[LARTC] Unsubscribe
Title: Clear Day Hi all, Pls unsubscribe me from this list... any body help:-) rgds, ganesh <>
[LARTC] MPC860 mailing lists
Title: Blank Hi all, I'm working on MPC860 Power PC , I want to know whether any mailing lists or any user groups are available so that we can post our queries, right now I'm using Motorola's official support, but other than this any Internet mailing lists or user groups are available so that I can subscribe, Do anybody know anything abt this pls do reply Thanx in advance, rgds, Ganesh <>
[LARTC] un subscribe
Title: Blank Hi all, I want to unsubscribe from this list can anybody tell how to do that... thanx... ganesh <>
[LARTC] unsubscribe
Title: Blank <>
[LARTC] alternate route -- how to !!
hello group, eth0 eth1 eth0 internet-firewall10mbps hub--server i have the following configuration of machines all the packets pass through the firewall (port forwarding) to the server, this works fine, but some times the firewall gets congested in case of an DOS attack so i want the output not to go through the firewall. i want the output to go via another connection? ps: connection for me is the not based on the ISP, but the connection provided to me at school. is this possible? if so how can one do it. eth0 eth1 eth0 eth1 internet-firewall10mbps hub--server- internet thanks ganesh _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.rediff.com/jobs ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] cbq & iptables nat problems
Hey guys
I've 2 questions:
Question 1
I want to see if the bandwidth allocation using cbq is working
properly or not
I looked into stef coene's beautiful document(http://docum.org)
for the monitor.pl.
I am not good at perl so can anyone help me to understand if there
is anyway I can check if the cbq is working.
Question 2
##
I also want to know if anyone has worked on realserver, the real
server client can use either the tcp or udp packets for
voice/video transfer. I checked with ethereal. It looks like that
the packets are successfully forwarded by my firewall to my
server in the private subnet. However, the server seems to be able
to finish the tcp handshake with the real player. The last
successful connection is the sever sending the client [FIN, ACK].
After that, nothing happens. Why can't the realserver
serves the video/voice packets?
Thanks
Ganesh
###
10 mbps
|---|
eth0 || eth 1 |-|
| |
internet --|firewall|| hub
|---| 192.168.0.1 |
|||-|
| |
||
|---|
192.168.0.1 is running the following services
http, https, pop3, smtp, realserver
goal
i want to allocate my internal bandwidth the following way
- 70% for http/https, realserver
- 20% for smtp, pop3
- 5% for tcp packets
- 5% for icmp packets
###
#The firewall Scripts
###
#inorder to make the 192.168.0.1 talk to the outside world i run
the following script
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface eth0 -j
MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding
by kernel
#inorder to redirect requests from firewall to the services we can
use the following script
iptables -t nat -A PREROUTING -p tcp --dport 21 -i eth0 -j DNAT
--to 192.168.0.2:21
iptables -t nat -A PREROUTING -p tcp --dport 22 -i eth0 -j DNAT
--to 192.168.0.2:22
iptables -t nat -A PREROUTING -p tcp --dport 23 -i eth0 -j DNAT
--to 192.168.0.2:23
iptables -t nat -A PREROUTING -p tcp --dport nntp -i eth0 -j DNAT
--to 192.168.0.2:22
iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT
--to 192.168.0.2:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -i eth0 -j DNAT
--to 192.168.0.2:443
iptables -t nat -A PREROUTING -p tcp --dport 8080 -i eth0 -j DNAT
--to 192.168.0.2:8080
iptables -t nat -A PREROUTING -p tcp --dport 7070 -i eth0 -j DNAT
--to 192.168.0.2:7070
iptables -t nat -A PREROUTING -p tcp --dport 554 -i eth0 -j DNAT
--to 192.168.0.2:554
iptables -t nat -A PREROUTING -p tcp --dport 2687 -i eth0 -j DNAT
--to 192.168.0.2:2687
#class based queuing is done this way
$INTIF = eth1
$EXTIF = eth0
add_class() {
# $1=parent class $2=classid $3=hiband $4=lowband $5=handle
$6=style
$TC class add dev $INTIF parent $1 classid $2 cbq bandwidth 10Mbit
rate $3 allot 1514 weight $4 prio 5 maxburst 20 avpkt 1000
$6
$TC qdisc add dev $INTIF parent $2 sfq quantum 1514b perturb 15
$TC filter add dev $INTIF protocol ip prio 3 handle $5 fw classid
$2
}
$TC qdisc add dev $INTIF root handle 10: cbq bandwidth 10Mbit
avpkt 1000
$TC class add dev $INTIF parent 10:0 classid 10:1 cbq bandwidth
10Mbit rate 64kbit allot 1514 weight 6.4kbit prio 8 maxburst
20 avpkt 1000 bounded
#first type of traffic ICMP, TCP-SYN, DNS will be marked '1' by
the firewall code
#we will give it a bounded bandwidth of 5% of our total incoming
bandwidth (64*0.05=3.2)
add_class 10:1 10:100 3.2kbit 0.32kbit 1 bounded
#second type of traffic SMTP,POP3 will be marked '2' by the
firewalling code
#we will give it a bounded bandwidth of 5% of our total incoming
bandwidth (64*0.05=3.2)
add_class 10:1 10:300 3.2kbit 0.32kbit 2
#third type of traffic ssh,ftp,telnet will be marked '3' by the
firewalling code
#we will give it a bounded bandwidth of 20% of our total incoming
bandwidth (64*0.20=12.8)
add_class 10:1 10:200 12.8kbit 1.28kbit 3
#last type of traffic is interactive traffic. It will be marked
'4' by the firewalling code
#we will give it a bounded bandwidth of 70% of our total incoming
bandwidth (64*0.70=44.8)
add_class 10:1 10:400 44.8kbit 4.48kbit 4
# this is where the marking of packets is done
IPTABLES=/sbin/iptables
#mark incoming and News traffic with mark value 3
$IPTABLES -A FORWARD -p tcp ! --syn -o $INTIF -s 0/0 --dport 21 -d
0/0 -t mangle -j MARK --set-mark 3
$IPTABLES -A FORWARD -p tcp ! --syn -o $INT
[LARTC] testing the cbq how to
hello group, i need some help in debugging my cbq work, i have the following setup at my dorms, i have 2 computers and a 10 mbit hub, i use the schools connection. we have a T1 connection( i think so...). one of the machine is configured to be the firewall(p.q.r.s) and the other machine has a private address of (a.b.c.d) i am running the following services on a.b.c.d real server using 8080, 7070, 554, 26887 apache webserver 80,443 i want to allocate 70% for realserver and apache server, ssh,telnet,ftp,nntp 20%, smtp and pop 5% and ICMP and TCP-SYN traffic the remaining 5% i want to limit some of friends from accessing and attacking my computer. for better service, more over its a good learning experience i have written a firewall script and want to do some qos can anyone tell me how if my script is right or wrong, i want to measure if the queuing is working fine or not. i downloaded monitor.pl from docum.org and put it on cgi-bin of my firewall(p.q.r.s) where i am currently running apache. i am getting a internal error, i am not good at perl, so can anyone tell me how i can monitor the bandwidth and see if monitor.pl is working or not. i am attaching my code to this mail, i will grateful to you if u can help me identify the problem in my shell script( it doesn't give me any error -- but i donot know what the errors are hidden :-)) thanks gamesh _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.com/rediffin/ tfinal.sh Description: Bourne shell script
[LARTC] voice based queuing
hello group, i want to know if there is any way i can determine using iptables if the ip packet contains voice? i want to know this as i want to do some queuing for output packets and the voice packets are given high preference next ftp,telnet,ssh. i want to know if this is possible using iptables and tc. if so how. if i can identify the packet to be voice then i can do the rest using tc. thanks ganesh _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.com/rediffin/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: Re: Re: [LARTC] priority for voip
hello stef, this is the information i got from microsoft website (http://support.microsoft.com/default.aspx?scid=kb;EN-US;q158623) *** NetMeeting uses the following Internet Protocol (IP) ports: Port Purpose - 389 Internet Locator Server [Transmission Control Protocol (TCP)] 522 User Location Server (TCP) 1503 T.120 (TCP) 1720 H.323 call setup (TCP) 1731 Audio call control (TCP) Dynamic H.323 call control (TCP) Dynamic H.323 streaming [Realtime Transport Protocol (RTP) over User Datagram Protocol (UDP)] To establish outbound NetMeeting connections through a firewall, the firewall must be configured to do the following: Pass through primary TCP connections on ports 522, 389, 1503, 1720 and 1731. Pass through secondary UDP connections on dynamically assigned ports (1024-65535). *** so as u can see there is no way of determining the port if it were dynamic any pointers in this regard would be helpful thanks ganesh On Tue, 02 Jul 2002 Stef Coene wrote : >On Monday 01 July 2002 21:12, ganesh kumar godavari wrote: > > hai stef, > > i looked into your docum.org and lartc.org. for information >on > > giving high priority for voice packets. > > i did check with the netfilter group for information on > > identifying if a packet is a voice/data packet. > > > > i received no response from them. so can u please tell me how >i > > can identify if a packet is a voice/data packet so that i >can > > mangle it and send to high priority queue. >I have no idea how you can identify voip packets. Is it using a >fixed dst >port of maybe host so you can use that in the filter? > >Stef > >-- > >[EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.openprojects.net _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.com/rediffin/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: Re: Re: [LARTC] priority for voip
hello stef, this is the information i got from microsoft website (http://support.microsoft.com/default.aspx?scid=kb;EN-US;q158623) *** NetMeeting uses the following Internet Protocol (IP) ports: Port Purpose - 389 Internet Locator Server [Transmission Control Protocol (TCP)] 522 User Location Server (TCP) 1503 T.120 (TCP) 1720 H.323 call setup (TCP) 1731 Audio call control (TCP) Dynamic H.323 call control (TCP) Dynamic H.323 streaming [Realtime Transport Protocol (RTP) over User Datagram Protocol (UDP)] To establish outbound NetMeeting connections through a firewall, the firewall must be configured to do the following: Pass through primary TCP connections on ports 522, 389, 1503, 1720 and 1731. Pass through secondary UDP connections on dynamically assigned ports (1024-65535). *** so as u can see there is no way of determining the port if it were dynamic any pointers in this regard would be helpful thanks ganesh On Tue, 02 Jul 2002 Stef Coene wrote : >On Monday 01 July 2002 21:12, ganesh kumar godavari wrote: > > hai stef, > > i looked into your docum.org and lartc.org. for information >on > > giving high priority for voice packets. > > i did check with the netfilter group for information on > > identifying if a packet is a voice/data packet. > > > > i received no response from them. so can u please tell me how >i > > can identify if a packet is a voice/data packet so that i >can > > mangle it and send to high priority queue. >I have no idea how you can identify voip packets. Is it using a >fixed dst >port of maybe host so you can use that in the filter? > >Stef > >-- > >[EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.openprojects.net _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.com/rediffin/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: Re: [LARTC] priority for voip
hai stef, i looked into your docum.org and lartc.org. for information on giving high priority for voice packets. i did check with the netfilter group for information on identifying if a packet is a voice/data packet. i received no response from them. so can u please tell me how i can identify if a packet is a voice/data packet so that i can mangle it and send to high priority queue. thanks ganesh On Mon, 01 Jul 2002 Stef Coene wrote : >On Monday 01 July 2002 09:57, ganesh kumar godavari wrote: > > hello group, > > i just want to know, if i can do some priority based routing >for > > voice packets, send from my machine? >Yes you can. > > > can any one tell me how can that be done? >www.lartc.org >www.docum.org >The archive of this list. > >Stef > >-- > >[EMAIL PROTECTED] > "Using Linux as bandwidth manager" > http://www.docum.org/ > #lartc @ irc.openprojects.net >___ >LARTC mailing list / [EMAIL PROTECTED] >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: >http://lartc.org/ _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.com/rediffin/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] priority for voip
hello group, i just want to know, if i can do some priority based routing for voice packets, send from my machine? can any one tell me how can that be done? thanks ganesh _ There is always a better job for you at Monsterindia.com. Go now http://monsterindia.com/rediffin/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
