked:
$FW -t mangle -A p2ptraffic -m ipp2p --ares -j DROP

# next p2p rules
$FW -t mangle -A p2ptraffic -p tcp -j CONNMARK --restore-mark
$FW -t mangle -A p2ptraffic -p tcp -m mark ! --mark 0 -j ACCEPT
$FW -t mangle -A p2ptraffic -p tcp -m ipp2p --ipp2p -j MARK --set-mark 10
$FW -t mangle -A p2ptraffic -p tcp -m mark --mark 10 -j CONNMARK --save-mark
$FW -t mangle -A p2ptraffic -p udp -m ipp2p --ipp2p -j MARK --set-mark 10
.

iptables-1.3.1
kernel-2.4.28
squid-cache - 2.5-STABLE10
Debian Stable.


I hope this information can help for ipp2p module.

thank you very much.
andres.



- -Mensaje original-

-
- Hi,
-
- there is a new version of ipp2p, which can detect ares connections now.
-
- just go to www.ipp2p.org and download this version.
-
- the parameter --ipp2p has changed, this is now ALL protocols
-
- please contact me if you find bugs...
-
- Klaus
-
- Klaus wrote:
-  I did a small test with the new ares version.
-  It seems they have switched their protocol and it is not
- detected at the
-  moment.
- 
-  Lets see how difficult the new ares protocol is and how fast we can
-  integrate this into ipp2p.
- 
-  Klaus
- 
-  :: L i n u XK i D :: wrote:
- 
-  Hi
- 
-  I'm trying to setup a LAN router with P2P filter
-  but the problem is that can't catch Ares.
- 
-  There is a way to DROP ares p2p packets ?
- 
-  I've tried with last ipp2p snapshot without sucess...
- 
-  I've
-  Kernel 2.4.28
-  iptables 1.3.0
-  Various Patches from patch-o-matic-ng-20040621
-  iproute2-ss020116
-  IMQ Patch
-  Esfq Patch
-  Julian (route) Patch
-  Debian Woody
- 
- 
-  This is my MANGLE table...
- 
- 
-  Chain PREROUTING (policy ACCEPT 8557K packets, 2822M bytes)
-   pkts bytes target prot opt in out source
-  destination
-  85574   24M p2ptraffic  all  --  *  *   0.0.0.0/0
-  0.0.0.0/0
-  .
- 
-  Chain p2ptraffic (1 references)
-   pkts bytes target prot opt in out source
-  destination
-  11860 1620K CONNMARK   all  --  *  *   0.0.0.0/0
-  0.0.0.0/0   ipp2p v0.7.4 --ipp2p CONNMARK set 0xa
-  0 0 CONNMARK   all  --  *  *   0.0.0.0/0
-  0.0.0.0/0   ipp2p v0.7.4 --bit CONNMARK set 0xa
-  0 0 CONNMARK   all  --  *  *   0.0.0.0/0
-  0.0.0.0/0   ipp2p v0.7.4 --apple CONNMARK set 0xa
-  0 0 CONNMARK   all  --  *  *   0.0.0.0/0
-  0.0.0.0/0   ipp2p v0.7.4 --winmx CONNMARK set 0xa
-  157 CONNMARK   all  --  *  *   0.0.0.0/0
-  0.0.0.0/0   ipp2p v0.7.4 --soul CONNMARK set 0xa
-  0 0 DROP   all  --  *  *   0.0.0.0/0
-  0.0.0.0/0   ipp2p v0.7.4 --ares
-  .
-  54029   13M CONNMARK   all  --  *  *   0.0.0.0/0
-  0.0.0.0/0   CONNMARK match 0xa CONNMARK restore
- 
- 
-  But... ARES Packet are not bloked at the momment
-   0 0 DROP     ipp2p v0.7.4 --ares
- 
- :-(
- 
-  Somebody haves sucessfull blocking ARES ?
- 
-  regards...
-  Andres.
- 
-  ___
-  LARTC mailing list
-  LARTC@mailman.ds9a.nl
-  http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
- 
-  ___
-  LARTC mailing list
-  LARTC@mailman.ds9a.nl
-  http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
- ___
- LARTC mailing list
- LARTC@mailman.ds9a.nl
- http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] macaddress traffic log

2005-07-07 Thread :: L i n u XK i D :: 
Hi

I want to log lan ethernet (by macaddress) traffic with iptraf:

/usr/sbin/iptraf -f -l eth1 -t 1  -B -L /scripts/mac-traff.log

and next with a perl script parse that data to MRTG.

But, I think when iptraf is running I can show iptraf LAN traffic
console.

there is another way to log ethernet (by MACADDRESS) lan traffic ?

regards
andres
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc