Re: [LARTC] bridge or vlan
On Sat, 20 Oct 2007 14:23:12 +0300 "Vaidas M" <[EMAIL PROTECTED]> wrote: > Hello to everyone, > > > > Here is the situation: > > [LAN1]---[eth3]/--\ > >| LinuxBR |[eth2]---[LAN0]---[linuxGW]---[internet] > > [LAN2]---[eth4]\--/ > > Whole LAN is in subnet 10.0.0.0/24. > > > > So I need: > > LAN0, LAN1, LAN2 could not see each other. > > LAN0, LAN1, LAN2 is in same subnet (10.0.0.0/24). > > All LANs have to get only internet. > > > > How can I configure LinuxBR to do so? > > Do I have to do only bridge? Or only vlan? Or both? > On LinuxBR: iptables -A FORWARD -s 10.0.0.0/24 -d linuxGW_IP/32 -j ACCEPT iptables -A FORWARD -s 10.0.0.0/24 -d 10.0.0.0/24 -j DROP iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d linuxGW_IP/32 -j MASQUERADE On linuxGW: iptables -t nat -A POSTROUTING -s LinuxBR_IP/32 -j MASQUERADE -- With best regards, Pan'ko Alexander. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] 2 ISP connection sharing problem
On Mon, 3 Sep 2007 22:57:06 +0500 Arman <[EMAIL PROTECTED]> wrote: > I have divided my network into 2 parts now that is 193.168.3.127/25 and > 192.168.3.128/25. I want to route part1 to ISP1 and Part 2 to ISP2. I have > made changes into rules. But I think my Tables T1,T2 are not used and > default table is in use. How can I command to use tables T1,T2 instead of > default table. route command output is > > Destination Gateway Genmask Flags Metric RefUse > Iface > 192.168.3.0 * 255.255.255.0 U 0 00 eth0 > 203.81.213.0* 255.255.255.0 U 0 00 eth2 > 192.168.1.0 * 255.255.255.0 U 0 00 eth1 > 169.254.0.0 * 255.255.0.0 U 0 00 eth2 > default 203.81.213.10.0.0.0 UG0 00 eth2 > What is in rules? ip rule list You need there: : from 193.168.3.127/25 lookup T1 : from 193.168.3.128/25 lookup T2 Then you need NAT. That is all... -- With best regards, Pan'ko Alexander. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] urgent TEQL problem
I advice you to do not discribe your problem, but give your routing rules on both sides. I think here is your problem. -- With best regards, Pan'ko Alexander. [EMAIL PROTECTED] ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb: HowTo identify squid cache hits
On Thu, 26 May 2005 19:56:09 +0100 Andy Furniss <[EMAIL PROTECTED]> wrote: > Peter Kaagman wrote: > > > But there is of course a src of packages I do not catch this way... and > > these are the squid cache hits. Because I filter on destination the cache > > hits get treated the same as cache misses. But cache hits are in effect > > local traffic... they do not originate from the Internet. > > If squid is running on the same machine as your htb rules then (I think) > the only way you can shape incoming traffic from the internet properly > is to use imq. I think IMQ needed only if there are not one interface to shape. > > I have not used squid - so may be wrong, but the patches will let you > classify hits so they can be let through at lan speed. But what about > misses - I assume that squid will connect to the internet and fetch the > data unlimited even if they then get served to the lan at restricted speed. > Inet <-(one for all src)NAT<--(MISSES)---(src 192.168.90.0/28 dst 'real Inet IP')Squid<---(HITS+MISSES)---hosts Inet ->(one for all dst)NAT--(MISSES)--->(dst 192.168.90.0/28 src 'real Inet IP')Squid---(HITS+MISSES)--->hosts The last not fully right... But clenly illustrates the idea. You can simply shape the MISSES on one interface... -- С наилучшими пожеланиями, Панько Александр. With best regards, Pan'ko Alexander. [EMAIL PROTECTED] http://interdon.net/~panko/ ICQ 231647363 XMMS playing nothing :-) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] htb: HowTo identify squid cache hits
On Thu, 26 May 2005 15:32:42 +0200 Peter Kaagman <[EMAIL PROTECTED]> wrote: > So here (finally) the question.. > Is there a way to identify cache hits from misses? Maybe I do not understend question, but I think it is very simple. There is option tcp_outgoing_address. Note it mean replacing source address. Then each user machine have it's owne address. For this aim I added to dummy (may be any other) interface the addresses of another subnet. squid-2.5.STABLE9-1.100.6asp It's working... But not working IMQ, that I need too. I do not understand strange intension to use only PREROUTING and POSTROUTING. If you will use IMQ you will need AB instead of default BA NAT -- С наилучшими пожеланиями, Панько Александр. With best regards, Pan'ko Alexander. [EMAIL PROTECTED] http://interdon.net/~panko/ ICQ 231647363 XMMS playing nothing :-) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc