RE: [LARTC] trouble https multiple uplinks... how?
I ran into this issue too, what I did for IM clients was run the dante socks server and had my lan clients configure to use the proxy server to connect. As for ssl, try marking every packet as it comes in and reroute it out over the same interface it came in on, that way the sessions will stay persistent over a single interface -charlie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Denny Zulfikar Sent: Friday, February 09, 2007 1:15 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] trouble https multiple uplinks... how? hello, my name is Denny. I am new in this list. I am trying use multiple uplinks as describe in the lartc documentation (http://lartc.org/howto/lartc.rpdb.multiple-links.html) with squid transparent proxy in my gateway server. let me draw the configuration : /- -DSL1-| \ |Transparent proxy |Local network -DSL2-| / \- IP DSL1 : 172.17.1.2/30 IP DSL2 : 172.18.1.2/30 IP eth1(DSL1) : 172.17.1.1/30 IP eth2(DSL2) : 172.18.1.1/30 Local network : 10.14.1.0/24 each DSL links rate is 384 kbps downlink and 128 kbps uplinks. my ip route setting : ip route add equalize scope global \ nexthop via 172.17.1.2 dev eth1 weight 1 \ nexthop via 172.18.1.2 dev eth2 weight 1 my iptables setting : # proxy redirect iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 # postrouting iptables -t nat -A POSTROUTING -j SNAT -o eth1 --to-source 172.17.1.1 iptables -t nat -A POSTROUTING -j SNAT -o eth2 --to-source 172.18.1.1 squid config : visible_hostname my_isp.net icp_port 0 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_mem 512 MB cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF cache_dir ufs /cache 6000 14 256 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl localnet src 10.14.1.0/255.255.255.0 acl SSL_ports port 443 563 acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow localhost http_access allow localnet http_access allow manager localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all cache_mgr cache-me cache_effective_user squid cache_effective_group squid logfile_rotate 0 log_icp_queries off buffered_logs on half_closed_clients off maximum_object_size 2048 KB All Configuration is works. I can browsing most website. But, I have another problem when implementing this multiple uplinks methods. 1. Messenger tools like YM will disconnect and try to reconnect every 3-5 minutes. it's always happens. 2. HTTPS for hotmail/msn is always error. "The connection was reset" always appear in mozilla firefox. but, it never happens with yahoo-mail and gmail (https). 3. MSN messenger never connect successfully. All these problem never happens when I used conventional routing with only one gateway. After search articles in internet, I am trying to mark each connection for MSN messenger via only one gateway. this is my solve using iptables : -- iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 0x10 iptables -t mangle -A PREROUTING -p tcp --dport 1863:1864 -j MARK --set-mark 0x10 iptables -t nat -A POSTROUTING -m mark --mark 0x10 -j SNAT -o eth1 --to-source 172.17.1.2 -- It works!! My MSN messenger is able to connect now. but always disconnect every 3-5 minutes. The same way I try to fix my YM problem. I trying to mark YM port and postrouting the traffic to eth1. but, it's not solve my problem. YM always connect/disconnect every 5 minutes. (problem number 1) Another problem, why MSN/Hotmail webmail always refuse my connection? (problem number 2) Maybe somebody have idea how to solve this problem? I feel will give up soon... :( thanks alot for your information and helps.. :) best regards, Denny Zulfikar ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] two internet providers
This would be really easy to do with one box. Have an interface for the cable modem, and an interface for the dsl. Have your default route go to the dsl modem (ip route add/change default table main dev eth via xxx.xxx.xxx.xxx . Then you can configure whatever proxy you are going to use to use the other interface. I have done similar setups using squid as the proxy with transparent redirection as well as using the Dante SOCKS server, both have configuration options to use a specific interface for their traffic. Let me know if you have any questions, id be happy to provide further detail. -- Charlie Meyer University of Illinois at Urbana-Champaign College of Engineering - Department of Computer Science Phi Kappa Psi - Property Manager [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Manish Kathuria Sent: Saturday, January 27, 2007 9:11 AM To: Danut Chereches Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] two internet providers On 1/23/07, Danut Chereches <[EMAIL PROTECTED]> wrote: > hello > > i have slackware installed and i have two internet connections , > ADSL(2,5mbps) + CableModem(1mbps) > i want to share the connections in a small network > NAT for the ADSL connection, and a proxy server for the cablemodem > connection > i searched all over the internet (probably not where i was supposed to) > but i could'n find a solution > if someone could give me a tip i would really appreciate it > The simplest solution would be to use two systems, one connected to the Cable Modem and running proxy server on it and the other one connected to ADSL connection and with packet forwarding enabled and iptables rules for the NAT and forwarding the traffic. The first system can be specified in the proxy server settings and the IP of the second system can be specified as the gateway for the clients. You can also configure the squid proxy server to act as a transparent proxy and redirect the outgoing port 80 traffic through it using iptables rules on the gateway. If you want to use a single system as the gateway and proxy server, you can configure it to use multiple gateways and divide the outgoing traffic where the web traffic (and ftp, if desired) is routed through the Cable Modem and the rest through the ADSL connection. You can also specify the outgoing tcp address in squid proxy server configuration. Please also see the LARTC How To and the documentation for ip tool. -- Manish Kathuria Tux Technologies http://www.tuxtechnologies.co.in/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] load balancing
I ive set up a working linux router with load balancing as per the lartc guide. Everything is working properly, except for the load balancing does not seem to be equally balance the load. The first line gets about 60% of the incoming load, the 2nd line gets about 40%, and the 3rd line hardly gets any of it at all. The outgoing load is evenly balanced among all three lines. I did not set any weights when I set up the route, so this is confusing to me. BTW, I have been using ntop as well as ibmonitor to view the load over each line. when I have tried setting weights, such as 1 for the first line, 2 for the second line, and 4 for the second line, it still doesn't balance correctly. I am using fedora core 6 with all the latest packages and kernel as per yum. any ideas here would be greatly appreciated thanks -charlie ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] htb traffic shaping problem
Hi, I have a similar setup here, and what I did was instead of shaping the traffic with tc, I used mod_cband on apache2 to limit concurrent connections and bandwidth. There is a very helpful reference on getting it up and running here: http://www.howtoforge.com/mod_cband_apache2_bandwidth_quota_throttling Hope that helps a bit Charlie Meyer University of Illinois at Urbana-Champaign Department of Computer Science - Undergraduate [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 08, 2006 7:40 AM To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] htb traffic shaping problem Good afternoon, your configuration seems correct to me. Could you send us the output of "tc -s -d class show dev eth0" during your probes? What kernel and tc versions are you using? Regards, Eric Janz Departamento de Sistemas Grupo Barceló Viajes C\ 16 de Julio, 75 07009 Polígono Son Castelló Palma de Mallorca - Baleares Tel.: +34 971 448030 Fax.: +34 971 436986 Bugzilla-Redirect <[EMAIL PROTECTED]> Enviado por: [EMAIL PROTECTED] 08/09/2006 10:02 Para lartc@mailman.ds9a.nl cc Asunto [LARTC] htb traffic shaping problem Hello. I have a linux server connected to a gigabit lan, and though that lan to a 768kbps/768kbps DSL modem. I'm trying to shape my webserver running on port 80/443 down to 512kbps, while leaving all other ports alone. The current configuration script that I'm using is as follows: tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 99 tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit ceil 1000mbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 512kbit ceil 512kbit tc qdisc add dev eth0 parent 1:10 handle 10: sfq tc class add dev eth0 parent 1:1 classid 1:99 htb rate 900mbit ceil 1000mbit tc qdisc add dev eth0 parent 1:99 handle 99: sfq tc filter add dev eth0 protocol ip parent 1: u32 match ip sport 80 0x flowid 1:10 tc filter add dev eth0 protocol ip parent 1: u32 match ip sport 443 0x flowid 1:10 1:10 seems to be getting the correct traffic from port 80 and 443 while everything else is run to 1:99. The problem is that, while 1:10 is slowing the connection down to a degree, it's nowhere near the set limit. For example: the connection will start out around 50kBps, and then suddenly bounce to over 1MBps, far exceeding it's 64kBps setting. Setting the parent down to 512kbits seems to work correctly, but it cripples the local network. Can anyone point out what I've done incorrectly, or is this a bug? Thank you. -Ryan Power ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- ADVERTENCIA LEGAL El contenido de este correo es confidencial y dirigido unicamente a su destinatario. Para acceder a su clausula de privacidad consulte http://www.barceloviajes.com/privacy LEGAL ADVISORY This message is confidential and intended only for the person or entity to which it is addressed. In order to read its privacy policy consult it at http://www.barceloviajes.com/privacy ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
RE: [LARTC] Real time traffic Grapher
Even though you aren't looking for a web based utility, I would still recommend you to try out ntop (www.ntop.org). It is a fantastic tool that gives info about all aspects of a network interface(s). Charlie Meyer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Armin ranjbar Sent: Thursday, June 29, 2006 4:23 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Real time traffic Grapher hi all :) anyone knows some Real time traffic grapher application ? faster than mrtg , im not looking for web based ones ... -- You will soon forget this. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Traffic Accounting
Hello, Is there an easy way, either by scripting or some software project or something similar, to do automatic traffic accounting. I am looking to be able to give each host on my LAN a specific quota of data transfer for a given previous period of time, for example 1 GB in the previous 24 hours. If they exceed that limit, I would like to be able to have the system automatically rate limit that host to a specific speed. When the host has gone back under the limit, I would like the system to automatically remove the speed restrictions. Has anyone implemented such a system or know of an easy way to do so? Thanks Charlie Meyer Department of Computer Science University of Illinois at Urbana-Champaign ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Multipath Routing Problem
I currently have 4 DSL lines set up to load balance for my lan. The multipath works fine for connections the originate from the linux gateway (such as browsing the internet in KDE or using wget), but all the traffic from hosts on the lan is routed through only one of the DSL lines (as seen using ntop and 'ip route show cache') . What would cause this to happen? Thanks Charlie Meyer ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc