from:"Fabio"

[LARTC] exporting service on multiple wan

2007-10-18 Thread Fabio Marcone

Hi all,
I've a routing problem. I'm setting up a router based on debian (kernel
2.4).

I need to setup routing to export an ftp service (ftp server is in dmz)
to 2 wan (both).

I setup prerouting ad forward rule with no problem.

The problem is that reply packet use default gateway (default wan) even
though they are enter using the other wan.

I solved it marking packets in input from the dmz iface and force to use
another gateway (iproute2), but in this way I don't export ftp service
on default wan.

how I can setup routing to export ftp service on both iface?

Thanks in advance,
Fabio
-- 

Dott. Fabio Marcone

2T srl
Telefono+39 - 0871- 540154
Fax +39 - 0871- 571594
Email   fabio.marcone(AT)duet.it
Indirizzo   Viale B. Croce 573
66013 Chieti Scalo (CH)
GNU/Linux registered user   #400424
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] Squid + iproute2

2007-05-08 Thread Fabio Silva


Hi all, i have a problem i have this topology

192.168.1.7 GW   192.168.2.252
link 1  link 2
  |
  |
   eth1  PROXY  eth0
192.168.1.245  192.168.2.245


The default gw of the PROXY is 192.168.1.7 and the link2 is a
Secondary link that i need to go out to internet My internal IP of
the network is 192.168.2.0/24



Im using this

#!/bin/bash
#
# Legenda:
#   eth0 Link2
#   eth1 link1
#
#
# Resetando o Firewall:

echo -n "Resetando regras existentes"
iptables -F
iptables -Z
iptables -X

iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo "[OK]"


# OBS: essa regra eh mutuamente excludente com a proxima, a do NAT
#  ou seja, escolha uma das duas
echo -n "Habilitando o mascaramento..."
#iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo "[OK]"


# Marcando pacotes
echo -n "Marcando pacotes..."
iptables -A PREROUTING -t mangle -s 192.168.2.0/24 -d 0/0 -j MARK --set-mark 3
echo "[OK]"


# Desabilitando o filtro de pacotes do martian source
echo -n "Desligando rp_filter..."
for eee in /proc/sys/net/ipv4/conf/*/rp_filter; do
   echo 0 > $eee
done
echo "[OK]"


# Definindo regras de balanceamento de Link:
echo -n "Balanceando links..."

# link #1
ip route add 192.168.1.0/24 dev eth1 src 192.168.1.245 table link1
#ip route add 192.168.0.0/24 via 192.168.0.1 table link1
ip route add default via 192.168.1.7 table link1

# link Default
ip route add 192.168.2.0/24 dev eth0 src 192.168.2.245 table link
#ip route add 192.168.0.0/24 via 192.168.0.1 table link
ip route add default via 192.168.2.252 table link

# tabela principal de roteamento
ip route add 192.168.1.0/24 dev eth1 src 192.168.1.245
ip route add 192.168.2.0/24 dev eth0 src 192.168.2.245

# setando a rota preferencial
ip route add default via 192.168.1.7

# regras das tabelas
ip rule add from 192.168.1.245 table link1
ip rule add from 192.168.2.245 table link

# balanceamento de link
ip rule add fwmark 3 lookup link prio 3
ip route add default table link nexthop via 192.168.1.7 dev eth1
weight 1 nexthop via 192.168.2.252 dev eth0 weight 1

# flush no roteamento
ip route flush cache
echo "[OK]"
sleep 2



But... if i shutdown the link to ip 192.168.1.7 it didnt re-route to
another gateway 192.168.2.252.


Any clue?

Regards,
--
Fabio S. Silva
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] Questions about mutiple providers

2007-01-29 Thread Fabio Muzzi


Hi, this is my first post to the list.

I  have  googled  a  lot,  and still cannot find a proper solution. I hope
someone here will be able to shed some light on my doubts.

I  have  set  up a firewall using kernel 2.6.15 (Debian) that does NAT for
100  clients,  and  uses  two  different  ISPs,  using  the howto found at
http://lartc.org/howto/lartc.rpdb.multiple-links.html.I   have   *not*
patched my kernel.

The  rounting setup is taken from the howto, and it basically works, I see
packets  flowing  out  of both WAN interfaces, and everyting seems to work
properly for packets that are generated from the firewall itself.

I have set up NAT rules in postrouting table, this way:

iptables -t nat -A POSTROUTING -o $WAN  -j SNAT -s 10.0.0.0/16 --to-source 
217.221.234.74
iptables -t nat -A POSTROUTING -o $WAN2 -j SNAT -s 10.0.0.0/16 --to-source 
83.211.205.162

Local  net  is 10.0.0.0/16, the two WAN interfaces are $WAN and $WAN2, and
their  relative  IP  addresses  are  set  as  shown.  WAN  interfaces  are
phisically different and have no aliases, only the IP shown above.

Now, I am experiencing two issues:

-  First,  I see packets with "from" address set to 83.211.205.162 that go
out of $WAN, and also packets with from address set to 217.221.234.74 that
flow  out  of  $WAN2.  This  address  mixup  should not happen, I suppose.
looking   at  the  packets,  it  seems  that  only NATed trafic shows this
behaviour.


-  Second, I see (rare) packets flowing out of WAN or WAN2 interfaces that
still  have  the LAN from address, that is 10.0.x.x, these packets somehow
where not NATed at all.


Now, the questions are:

How do I solve this?

Do  I  need to patch my kernel to solve the first issue, because I need to
lock at NAT "established connections" tables to make routing decisions? Is
it  impossible  to  have  equal  cost  multipath and SNAT together without
patching the kernel? If so, what patch do I need exactly?

Is  there  something  wrong  with my kernel version, that has a broken NAT
support?  (this could explain why I get some packets that do not get NATed
at all)


Thanks a lot for the time you took reading this.

-- 

  Fabio "Kurgan" Muzzi

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] tcsim

2006-03-30 Thread Fabio

hi!
I can't answer to your question but I have another question on it.

Why do you write "I know that tcng is old" ?

I'm studying tcng, I'm loosing my time?

Is there a better tool? 

Thanks,
Fabio
On Friday 31 March 2006 01:11, Larry Brigman wrote:
> I know that tcng is old but I have a question about it.
>
> Was there ever a way to inject real traffic into the simulation,
> something like the
> output of tcpreplay?
>
> Thanks,
> Larry
> ___
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

-- 

Dott. Fabio Marcone

2T srl
Telefono   +39 - 0871- 540154
Fax+39 - 0871- 571594
Email  [EMAIL PROTECTED]
Indirizzo  Viale B. Croce 573
   66013 Chieti Scalo (CH)
GNU/Linux registered user  #400424
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] qdisc prio problem

2006-03-29 Thread Fabio

Hi to all!
I'm studying qdisc prio but I have some problems.

I want to create 3 queue (3 bands prio), each one associated to a
workstation.

I mark (with iptables) packets using workstation mac address and then send
all packets in a particular queue.

qdisc prio with handle 10: (default priomap)

WS1 -> queue  10:1
WS2 -> queue  10:2
WS3 -> queue  10:3

I set it correctly (with no problem), but if WS1, WS2 and WS3 generate the
same traffic (same protocol) at the same time, bandwidth is equally
divided (priority is not applied).

If WS1 generate traffic with scp tool and WS2 generate traffic with ssh
(interactive), priority is correctly applied.

is there a way to configure qdisc prio so that all traffic generated by a
ws has a fixed priority (not depending on tos, protocol used,...) ?

Very thanks,
Fabio

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] prio, kernel 2.6: patch?

2006-03-28 Thread Fabio

hi to all,
I'm sorry, the previous mail was incomplete. I rewrite all COMPLETE
informations.

I'm studying traffic shaping using kernel 2.6.8 (debian sarge).

well, I have this problem: priority doesn't work.
I try with:
 - qdisc prio:
 tc qdisc add dev eth1 root handle 12: prio bands 3
 tc qdisc add dev eth1 parent 12:1 handle 13: tbf rate 10Mbit \
  buffer 1600 limit 3000
 tc qdisc add dev eth1 parent 12:2 handle 14: tbf rate 10Mbit \
  buffer 1600 limit 3000
 tc qdisc add dev eth1 parent 12:3 handle 15: tbf rate 10Mbit \
  buffer 1600 limit 3000

 tc filter add dev eth1 protocol ip handle $MARK1 fw flowid 12:1
 tc filter add dev eth1 protocol ip handle $MARK2 fw flowid 12:2
 tc filter add dev eth1 protocol ip handle $MARK3 fw flowid 12:3
 - and setting prio in htb class

both with no results: data rate (trasmitted packets in a time unit) is the
same for the 3 queue.

someone knows if kernel 2.6 manage correctly priority or it needs a patch?

Thanks in advance,
Fabio Marcone


___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] prio, kernel 2.6: patch?

2006-03-28 Thread Fabio

hi to all,
I'm studying traffic shaping using kernel 2.6.8 (debian sarge).

well, I have this problem: priority doesn't work.
I try with:
 - qdisc prio:
 tc qdisc add dev eth1 root handle 12: prio bands 3
 tc qdisc add dev eth1 parent 12:1 handle 13: tbf rate 10Mbit buffer
1600   limit 3000

___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] htb and priorizing class

2006-03-24 Thread Fabio

Hi!
I'm testing tc and htb.

In my test prio doesn't act like doc (htb manual) explains.

In particular I set 3 subclass htb each having rate 33Mbit, ceil 100Mbit. I 
also set a class having 100Mbit like parent of these 3 subclasses.

If only 2 classes use bandwidth I note that total bandwidth is equally shared 
between these (and it's right). If I set different priority of these classes 
and run the same test, transfer rate doesn't change: classes use about the 
same bandwidth (it's wrong, I think).

Because of the manual explains that if classes prio is the same, excess 
bandwidth is distributed according to rate ratios, I change rate of 3 
subclasses in this way:
class A:  70 Mbit
class B:  20 Mbit
class C:  10 Mbit

one again, if B doesn't use his bandwidth, A and C use the same rate (not 
according to their rates!)

Is this a configuration problem?

Also, when I set tc rules I get: "quantum of class  is big. Consider r2q 
change"

Thanks to all,
Fabio
-- 

Dott. Fabio Marcone

2T srl
Telefono   +39 - 0871- 540154
Fax+39 - 0871- 571594
Email  [EMAIL PROTECTED]
Indirizzo  Viale B. Croce 573
   66013 Chieti Scalo (CH)
GNU/Linux registered user  #400424
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] load balancing and fault tolerance in networking

2006-03-23 Thread Fabio

Hi!
I'm studying load balancing and fault tolerance using multiple WAN interfaces.
I follow the howto in http://www.ssi.bg/~ja/nano.txt but the problem is that 
faults detected are limited only in link between lan gateway and modem/router 
adsl, and none about adsl signal.

Someone can tell me another howto about fault tolerance using a different 
method? (that solve my problem)

I know bondig method but I can't use in my scenario because I use a linux 
machine connected to more than one modem adsl.

I'm using debian sarge with kernel 2.6.

Thanks in advance,
Fabio

-- 

Dott. Fabio Marcone

2T srl
Telefono   +39 - 0871- 540154
Fax+39 - 0871- 571594
Email  [EMAIL PROTECTED]
Indirizzo  Viale B. Croce 573
   66013 Chieti Scalo (CH)
GNU/Linux registered user  #400424
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] two link

2005-09-29 Thread Fabio Silva

hi list, i need help
i have two links

   LINK 1
InternetLinux   LAN
   LINK 2


i need that the traffic web goes to link 2
i use squid in the linux with transparent proxy i´ve tried to use
squid parameter "tcp_outgoing_address" but it doesnt work.

best regards



--
---
Fabio S. Silva
[EMAIL PROTECTED]
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] reset rules ?

2002-11-20 Thread fabio





Thank you Martin, but an other thing how delete this type of rule :
32761:  from all to 172.18.200.6 lookup main

When I try with your script and the command  : ip rule del from all to
172.18.200.6 lookup main
the result is the same :  Error: an inet prefix is expected rather than
"all"
thks

Fabio
 
Martin A. Brown a écrit:

  Fabio,

I use  a short snippet of shell to do it:

# ip rule show | grep -Ev '^(0|3276(6|7)):' \
  
  
 |  while read PRIO RULE  ; do \
ip rule del prio ${PRIO%:} $RULE
 done

  
  
I'm not aware of a more elegant way to do this.  Anybody else?

-Martin

On Tue, 19 Nov 2002, fabio wrote:

 : Dear All
 :  Do you know if its possible to reset the rule with a single command or 
 : if I must delete manually all the rule ?
 : thanks
 : 
 : Fabien
 : 
 : ___
 : LARTC mailing list / [EMAIL PROTECTED]
 : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
 :

[LARTC] reset rules ?

2002-11-19 Thread fabio

Dear All
Do you know if its possible to reset the rule with a single command or 
if I must delete manually all the rule ?
thanks

Fabien

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] How save rules and routes ?

2002-10-16 Thread fabio


Dear All
I search if it possible to save rules an routes I configured. ( Or I 
must write a script to launch ip route and rule command at each reboot )
Fabien

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Using TEQL with two ADSL connection

2002-05-02 Thread Fabio Uggeri


Sorry this is the right message.


Hi all,
in my school I have:
- two Netopia router for ADSL (perform NAT),
- one linux box with 3 ethernet card

I want to make a load balancing on the two ADSL line.

I have configured the system as follow:

The LAN interface, of the two ADSL router, have address
(A) 192.168.0.254
(B) 192.168.2.254
The 3 ethernet card, on the linux box, have address:
-eth2   172.16.255.254, connected to a switch and operate with VLANs
-eth1   192.168.0.2, directly connected to the router (A)
-eth0   192.168.2.2, directly connected to the router (B)

The routing with router (A) or (B) work fine.

I want to do a load balancing using teql

I have configured the qdisc and teql as follow

#ip route del default
#tc qdisc add dev eth0 root teql0
#tc qdisc add dev eth1 root teql0
#ip addr del 192.168.0.2 dev eth1
#ip addr del 192.168.2.2 dev eth0

#ip address add 192.168.0.2/24 dev teql0
#ip address add 192.168.2.2/24 dev teql0
#ip link set teql0 up
#ip route add default/0 dev teql0


The rp filter of eth0 and eth1 are turned off by default.
After I have done some ping and traceroute but I haven't answers
then I have done

#ip neigh ls
172.16.240.1 dev eth2 lladdr 00:d0:b7:49:6f:09 nud stale
172.16.1.3 dev vlan0017 lladdr 00:10:a7:0f:01:23 nud stale
172.16.4.4 dev vlan0017 lladdr 00:10:a7:12:4c:01 nud stale
172.16.97.3 dev vlan0014 lladdr 00:40:f4:34:b5:69 nud reachable

#tc -s qdisc ls
qdisc teql0 8001: dev eth0
 Sent 829337 bytes 5807 pkts (dropped 0, overlimits 0)

 qdisc teql0 8002: dev eth1
 Sent 4536 bytes 108 pkts (dropped 0, overlimits 0)

# ip -s link ls
1: lo:  mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes  packets  errors  dropped overrun mcast
42060   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
42060   0   0   0

2: teql0:  mtu 1500 qdisc pfifo_fast qlen 100
link/[65535]
RX: bytes  packets  errors  dropped overrun mcast
0  00   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
0  0161161 0   0

 there are OUTPUT ERRORS *

3: eth0:  mtu 1500 qdisc teql0 qlen 100
link/ether 00:00:21:e7:9f:93 brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
64451689286 0   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
1218555 0   0   0   1
4: eth1:  mtu 1500 qdisc teql0 qlen 100
link/ether 00:00:21:e3:d1:78 brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
35440   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
6834   112  0   0   0   0
5: eth2:  mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:d2:12:8f:bb brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
1817579125490   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
64731569749 0   0   0   0
6: vlan0005:  mtu 1500 qdisc noqueue
link/ether 00:a0:d2:12:8f:bb brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
13487  188  0   0   0   37
TX: bytes  packets  errors  dropped carrier collsns
424811 287  0   0   0   0
   ..
   ...

#ip route list
192.168.2.0/24 dev teql0  proto kernel  scope link  src 192.168.2.2
192.168.0.0/24 dev teql0  proto kernel  scope link  src 192.168.0.2
172.16.240.0/20 dev eth2  proto kernel  scope link  src 172.16.255.254
172.16.128.0/20 dev vlan0025  proto kernel  scope link  src
172.16.143.254
172.16.80.0/20 dev vlan0013  proto kernel  scope link  src 172.16.95.254


...
127.0.0.0/8 dev lo  scope link
default dev teql0  scope link




 Any suggestion will be appreciated

Tank you
Fabio Uggeri
I.T.I.S. "G. Galilei"
Livorno - ITALY


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] Using TEQL with two ADSL

2002-05-02 Thread Fabio Uggeri


 qdisc teql0 8002: dev eth1
 Sent 4536 bytes 108 pkts (dropped 0, overlimits 0)

# ip -s link ls
1: lo:  mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes  packets  errors  dropped overrun mcast
42060   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
42060   0   0   0

2: teql0:  mtu 1500 qdisc pfifo_fast qlen 100
link/[65535]
RX: bytes  packets  errors  dropped overrun mcast
0  00   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
0  0161161 0   0

**
 there are OUTPUT ERRORS *
***

3: eth0:  mtu 1500 qdisc teql0 qlen 100
link/ether 00:00:21:e7:9f:93 brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
64451689286 0   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
1218555 0   0   0   1
4: eth1:  mtu 1500 qdisc teql0 qlen 100
link/ether 00:00:21:e3:d1:78 brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
35440   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
6834   112  0   0   0   0
5: eth2:  mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:a0:d2:12:8f:bb brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
1817579125490   0   0   0
TX: bytes  packets  errors  dropped carrier collsns
64731569749 0   0   0   0
6: vlan0005:  mtu 1500 qdisc noqueue
link/ether 00:a0:d2:12:8f:bb brd ff:ff:ff:ff:ff:ff
RX: bytes  packets  errors  dropped overrun mcast
13487  188  0   0   0   37
TX: bytes  packets  errors  dropped carrier collsns
424811 287  0   0   0   0
   ..
   ...

#ip route list
192.168.2.0/24 dev teql0  proto kernel  scope link  src 192.168.2.2
192.168.0.0/24 dev teql0  proto kernel  scope link  src 192.168.0.2
172.16.240.0/20 dev eth2  proto kernel  scope link  src 172.16.255.254
172.16.128.0/20 dev vlan0025  proto kernel  scope link  src
172.16.143.254
172.16.80.0/20 dev vlan0013  proto kernel  scope link  src 172.16.95.254


...
127.0.0.0/8 dev lo  scope link
default dev teql0  scope link




 Any suggestion will be appreciated

Tank you
Fabio Uggeri
I.T.I.S. "G. Galilei"
Livorno - ITALY


___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] exporting service on multiple wan

[LARTC] Squid + iproute2

[LARTC] Questions about mutiple providers

Re: [LARTC] tcsim

[LARTC] qdisc prio problem

[LARTC] prio, kernel 2.6: patch?

[LARTC] prio, kernel 2.6: patch?

[LARTC] htb and priorizing class

[LARTC] load balancing and fault tolerance in networking

[LARTC] two link

Re: [LARTC] reset rules ?

[LARTC] reset rules ?

[LARTC] How save rules and routes ?

[LARTC] Using TEQL with two ADSL connection

[LARTC] Using TEQL with two ADSL

15 matches

Site Navigation

Mail list logo

Footer information