[LARTC] RSVP/RSVP6 Enabling a linux box is not working: Why ?
Hi. I just went thru reading all of the howto and have a working implementation of RSVP over UDP encapsulation that i would linke to test, made in Java. For this, I would like to use a Linux Box as a RSVP enabled router. However, I have tried and tried to make RSVP work on linux and failed. So I wonder what I am doing wrong. Basically, on the linux box what I am doing is turning eth0 and eth1 to CBQ with bandwidth 100Mbps and avpkt 1500 bytes: Tc qdisc add dev eth0 root cbq bandwidth 100Mbps avpkt 1500 Tc qdisc add dev eth1 root cbq bandwidth 100Mbps avpkt 1500 Then I add filters for rsvp, for example: Tc filter add dev eth0 parent 8000: protocol ip rsvp Tc filter add dev eth1 parent 8001: protocol ip rsvp But, on my windows XP box, when I try to pathping -n -R the linux box, it says the linux box is not RSVP AWARE. Can someone give-me a hint on what am I doing wrong here ? Also, can someone clarify me as if linux RSVP supports UDP encapsulation as the Standard RSVP provides on ports 1698,1699 ? (RFC2205) Any help appreciated. Thank you. Pedro Miguel da Fonseca Marques Ferreira, Lic. MsC. PhD Student at DEI-FCTUC, University of Coimbra Polo II, Pinhal de Marrocos 3030 Coimbra Portugal Email: [EMAIL PROTECTED] Web: http://eden.dei.uc.pt/~pmferr/ ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] mutiple gateways problem
Hello, i have had a terribe day today, why? because i have been so 4 or 5 hours trying to do work this and i have not finished it. I feel very pleased if anything can help me. I have two isp connections: eth0: dhcp ip1: 82.198.*.* gw1: 82.198.*.* and a router adsl in ip 192.168.0.253: eth1: static ip2: 192.168.0.254 gw1: 192.168.0.253 the same machine has 3 more networks cards but i am using only 4 at this time: eth0: internet connection 1 eth1: network range 1 (192.168.0.0/24) and adsl internet connection 2 eth2: network range 2 (192.168.2.0/24) eth3: network range 3 (192.168.3.0/24) well i have created two tables in rt_tables like this: -- # # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 200 aulas 201 oficinas - and i have been trying to route from source to any or another table. ip rule add from 192.168.2.0/24 table aulas ip rule add from 192.168.3.0/24 table aulas ip route add default via 192.168.0.253 dev eth1 table aulas ip route add 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254 table aulas ip route add 192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.254 table aulas ip route add 192.168.3.0/24 dev eth3 proto kernel scope link src 192.168.3.254 table aulas ip rule add fwmark 4 table aulas (this is for dport 80 marked with iptables go from adsl too) #oficinas ip rule add from 192.168.0.0/24 table oficinas ip route add default via 82.198.*.* dev eth0 table oficinas ip route add 192.168.0.0/24 dev eth1 proto kernel scope link src 192.168.0.254 table oficinas ip route add 192.168.2.0/24 dev eth2 proto kernel scope link src 192.168.2.254 table oficinas ip route add 192.168.3.0/24 dev eth3 proto kernel scope link src 192.168.3.254 table oficinas ip route add 82.198.*.*/25 dev eth0 proto kernel scope link src 82.198.*.* table oficinas $IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/16 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -s 192.168.2.0/24 -d ! 192.168.0.0/16 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -s 192.168.3.0/24 -d ! 192.168.0.0/16 -j MASQUERADE well i know the iptables can become more specific with snat but i have tried too. The rules works because if i delete the local range routes i havent get response from lan packets too so it is classified correctly but only works the gateway that its in default route in the main table, if i delete the default main no one range works, if i use the eth0 default only table oficinas works and if i use default eth1 only aulas table works. I have tried with nexthop adding the two gateways in default but it doesnt works well either. Can anyone help me please? Software Versions: Distro: Debian Testing Kernel: 2.4.32 iptables: 2.3.3 iproute2-ss051007 Thanks in advance. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Help with bandwith control in a firewall/bridge machine
t 2:0 prio 0 protocol ip handle 73 fw flowid 2:73 # Marking the packets. iptables -t mangle -N MYSHAPER-OUT iptables -t mangle -I PREROUTING -i $DEV0 -j MYSHAPER-OUT iptables -A MYSHAPER-OUT -s 213.9.139.30 -t mangle -j MARK --set-mark 70 iptables -A MYSHAPER-OUT -s 213.9.139.31 -t mangle -j MARK --set-mark 70 iptables -A MYSHAPER-OUT -s 213.9.139.32 -t mangle -j MARK --set-mark 70 iptables -A MYSHAPER-OUT -s 213.9.139.22 -t mangle -j MARK --set-mark 71 iptables -A MYSHAPER-OUT -s 213.9.139.71 -t mangle -j MARK --set-mark 71 iptables -A MYSHAPER-OUT -s 213.9.139.25 -t mangle -j MARK --set-mark 72 iptables -A MYSHAPER-OUT -s 213.9.139.24 -t mangle -j MARK --set-mark 73 # iptables -A MYSHAPER-OUT -s 10.9.139.13 -t mangle -j MARK --set-mark 72 # iptables -A MYSHAPER-OUT -s 10.9.139.14 -t mangle -j MARK --set-mark 72 #El resto de tráco irÃal flujo por defecto, el 2:87. # Done with outbound shaping # echo "Control del enlace ascendente activado." exit Thank you very much UN CORDIAL SALUDO Miguel Ángel Domínguez Durán. Departamento Técnico. Cherrytel Comunicaciones, S.L. [EMAIL PROTECTED] http://www.cherrytel.com/ Tlf. 902 115 673 Fax 952218170 ___ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Help!!! Bandwith Control with a NAT machine
-set-mark 71iptables -A MYSHAPER-IN -s 172.9.234.71 -t mangle -j MARK --set-mark 71 iptables -A MYSHAPER-IN -s 172.9.234.25 -t mangle -j MARK --set-mark 72 #Prueba maquina WiFiiptables -A MYSHAPER-IN -s 172.9.234.14 -t mangle -j MARK --set-mark 73 #El resto de tráco irÃal flujo por defecto, el 2:87. # Done with outbound shaping echo "Control del enlace ascendente activado." exit Thanks for your help! UN CORDIAL SALUDO Miguel Ángel Domínguez Durán.Departamento Técnico.Cherrytel Comunicaciones, S.L.[EMAIL PROTECTED]http://www.cherrytel.com/Tlf. 902 115 673Fax 952218170
[LARTC] Shaping over multiple outgoing interfaces
Hi, I've a router configuration with a dsl connection and two ethernet NICs. How can I control the traffic of the dsl connection when then destination of the traffic can go out of the router using two diferent interfaces? ppp -- router --- lan | DMZ I've read that the solution could be IMQ, but i prefer to not to patch kernel and iptables. Any suggestions? Thanks in advance
Re: [LARTC] dummy interfaces limit?
Thanks :-] which is the limit for the dummies interfaces? Catalin(ux aka Dino) BOIE wrote: On Fri, 17 Sep 2004, Luis Miguel Cruz wrote: Hi all, Is there anyway to have more than 2 dummy interfaces? I need more of them but the system refuses to create it :P How can avoid this issue? rmmod dummy modprobe dummy numdummies=16 Thanks. Luis Miguel Cruz. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] dummy interfaces limit?
Hi all, Is there anyway to have more than 2 dummy interfaces? I need more of them but the system refuses to create it :P How can avoid this issue? Thanks. Luis Miguel Cruz. ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] iptables MARK with msn messenger
Hello, I've setup a router with linux 2.4.26 with h323 conntrack patch from pom-ng. The network schema is: ADSL internal ||- --| Linux | ||- Frame-Relay Default gw is frame relay and i'm using netfilter mark to send traffic to adsl. # ip rule ls 0: from all lookup local 32765: from all fwmark 0x2 lookup 200 32766: from all lookup main 32767: from all lookup 253 How can i send msn netmeeting trafic to ADSL? Is it port based? Which ports should be marked with netfilter? Thanks Nuno Fernandes -- Nuno Miguel Pais Fernandes <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part
[LARTC] Does anyone know a PPPoE Server for Bering ?
Does anyone know a PPPoE Server for Bering ? ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Problems with source routing
Hello I have the following problem: LAN<--->LINUX_ROUTER<--> 2 internet gateways gateway1: adsl gateway2: ppp connection I want the following Machines from LAN going to Internet tcp port 80 :-> gateway1 Machines from LAN goint to Internet tcp port 22 :-> gateway2 Everything else: -> gateway1 How can I acomplish this? I am using kernel 2.4.24 Can I combine dead gateway detection with the previous? how? Greetings from Spain! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] couldn't get available bandwith
Hello all. We have three tunnels over the internet between our "central" gateway and some branch office gateway. Each gateway has eth0 on its LAN an eth1 on the internet. We use DSL lines and eth1's have the internet IP directly attached on it. Each gateway, also, acts as iptables NAT gateway. The outgoing bandwith is 300 kbit, and we tried this (i.e.) on each tunnel: tc qdisc add dev tun2 handle 1:0 root dsmark indices 4 default_index 0 tc qdisc add dev tun2 handle 2:0 parent 1:0 htb tc class add dev tun2 parent 2:0 classid 2:1 htb rate 4000bps ceil 4000bps tc class add dev tun2 parent 2:1 classid 2:2 htb rate 250bps ceil 1000bps tc qdisc add dev tun2 handle 3:0 parent 2:2 sfq tc class add dev tun2 parent 2:1 classid 2:3 htb rate 250bps ceil 3500bps tc qdisc add dev tun2 handle 4:0 parent 2:3 sfq tc class add dev tun2 parent 2:1 classid 2:4 htb rate 3250bps ceil 4000bps tc qdisc add dev tun2 handle 5:0 parent 2:4 sfq tc filter add dev tun2 parent 2:0 protocol all prio 1 tcindex mask 0x3 shift 0 tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 3 tcindex classid 2:4 tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 2 tcindex classid 2:3 tc filter add dev tun2 parent 2:0 protocol all prio 1 handle 1 tcindex classid 2:2 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 1:0:0 u32 divisor 1 tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 1:0:0 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 1:0:1 u32 ht 1:0:0 match u16 0x16 0x at 0 classid 1:1 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 2:0:0 u32 divisor 1 tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u8 0x6 0xff at 9 offset at 0 mask 0f00 shift 6 eat link 2:0:0 tc filter add dev tun2 parent 1:0 protocol all prio 1 handle 2:0:1 u32 ht 2:0:0 match u16 0x19 0x at 2 classid 1:2 tc filter add dev tun2 parent 1:0 protocol all prio 1 u32 match u32 0x0 0x0 at 0 classid 1:3 We try classify SSH and SMTP and limit it to 2 kbytes/sec. It could get more bandwith if available. Other traffics must get more bandwith in all cirscumstances. Also, tc -s "says": tc -s -d class show dev tun2 class htb 2:1 root rate 4000bps ceil 4000bps burst 1639b/8 mpu 0b cburst 1639b/8 mpu 0b level 7 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 0) lended: 937 borrowed: 0 giants: 0 tokens: 319488 ctokens: 319488 class htb 2:2 parent 2:1 leaf 3: prio 0 quantum 1000 rate 250bps ceil 1000bps burst 1601b/8 mpu 0b cburst 1609b/8 mpu 0b level 0 Sent 73221 bytes 99 pkts (dropped 0, overlimits 0) lended: 52 borrowed: 47 giants: 0 tokens: -4594059 ctokens: 1132136 class htb 2:3 parent 2:1 leaf 4: prio 0 quantum 1000 rate 250bps ceil 3500bps burst 1601b/8 mpu 0b cburst 1634b/8 mpu 0b level 0 Sent 1227729 bytes 857 pkts (dropped 0, overlimits 0) lended: 70 borrowed: 787 giants: 0 tokens: -265392 ctokens: 360214 class htb 2:4 parent 2:1 leaf 5: prio 0 quantum 1000 rate 3250bps ceil 4000bps burst 1631b/8 mpu 0b cburst 1639b/8 mpu 0b level 0 Sent 370402 bytes 1187 pkts (dropped 0, overlimits 0) lended: 1084 borrowed: 103 giants: 0 tokens: 391201 ctokens: 319488 AND tc -s -d qdisc show dev tun2 qdisc sfq 5: quantum 1450b limit 128p flows 128/1024 Sent 370402 bytes 1187 pkts (dropped 0, overlimits 0) qdisc sfq 4: quantum 1450b limit 128p flows 128/1024 Sent 1227729 bytes 857 pkts (dropped 0, overlimits 0) qdisc sfq 3: quantum 1450b limit 128p flows 128/1024 Sent 73221 bytes 99 pkts (dropped 0, overlimits 0) qdisc htb 2: r2q 10 default 0 direct_packets_stat 0 ver 3.7 Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 2823) qdisc dsmark 1: indices 0x0004 default_index 0x Sent 1671352 bytes 2143 pkts (dropped 0, overlimits 0) but if we send big emails, when it "passes" trough tun2, and in absebce of other traffic, it only gets about 45 kbit/sec. Apparently, SMTP gets bandwith limitation, but it doesn't get available bandwith. Any light on it? --Miguel ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
RV: [LARTC] htb problem
I have the same problem using tc and iptables. All traffic goes to "default". I tried using tcng too: (eth0 as local NIC, eth1 as Inet nic, eth1 masquerading via iptables and bridged to DSL -I have the internet IP on NIC 2-) #include "fields.tc" #include "ports.tc" dev eth1 { egress { class ( <$ssh> )if tcp_sport == 22; class ( <$smtp> ) if tcp_dport == 25; class ( <$other> ) if 1 ; htb { class ( rate 298kbps, ceil 298kbps ) { $ssh = class ( rate 32kbps, ceil 64kbps ) { sfq; } ; $smtp = class ( rate 32kbps, ceil 290kbps ) { sfq; } ; $other = class ( rate 192kbps, ceil 298kbps ) { sfq; } ; } } } } But it didn't work (in this last case, I'm afraid my tcng-ing is very incomplete. :( --Miguel >Hey I hve the same problem. My packets are marked, my classes are OK >my filters are set OK >and all packets are passing through the root class!! >I think that this is a big problem. A know 1 more person that has the same >problem! ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] invalid table ID???
What is the reason of this error? #ip rule add from 172.16.0.5 lookup 800 Error: argument "800" is wrong: invalid table ID How many tables can I create? Is there any limit? Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. CCNA - Systems Administrator| Pol. Ind. de Asipo | C/A - Parcela 86-C Tel: +34 902 506 605| 33.428 - CAYES - LLANERA Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] routing: multiple tables dude
Martin, many thanks for your reply. : $ip rule add from 10.10.10.0/24 lookup 90 : $ip route add 172.16.0.5 via 172.16.0.254 table 90 : $ip route add 172.16.0.6 via 172.16.0.254 table 90 : $ip route add 172.16.0.7 via 172.16.0.254 table 90 : : Should I add this routes for the traffic from 10.10.10.0/24? : (as you can note I didn't define the 'ip rule add to' line but I am not : sure if it is correct) I'm really not sure what it is you are trying to accomplish, so I'm not sure whether you should add that rule or not. As I read through the routes and rules you added above, I am struck that the only hosts which can reach the 10.10.10.0/24 network are the hosts 172.16.0.{5,6,7}. Is that what you intended? Yes :) Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. CCNA - Systems Administrator| Pol. Ind. de Asipo | C/A - Parcela 86-C Tel: +34 902 506 605| 33.428 - CAYES - LLANERA Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] wonder shaper quick question
hello i just got wshaper1.1 and it was really nice and fast the way it limit the banwidth but now i have a question is there a way that i can set my eth0 to have 160kbits for everyone except me and my boss? and i would like not to limit my boss or myself do i have to put another nic or is there a way to get excluded? or is there a way to set lile 192.168.0.5 gets 140 kbits while 192.168.0.8 get 180kbits thanx all and hello Miguel Cavazos ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] routing: multiple tables dude
Hi all, I have this configuration here: $ip rule add from 172.16.0.0/24 lookup 80 $ip rule add to 172.16.0.0/24 lookup 81 $ip route add 0.0.0.0/0 via 195.55.92.122 table 80 $ip route add 195.55.92.122 dev vlan7 table 80 <- Is really necessary? $ip route add 172.16.0.0/24 via 172.16.0.254 table 81 and... $ip rule add from 172.16.0.5 lookup 800 $ip rule add from 172.16.0.6 lookup 800 $ip rule add from 172.16.0.7 lookup 800 $ip rule add to 172.16.0.5 lookup 810 $ip rule add to 172.16.0.6 lookup 810 $ip rule add to 172.16.0.7 lookup 810 $ip route add 0.0.0.0/0 via 195.55.97.222 table 800 $ip route add 195.55.92.122 dev vlan7 table 800 <- Is really necessary too? $ip route add 172.16.0.0/24 via 172.16.0.254 table 810 What tables will be used by 172.16.0.5? 80 and 81? or 800 and 810? Should I use prio command? Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. CCNA - Systems Administrator| Pol. Ind. de Asipo | C/A - Parcela 86-C Tel: +34 902 506 605| 33.428 - CAYES - LLANERA Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] multiple route tables dude, the packet travel.
I have here this configuration into a script: $ip rule add from 10.10.10.64/26 lookup 30 $ip rule add to 10.10.10.64/26 lookup 31 $ip route add 10.10.10.64/26 via 10.10.10.126 table 31 $ip route add 0.0.0.0/0 via 10.1.0.254 table 30 $ip rule add from 192.168.0.0/24 lookup 60 $ip rule add to 192.168.0.0/24 lookup 61 $ip route add 192.168.0.0/24 via 192.168.0.1 table 61 $ip route add 0.0.0.0/0 via 10.1.1.254 table 60 Ok. The question is... how is the travel of a packet from 10.10.10.1 to 192.168.0.1? Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. CCNA - Systems Administrator| Pol. Ind. de Asipo | C/A - Parcela 86-C Tel: +34 902 506 605| 33.428 - CAYES - LLANERA Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ethernet sub-interfaces??
No I don't want ip aliases since I can't use it as devices into my netfilter-firewall script. At 15:26 11/02/2003 +0100, you wrote: On Tue, Feb 11, 2003 at 02:57:38PM +0100, Luis Miguel Cruz Miranda wrote: > I know that but I am looking for another way if it is possible. > man ifconfig probably You want eth0:0 eth0:1 ... > At 07:41 11/02/2003 -0500, Matthew S. Crocker wrote: > >On Tue, 11 Feb 2003, Luis Miguel Cruz Miranda wrote: > > > >> Is there any way to create ethernet sub interfaces? > >> > > > >Do you mean IP aliases on the same ethernet or VLANs? > > > >You can configure multiple IPs on the same Ethernet interface with the > >command 'ip address add dev ' 'ip address help' > >will give you more info > > > >The kernel also supports 802.1q VLANs which allows you to create new > >interfaces and assign IPs to those interfaces. > > > >http://www.candelatech.com/~greear/vlan.html for more info > > > >-Matt > > > > > >> > >> Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. > >> CCNA - Systems Administrator| Pol. Ind. de Asipo > >> | C/A - Parcela 86-C > >> Tel: +34 902 506 605| 33.428 - CAYES - LLANERA > >> Fax:+34 985 980 794 | ASTURIAS (ESPA?A/SPAIN) > >> > >> > >> ___ > >> LARTC mailing list / [EMAIL PROTECTED] > >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >> > > > >-- > >-- > >Matthew S. Crocker > >Vice President / Internet Division Email: [EMAIL PROTECTED] > >Crocker Communications Phone: (413) 746-2760 > >PO BOX 710 Fax: (413) 746-3704 > >Greenfield, MA 01302-0710 http://www.crocker.com > >-- > > > >___ > >LARTC mailing list / [EMAIL PROTECTED] > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. > CCNA - Systems Administrator| Pol. Ind. de Asipo > | C/A - Parcela 86-C > Tel: +34 902 506 605| 33.428 - CAYES - LLANERA > Fax:+34 985 980 794 | ASTURIAS (ESPA?A/SPAIN) > > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- GPG-Key: http://www.bartek.bicom.pl/public_key.txt pub 1024D/948DE45D 2002-12-12 Bartek Krajnik <[EMAIL PROTECTED]> Primary key fingerprint: 95E9 8E2D 1801 7864 2244 6EAA 03E5 764D 948D E45D ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. CCNA - Systems Administrator| Pol. Ind. de Asipo | C/A - Parcela 86-C Tel: +34 902 506 605| 33.428 - CAYES - LLANERA Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] ethernet sub-interfaces??
I know that but I am looking for another way if it is possible. At 07:41 11/02/2003 -0500, Matthew S. Crocker wrote: On Tue, 11 Feb 2003, Luis Miguel Cruz Miranda wrote: > Is there any way to create ethernet sub interfaces? > Do you mean IP aliases on the same ethernet or VLANs? You can configure multiple IPs on the same Ethernet interface with the command 'ip address add dev ' 'ip address help' will give you more info The kernel also supports 802.1q VLANs which allows you to create new interfaces and assign IPs to those interfaces. http://www.candelatech.com/~greear/vlan.html for more info -Matt > > Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. > CCNA - Systems Administrator| Pol. Ind. de Asipo > | C/A - Parcela 86-C > Tel: +34 902 506 605| 33.428 - CAYES - LLANERA > Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) > > > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > -- -- Matthew S. Crocker Vice President / Internet Division Email: [EMAIL PROTECTED] Crocker Communications Phone: (413) 746-2760 PO BOX 710 Fax: (413) 746-3704 Greenfield, MA 01302-0710 http://www.crocker.com -- ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. CCNA - Systems Administrator| Pol. Ind. de Asipo | C/A - Parcela 86-C Tel: +34 902 506 605| 33.428 - CAYES - LLANERA Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] ethernet sub-interfaces??
Is there any way to create ethernet sub interfaces? Luis Miguel Cruz Miranda. | B2B INTEGRAL, S.A. CCNA - Systems Administrator| Pol. Ind. de Asipo | C/A - Parcela 86-C Tel: +34 902 506 605| 33.428 - CAYES - LLANERA Fax:+34 985 980 794 | ASTURIAS (ESPAÑA/SPAIN) ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] Filter in HTB not working
Em Qui, 2002-12-19 às 10:06, Nestor S A Melo escreveu: Nestor, First: If my english is poor, you can contact me direct by email in portuguese since I`m Brazilian too :) So, somebody correct me if I`m wrong ( Stef? ): 1 - I think you share more bandwidth than you have allocated. 2 - In sfq directive, you should write: #tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10 3 - You've marked packets with iptables -t mangle, but you're using u32 instead fw.I'm not sure if you did the correct u32 configuration too. Probably you must use: #tc filter add dev eth0 parent 1: protocol ip prio 100 handle 6 fw classid 1:10 The handle is the parameter that says to tc what mark you're using and fw is the parameter that says to tc that you're using a firewall mark. I hope I have helped you Miguel Figueiredo Linux Suport Analist > I have a problem in setting up HTB. > > It appears filters doesn't work at all, besides "tc filter show" show it as > being correctly configured. > > Class 1:10 never sent any traffic, but as iptables show below, it should be > sending packets. > > The HTB version I'm using is 3.3, with kernel 2.4.17. > > The setup is as follows: > --- > tc qdisc del dev eth0 root > tc qdisc add dev eth0 root handle 1 htb default 20 r2q 10 > > tc class add dev eth0 parent 1: classid 1:2 htb rate 256kbit > > tc class add dev eth0 parent 1:2 classid 1:10 htb rate 26kbit ceil 128kbit > prio > 1 > tc qdisc add dev eth0 parent 1:10 handle 10 sfq perturb 10 > tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 23 > 0x classid 1:10 > > tc class add dev eth0 parent 1:2 classid 1:20 htb rate 220kbit ceil 256kbit > prio 2 > tc qdisc add dev eth0 parent 1:20 handle 20 sfq perturb 10 > --- > > The stats: > --- > [root@NL1000 htb]# tc -s -d qdisc show > qdisc sfq 20: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) > > qdisc sfq 10: dev eth0 quantum 1514b limit 128p flows 128/1024 perturb 10sec > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc htb 1: dev eth0 r2q 10 default 20 direct_packets_stat 0 ver 3.6 > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) > > [root@NL1000 htb]# tc -s -d class show dev eth0 > class htb 1:10 parent 1:2 leaf 10: prio 1 quantum 1000 rate 26Kbit ceil > 128Kbit > burst 1632b/8 mpu 0b cburst 1762b/8 mpu 0b level 0 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > lended: 0 borrowed: 0 giants: 0 > tokens: 401969 ctokens: 88149 > > class htb 1:2 root rate 256Kbit ceil 256Kbit burst 1926b/8 mpu 0b cburst > 1926b/8 mpu 0b level 7 > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) > lended: 0 borrowed: 0 giants: 0 > tokens: 46975 ctokens: 46975 > > class htb 1:20 parent 1:2 leaf 20: prio 2 quantum 2816 rate 220Kbit ceil > 256Kbit burst 1880b/8 mpu 0b cburst 1926b/8 mpu 0b level 0 > Sent 5116 bytes 94 pkts (dropped 0, overlimits 0) > lended: 94 borrowed: 0 giants: 0 > tokens: 53324 ctokens: 46975 > > [root@NL1000 htb]# tc -s -d filter show dev eth0 > filter parent 1: protocol ip pref 100 u32 > filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 > filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 > bkt > 0 flowid 1:10 > match 0017/ at 20 > > [root@NL1000 htb]# iptables -t mangle -L -nvx > Chain PREROUTING (policy ACCEPT 3590 packets, 557751 bytes) > pkts bytes target prot opt in out source > destination >00 MARK tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:23 MARK set 0x6 > 14612954 MARK tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:23 MARK set 0x6 > > Chain OUTPUT (policy ACCEPT 315 packets, 16936 bytes) > pkts bytes target prot opt in out source > destination > --- > > So, what is going wrong? > > Thanks in advance, > -- > _ > Nestor S A Melo > ___ > LARTC mailing list / [EMAIL PROTECTED] > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] nano.txt
Try google cache :) Nuno On Wed, 2002-12-18 at 08:36, hare ram wrote: > Hi > > > does any one have this File > seems to be this site is down > http://www.linuxvirtualserver.org/~julian/#routes-2.4 > > thanks > hare -- Nuno Miguel Pais Fernandes <[EMAIL PROTECTED]> Eurotux S.A. signature.asc Description: This is a digitally signed message part
[LARTC] routing problem AAAAAHH!!
My main table is: # ip ro ls 194.149.216.0/24 dev vlan2 scope link 10.1.0.0/24 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 10.1.0.254 dev eth0 I have also these routes and rules: # ip ru ls 0: from all lookup local 32757: from all to 10.2.0.1 lookup 101 32758: from all to 194.149.216.3 lookup 21 32759: from all to 194.149.216.2 lookup 21 32760: from all to 194.149.216.1 lookup 21 32761: from all to 10.10.10.0/24 lookup main prohibit 32762: from 10.2.0.1 lookup 100 32763: from 194.149.216.3 lookup 20 32764: from 194.149.216.2 lookup 20 32765: from 194.149.216.1 lookup 20 32766: from all lookup main 32767: from all lookup 253 #ip ro ls table 20 && ip ro ls table 21 default via 10.1.0.254 dev eth0 194.149.216.2 dev vlan2 scope link 194.149.216.3 dev vlan2 scope link 194.149.216.1 dev vlan2 scope link Why 194.149.216.5 is reachable from internet? Luis Miguel Cruz Miranda. CCNA - Systems Administrator --- B2B INTEGRAL, S.A. Pol. Ind. de Asipo C/A - Parcela 86-C 33.428 - CAYES - LLANERA ASTURIAS (ESPAÑA/SPAIN) --- Tel: +34 985 980 804 Fax: +34 985 980 794 --- WEB: http://www.b2bi.es/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] sysconfig changes and problems with ip route add
At 02:44 29/11/2002, Arindam Haldar wrote: table 21 is defined in rt_tables ?? .. it resides in dir /etc/iproute2 else might in your build directory As I know it is not neccesary Martin A. Brown wrote: Luis, : Then, I went to /etc/sysconfig and I created a file called static-routes : with this content: : advanced eth1 194.149.216.1/32 dev vlan2 table 21 : advanced eth1 194.149.216.2/32 dev vlan2 table 21 : advanced eth1 194.149.216.3/32 dev vlan2 table 21 : advanced eth1 0.0.0.0/0 via 10.1.0.254 table 20 : : Why table 21 is not loaded at boot? : :( is the vlan2 device up when these networking scripts are called? If I had to guess, I'd say they are not.hard to add a route through a device that isn't there! -Martin ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ Luis Miguel Cruz Miranda. CCNA - Systems Administrator --- B2B INTEGRAL, S.A. Pol. Ind. de Asipo C/A - Parcela 86-C 33.428 - CAYES - LLANERA ASTURIAS (ESPAÑA/SPAIN) --- Tel: +34 985 980 804 Fax: +34 985 980 794 --- WEB: http://www.b2bi.es/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] sysconfig changes and problems with ip route add
I edited the file /etc/sysconfig/network-scripts/ifup-routes, and I add... # Add any advanced routes grep "^advanced" /etc/sysconfig/static-routes | while read ignore dev args; do if [ "$dev" = "$1" ]; then /sbin/ip route add $args fi done Then, I went to /etc/sysconfig and I created a file called static-routes with this content: advanced eth1 194.149.216.1/32 dev vlan2 table 21 advanced eth1 194.149.216.2/32 dev vlan2 table 21 advanced eth1 194.149.216.3/32 dev vlan2 table 21 advanced eth1 0.0.0.0/0 via 10.1.0.254 table 20 Why table 21 is not loaded at boot? :( At 17:05 27/11/2002, Martin A. Brown wrote: : >/etc/iproute2/rt_tables contains a mapping of human names to routing table : >numbers. I call them table identifiers to table ids. This file does not : >contain routes. : So, if I understand all correctly, I don't need that file to use multiple : route tables, do I? You are correct. It simply maps names to numbers so that you can use something like this if you want: # ip route add default via 10.0.0.1 table dsl-link # ip route add default via 10.0.0.2 table t1-link Where the rt_tables file contains: 1 dsl-link 2 t1-link If you do not have the file /etc/iproute2/rt_tables, you can use the following syntax . # ip route add default via 10.0.0.1 table 1 # ip route add default via 10.0.0.2 table 2 : I found a solution here: : http://www.samag.com/documents/s=1824/sam0201h/0201h.htm I've not seen this before and will have to read this article. Thanks for the link. I do have some general documentation on the use of "ip route" and "ip rule" in the appendices of my documentation available here: http://plorf.net/linux-ip/ Let me know if you find any flaws, areas for improvement, or missing content. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] Luis Miguel Cruz Miranda. CCNA - Systems Administrator --- B2B INTEGRAL, S.A. Pol. Ind. de Asipo C/A - Parcela 86-C 33.428 - CAYES - LLANERA ASTURIAS (ESPAÑA/SPAIN) --- Tel: +34 985 980 804 Fax: +34 985 980 794 --- WEB: http://www.b2bi.es/ ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] multiple route tables dude
Hi all, I am creating multiple route tables to apply them to some differentes vlans. My dude is... Should I have the main table empty? Should I delete all entries into the main table? I am not going to use main table (I think) Luis Miguel Cruz Miranda. CCNA - Systems Administrator ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Re: [LARTC] one dude about rt_tables
/etc/iproute2/rt_tables contains a mapping of human names to routing table numbers. I call them table identifiers to table ids. This file does not contain routes. So, if I understand all correctly, I don't need that file to use multiple route tables, do I? : If I add a route to that file, it will be there if I reboot the box? If you wish to add static routes to the system at boot, you should be able to use the system network initialization scripts and config files (e.g., redhat has a file /etc/sysconfig/static-routes). I found a solution here: http://www.samag.com/documents/s=1824/sam0201h/0201h.htm Otherwise, you should write your own startup script or modify /etc/rc.d/rc.local to include the routes you wish to add. If you are using network address translation, you may find my NAT SysV init scripts convenient: http://plorf.net/linux-ip/html/scripts/nat http://plorf.net/linux-ip/html/scripts/static-nat Does that answer your question? -Martin -- Martin A. Brown --- SecurePipe, Inc. --- [EMAIL PROTECTED] Luis Miguel Cruz Miranda. CCNA - Systems Administrator ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] one dude about rt_tables
Can I add routes to rt_tables by hand with the vi editor? If I add a route to that file, it will be there if I reboot the box? I am sure there are stupid questions but I can't find the answer into the papers I have here. Luis Miguel Cruz Miranda. CCNA - Systems Administrator ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] init scripts to use and save iproute and tc rules
Where can I find any init scripts to use and save iproute and tc rules? Luis Miguel Cruz Miranda. CCNA - Systems Administrator ___ LARTC mailing list / [EMAIL PROTECTED] http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[LARTC] Problem in advanced routing with FTP
I have a router with 2 isp's connected. My default route is by isp1, and i mark packets to port 80 and port 21 with mark 2. with: ip rule ls 0: from all lookup local 32765: from all fwmark2 lookup 200 32766: from all lookup main 32767: from all lookup 253 and in table 200 i have the route by isp2. My http traffic goes well, but ftp doesn't. Using Passive mode all works well, but with active it doest work, because the ftp server callsback with port 20. Please note that isp2 is masqueraded and i have ip_conntrack_ftp in the kernel. Thanks for any advice. Nuno Fernandes -- Nuno Miguel Pais Fernandes <[EMAIL PROTECTED]> Eurotux S.A. signature.asc Description: This is a digitally signed message part
Re: [LARTC] problem in routing
Dam :) The reason why i mark the packets in the linux box is because the router is a minimlistic kernel.. without mangle support :( I'll try it and then put the notes in the mailling list if i succeed :) Thanks anyway. On Tue, 2002-11-12 at 16:19, Martin A. Brown wrote: > : Ok.. > : i've done that without success. > : Please watch that the routing is made in the router machine and the > : marking is made in the linux box before and because of that it doesn't > : matter where i mark the packets. > > Ah, now I understand! But it does matter, tremendously. > > I didn't perceive in your previous post that you had two hosts. Perhaps I > was being dense. > > The "fwmark" is a field on the packet which only exists in the data > structure used to represent the packet on a single machine. In short, the > fwmark does not survive a single machine. As soon as the packet is > transmitted, the fwmark is lost. > > You could use the mangle table with the TOS target and then change your ip > rule to route based on ToS. I'm unsure of the implications for your > network, but this is a possible solution. If you modify the ToS on the > packet, this will be visible to other hosts. > > Good luck, > > -Martin > > : Thanks anyway > : Nuno Fernandes > : > : On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote: > : > Hello Nuno, > : > > : > I'd suggest s/POSTROUTING/PREROUTING/ here: > : > > : > : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK > : > : --set-mark 21 > : > : > : > : In my ROUTER i want to redirect packets according to MARK and i'm doing: > : > : > : > : root@euroter(~)# more /etc/iproute2/rt_tables > : > : 255 local > : > : 254 main > : > : 253 default > : > : 200 over > : > > : > Consult Stef Coene's kernel packet traveling diagram, which should > : > explain (visually) why you want to mark the packet before the routing > : > stage. > : > > : > http://www.docum.org/stef.coene/qos/kptd/ > : > > : > : root@euroter(~)# ip route ls table over > : > : default via XXX.XXX.XXX.XXX dev eth1 > : > : > : > : where XXX.XXX.XXX.XXX is the gateway of the provider 1. > : > : > : > : Doing ip rule ls, i can see that all packets with mark 21 go to table > : > : over. > : > : root@euroter(~)# ip rule ls > : > : 0:from all lookup local > : > : 32765:from all fwmark 21 lookup over > : > : 32766:from all lookup main > : > : 32767:from all lookup default > : > > : > Naturally, the RPDB (displayed with "ip rule show") is consulted as part > : > of the routing process. > : > > : > So, in short, your host euroter is doing as follows: > : > > : > - routing the packet > : > - marking the packet > : > - transmitting via provider2 > : > > : > : And table over only has default gw, but when i do a > : > : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1. > : > > : > Good luck, > : > > : > -Martin > : -- Nuno Miguel Pais Fernandes <[EMAIL PROTECTED]> Eurotux S.A. signature.asc Description: This is a digitally signed message part
Re: [LARTC] problem in routing
On Tue, 2002-11-12 at 15:51, Martin A. Brown wrote: > Hello Nuno, > > I'd suggest s/POSTROUTING/PREROUTING/ here: > > : iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK > : --set-mark 21 > : Ok.. i've done that without success. Please watch that the routing is made in the router machine and the marking is made in the linux box before and because of that it doesn't matter where i mark the packets. Thanks anyway Nuno Fernandes > : In my ROUTER i want to redirect packets according to MARK and i'm doing: > : > : root@euroter(~)# more /etc/iproute2/rt_tables > : 255local > : 254main > : 253default > : 200over > > Consult Stef Coene's kernel packet traveling diagram, which should > explain (visually) why you want to mark the packet before the routing > stage. > > http://www.docum.org/stef.coene/qos/kptd/ > > : root@euroter(~)# ip route ls table over > : default via XXX.XXX.XXX.XXX dev eth1 > : > : where XXX.XXX.XXX.XXX is the gateway of the provider 1. > : > : Doing ip rule ls, i can see that all packets with mark 21 go to table > : over. > : root@euroter(~)# ip rule ls > : 0: from all lookup local > : 32765: from all fwmark 21 lookup over > : 32766: from all lookup main > : 32767: from all lookup default > > Naturally, the RPDB (displayed with "ip rule show") is consulted as part > of the routing process. > > So, in short, your host euroter is doing as follows: > > - routing the packet > - marking the packet > - transmitting via provider2 > > : And table over only has default gw, but when i do a > : ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1. > > Good luck, > > -Martin -- Nuno Miguel Pais Fernandes <[EMAIL PROTECTED]> Eurotux S.A. signature.asc Description: This is a digitally signed message part
[LARTC] problem in routing
Hello I'm implementing Advanced Routing in my redhat linux pc like this: --| provider1 (with dhcp) - | HOME NETWORK|--Linux1--ROUTER - | --| provider2 (fixed ip) | My home network has private ips like 10.10.1.0/24 and linux1 is SNATing all accesses to a public ip like 198.198.198.198 and marking packets like iptables -t mangle -A POSTROUTING -d SOME.IP.IN.INTERNET -j MARK --set-mark 21 In my ROUTER i want to redirect packets according to MARK and i'm doing: root@euroter(~)# more /etc/iproute2/rt_tables 255 local 254 main 253 default 200 over root@euroter(~)# ip route ls table over default via XXX.XXX.XXX.XXX dev eth1 where XXX.XXX.XXX.XXX is the gateway of the provider 1. Doing ip rule ls, i can see that all packets with mark 21 go to table over. root@euroter(~)# ip rule ls 0: from all lookup local 32765: from all fwmark 21 lookup over 32766: from all lookup main 32767: from all lookup default And table over only has default gw, but when i do a ping XXX.XXX.XXX.XXX it goes throw proveider2 and not provider1. Thanks for everything Nuno Fernandes -- Nuno Miguel Pais Fernandes <[EMAIL PROTECTED]> Eurotux S.A. signature.asc Description: This is a digitally signed message part