Re: [LARTC] the "cisco vs. Linux" thread
On Sat, Jul 10, 2004 at 04:51:40PM -0600, Glen Mabey wrote: > Could anyone else recommend other manufacturers of this type of > hardware: an embedded system board with > * a couple of NICs > * PCMCIA > * runs linux Try Soekris or Acrosser. Both make boards that work with Linux. http://www.soekris.com/ http://www.acrosser.com/ -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Can the mailing list archive be searched?
On Tue, Jul 06, 2004 at 02:04:41PM -0500, Jonathan S. Polacheck wrote: > It says the list has been "picked up" by google, but I can't find any > reference to "lartc". "Picked up" by Google just means Google is spidering the list archives, so you can do a Google search that is restricted to the archives. For example: site:mailman.ds9a.nl inurl:lartc imq htb This will search for "imq" and "htb", but search results are restricted to those from mailman.ds9a.nl (which hosts the archives) which also have "lartc" in the URL. -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: FW: [LARTC] Static ip addresses/aliases previously (my mistake) htb: class 10007 isn't work conserving ?!
[Sorry if this is received twice. Sent it with the wrong address once, not sure if the moderator will approve it.] On Tue, Jul 06, 2004 at 08:22:42AM +0100, Chris Bolton wrote: > Ok I'm not the best at ASCII diagrams but here goes anyway... (well I'll > modify the one in the advanced routing howto) Does this look right? Forget eth0 on Linux for a moment. ---- || eth1 217.x.196.217/29 --- 217.x.196.222/29 | EN5861 | ___ DSL ___ || eth2 217.x.196.218/29 --- eth0 | router | #1 | Linux |-- | router |-- || ppp0 217.x.230.198/29 | Speedtouch | ___ DSL ___ || ppp0:0 217.x.230.193/29 -' | DSL bridge | #2 ---- > As you can see the linux router has 3 network adapters, eth0 being the local > lan and eth1 & eth2 are both connected to the EN5861 router. I've done that > because I couldn't work out any other way to use the static IP address that > out ISP have given us. For each connection we've got 5 IP addresses plus > one for for the router. Eth1 & eth2 work fine ie both have the correct > static IP address given to us by our ISP but it seems impraticle putting in > another 3 cards to make use of the other IP addresses we have, there must be > another way. Ok, so the Speedtouch is some sort of DSL bridge, right? Meaning when you establish PPP (PPPoE?) to your ISP, you really have another ethernet card (eth3?) connected to the Speedtouch? First, as someone else pointed out, the eth1/eth2 connections to the EN5861 are redundant. You can set up interface aliases on eth1 so it has both IP addresses. % ip addr add 217.x.196.217/29 brd 217.x.196.223 dev eth1 % ip addr add 217.x.196.218/29 brd 217.x.196.223 dev eth1 label eth1:0 PPP is set up similarly. (PPPoE might configure ppp0 for you.) % ip addr add 217.x.230.198/29 brd 217.x.230.199 dev ppp0 % ip addr add 217.x.230.193/29 brd 217.x.230.199 dev ppp0 label ppp0:0 You can continue to add as many aliases to either interface as you like. Your problem then becomes load-balancing outbound traffic, because you have two potential default routes. One is the PPPoE connection via the Speedtouch (the remote IP is probably the DSL concentrator at your ISP). The other is the EN5861 on 217.x.196.222/29 (which in turn is probably talking to the same DSL concentrator as the Speedtouch). The simplest approach (aside from defaulting everything out one interface, which you probably don't want) is to policy route based on source IP. If the source IP of a packet as it leaves the Linux router is 217.x.196.x/29, the packet should get routed via eth1 to the EN5861. If the source is 217.x.230.x/29, it should be routed via ppp0 to the Speedpath. There are examples of this in the LARTC HOWTO. How you want to set up your NAT for eth0 to take advantage of one connection or the other is up to you. -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Static ip addresses/aliases previously (my mistake) htb: class 10007 isn't work conserving ?!
On Mon, Jul 05, 2004 at 05:14:20PM +0100, Chris Bolton wrote: > No I am using the EN5861, just that we have two ADSL lines and only one > EN5861 and rather than buying another I'd like to use linux to do the same > job as the en5861, if you know what I mean. You can, but since you have two ADSL lines, you'll need two ADSL devices of some kind, whether it's a pair of 5861s, or a 5861 and an ADSL port adapter (external modem, PCI card, whatever) that Linux supports. The simplest solution will be to have the same setup for both lines. Either use two 5861s, or get two ADSL adapters that Linux can talk to. > So far I've set up ppp0:0 which I've assigned one of the static ip addresses > supplied to us by our ISP but when I try and route through it i.e. ip route > add default dev ppp0:0 table T1 then it returns the error no such device, > which it's quite right there isn't. If I route through it using the ip > address of ppp0:0 i.e ip route add default via x.x.x.193 table T1 then it > does work but anything that goes through it ends up using the IP address of > ppp0. So both lines were supplied by the same ISP? > So how can I set up the linux box to use these static IP addresses in the > same way I can with the EN5861? If you want to remove the 5861 from the picture entirely, you'll need to replace it with some sort of ADSL adapter. You can't just plug a DSL line into an ethernet card. > I hope I'd made myself clear, it's hard trying to explain something when > your not to sure exactly what your talking about. Anyway any help with be > gladly received. It would help if you could draw a diagram of your network so we could get a better idea of what yo're trying to do. -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] why dont packets go where i want?
On Fri, Oct 18, 2002 at 08:41:42AM +0200, Stef Coene wrote: > There is a -m helper option so you can load additional modules. There is a > module that matches ftp packets (both data and control), but I don't know the > syntax. A google search on "iptables -m helper ftp" will help > http://www.netfilter.org/documentation/pomlist/pom-oldnat.html#helper : Looks like it's been submitted for kernel inclusion with newnat: http://www.netfilter.org/documentation/pomlist/pom-submitted.html#helper For now, though, you'll still need to use patch-o-matic to be able to use this module. > If you want to match all packets belonging to ftp-sessions: > (both ftp-command and ftp-data connections) > > iptables -A INPUT -m helper --helper ftp -j ACCEPT You'll also need the ip_conntrack_ftp module to be loaded. -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] why dont packets go where i want?
On Thu, Oct 17, 2002 at 11:44:13AM +0200, Francois Dessart wrote: > ftp-data20/tcp > ftp-data20/udp > ftp 21/tcp > ftp 21/udp > FTP data (passive) use port 20. This is incorrect. Both standard and passive FTP use tcp/21 as a control channel (logins, commands, etc.). Standard FTP uses tcp/20 as the server's source port for data transfers. Prior to a transfer, the client listens on an arbitrary port and instructs the server to connect to it for the transfer. Passive FTP does not use tcp/20 at all. Instead of the server connecting to the client, the client connects to the server for data transfers. The server chooses an arbitrary port for the client to connect to. The intent of passive FTP was to work around firewalls that don't permit inbound connections. -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Rip problems
On Sat, Sep 28, 2002 at 01:46:37PM -0400, Joseph Watson wrote: | EXPORT_GATEWAY="no" | SILENT="no" This should cause the equivalent of "routed -s" to be run. The "-s" tells routed to send routing updates. Check with "ps ax". You can get further debugging out of it with "-d" and "-t". | When I start routed, the appropriate routes show up in the portmaster after | about a 30 seconds, and all works good for about 2 1/2 minutes. Then the | portmaster sets the Metric to 16 for the route to my subnet behind the | firewall, and routing quits working. PortMasters do this when they think they need to remove the route from the routing table. They set the "O" flag (for obsolete, I guess) and set the metric to 16 (because 16 is the largest metric permitted by RIPv1). The route will eventually disappear from the table unless another update is received. | If I restart routed, we will repeat the | process. If I stop routed during the 2 1/2 mins, it will immediately set the | Met to 16. This tells me that they are communicating because when I shut | routed down the metric is set to 16. But why does this happen exactly at 2 | 1/2 min?? I am quite confused? It sounds like routed isn't sending routing updates. RIPv1 sends the whole routing table every 30 seconds to the broadcast address (which is why it takes about 30 seconds for the PortMaster to see the routes). My guess is it's only sending out the initial announcement, and when the PM doesn't see subsequent announcements for a couple minutes, it drops the routes. If possible, consider using OSPF instead. RIPv1 is quite obsolete and generally useless on subnetted networks like yours. PortMasters have done OSPF since ComOS 3.5, and you can implement it on Linux with zebra or gated. For further PortMaster-specific help, consider subscribing to the [EMAIL PROTECTED] list. See http://www.portmasters.com/ for more info. -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] how to log pacets which hit routing rules?
On Thu, Aug 29, 2002 at 03:17:55PM +0200, Wojtek wrote: | Jan Macek wrote: | >Is there some way to make iproute2 log to syslog or to a file selected | >packets? | | use the iptables or ipchains with --log switch iptables does not have a --log switch. You must use the '-j LOG' target instead. -James ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/