Re: [LARTC] Optimization on Bandwidth Management-L7 filtering?
re On Sun, 2006-06-11 at 04:32 +, lee weejin wrote: Since all the incoming packets was checked one by one-(it is time consuming and will cause the processing delay if it is handling more than 50 PC at a time), thus i am thinking that is there any way to have a random checking on incoming packets ? Scipt or tools? so that it wont check all the incoming packets one follow by another one. Try marking only first/new packages/connections, that will be analyzed by layer-7 filter in another chain and there do whole connecting mark (-j CONNMARK --mark XX). Those mark packages/connections can be then picked up by 'tc' for prioritizing traffic or netfilter for rejecting/dropping/.. traffic. regards, Andraz -- BOFH excuse #62: need to wrap system in aluminum foil to fix problem signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] linux bridging vlans?
re can somebody tell me what am I doing wrong (at this late night hour), because vlan are not getting bridged at all. ifconfig eth0 0.0.0.0 up ifconfig eth1 0.0.0.0 up brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 ifconfig br0 up vconfig add br0 X vconfig add br0 Y X = vlan-ID (example: 222) Y = vlan ID (example: 223) # brctl show bridge name bridge id STP enabled interfaces br0 8000.1a1a4c74 no eth0 eth1 # cat /proc/net/vlan/config VLAN Dev name| VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD br0.X | X | br0 br0.Y | Y | br0 dmesg shows that: br0: port 2(eth1) entering learning state br0: port 1(eth0) entering learning state br0: topology change detected, propagating br0: port 2(eth1) entering forwarding state br0: topology change detected, propagating br0: port 1(eth0) entering forwarding state but still no data is forwarded from one interface to another? Is there any sysctl stuff, that I need to set up like 'ip_forwarding' when doing routing? Is there something bridging parameter for forwarding or am I misconfigured things above? thanks and regards, Andraz signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] linux box as vlan p2p limiter and firewall?
re On Thu, 2006-03-23 at 19:20 -0500, Jason Boxman wrote: I like L7, but be sure you're ready to write some pattern matches. I've been using ipp2p[1] and it matches all my p2p traffic. ymmv of course. [1] http://www.ipp2p.org/ can newer 2.6 (2.6.15.x) kernels be patched with ipp2p ? As far as I've compared the two them, the only difference (that I've noticed) is that L7 uses patterns from userspace (written somewhere on file system); regards, Andraz signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] linux box as vlan p2p limiter and firewall?
re I would like to do some firewalling and p2p shaping/limiting on one of the vlans in my network and I was thinking of using linux box as transparent bridged firewall/limiter. For this I'm planning to use AMD64 2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The box must be totally transparent and unseen in the network, as well as it should have much influence on network performance. Can anyone give me some guidelines where to begin, how to limit/shape p2p traffic on that vlan. Is it even doable?? Any example htb/etables/iptables configuration script will also help. :) thanks in advance .. regards, Andraz -- BOFH excuse #362: Plasma conduit breach signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] linux box as vlan p2p limiter and firewall?
re On Thu, 2006-03-23 at 11:15 +, Roberto Scattini wrote: hi, you could try with this http://l7-filter.sourceforge.net/ they have a good howto and some sample scripts (for bridge and non-bridge setup). well can l7-filter be used with etables? Because vlan is trunked (cisco term. = tagged), what in this scenario? regards, Andraz -- BOFH excuse #327: The POP server is out of Coke signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] linux box as vlan p2p limiter and firewall?
re On Thu, 2006-03-23 at 16:58 +0100, Carlos Blanquer wrote: I recommend (so I haven't done it cos I have no needs up now) use FreeBSD to do that. Bridging in BSD has more sense than do it in a Linux box. that was my second best choice ;-] It's totally possible, you can use any script found via google or any of that are travelling in this mail list. True in a way, but still I was hoping that someone can give me more specific guidelines what are the possibilities and what's the best way to do it. Since I've already said, that I need to do p2p limiting and some basic firewalling on data stream in trunked (cisco term. = tagged) vlan. regards, Andraz -- BOFH excuse #327: The POP server is out of Coke signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] linux box as vlan p2p limiter and firewall?
On Thu, 2006-03-23 at 16:18 +, Roberto Scattini wrote: maybe this url can help you, but my knowledge stops there... :( http://ebtables.sourceforge.net/br_fw_ia/br_fw_ia.html http://l7-filter.sourceforge.net/L7-Netfilter-example sounds promising .. regards, Andraz -- BOFH excuse #450: Terrorists crashed an airplane into the server room, have to remove /bin/laden. (rm -rf /bin/laden) signature.asc Description: This is a digitally signed message part smime.p7s Description: S/MIME cryptographic signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc