Re: [SLUG] Need a lesson in routing [WAS: memory]
Perhaps you can use a socks proxy through a SSH tunnel and ask the Linux box to do DNS for you. This means the only thing that is affecting your speed behind the firewall is the actual connection between the host(running FF) and the firewall. e.g. on the Mac/Windows, ssh -D 1234 u...@linux_box and configure FF to use 'localhost' as the SOCKS proxy, port is 1234. Change 'network.proxy.socks_remote_dns' in FF to true. I wonder if this would result in any significant speed boost. Likewise, make a tunnel to your IMAP server, e.g. ssh -L 993:localhost: 993 u...@linux_box and configure TB to use 'localhost' as the IMAP server. If neither is speeding things up, it seems that might you have a slow connection between your Linux and the host you are running FF. Chris On 21/02/2009, at 4:41 PM, Kyle wrote: ... OK!!! That is indeed what it does Michael, when it doesn't timeout. I had previously read up on F'Fox and turned on the various turbocharging options, but hadn't thought of ipv6. So I changed network.dns.disableIPv6 to true on the hosts behind the switch and Wow! That's a bit more like what I might expect. ipv6 has always been a bit of a black box I've tried to avoid as long as possible. Guess I need to start reading up on it. Or disabling it! Allow me here to thank each and every one of you that have put up with my ignorance to assist in debugging this issue. I'm not convinced that's all there is to it just yet. For instance, the Linux box is still an order of magnitude faster to load a page, network.dns.disableIPv6 is true by default in T'Bird on the hosts which still timeout on initial connection and all hosts are only using the linux box itself as name server. But where we are now will go a long way to dispersing aggravation in the local browsing community. Thanks again. ipv6 . mumble, groan, must read . pain in th. mumble, groan, ipv6 Kind Regards Kyle Michael Chesterton wrote: Does it sit there for 11 seconds, then load all of a sudden, or does it start loading right from the start? I'm wondering if firefox is doing IPv6 lookups and failing. If you want to test, disable IPv6 in firefox (about:config) or use the same nameservers as the linux router -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] route traffic through multiple interfaces
On Fri, Sep 5, 2008 at 11:16 AM, Daniel Pittman [EMAIL PROTECTED] wrote: Chris Zhang [EMAIL PROTECTED] writes: Hi Daniel, You were correct in guessing what I was after. I am trying to get VOIP working over 3G. My understanding is that there are at least two places this can be prevented. Firstly, the app(e.g. Truphone) won't let you connect unless you have a working WIFI connection. This is why I was asking for NATting possibility(I didn't describe it properly). - Assign wifi interface with an IP ( 192.168.1.1/24) and forward all traffic to 3G interface with a public IP. Since 'ipfw' won't work the way it does in a normal BSD, the only thing I thought would be changing the routing table, which you pointed out not possible. The other place where VOIP might get blocked is from the ISP, e.g. filtering on 3G network. My thought was to setup a tunnel and encrypt VOIP inside that tunnel. It should in theory bypass ISP restriction shouldn't it? Alternatively, I am not sure if VOIP works over a socks proxy. This requires iPhone being a socks client, which it doesn't support, nor have I found any thrid party apps that can do this. Last resort would prob. be ssh tunnelling. but I doubt this would work since the ports VOIP uses are in 10,000 ~ 20,000 range? apart from port 5062. I have to do some more research on this. Please also see inline reply. Thanks, Chris As Alex asked, your problem description is unclear. Since I have some different questions to what he asked, and you answered, I include them: Suppose I have two NICs on one host, NIC A and NIC B. Is it possible to get all traffic to use A, When you say to use A, what specifically do you mean: * to use the IP address that you assigned to NIC A[1] * to leave the computer and hit the wire out NIC A * something else? and then route them through B, My best guess here is that you expect the packet to: 1. Exit to the wire via NIC A 2. Return to the host via NIC B 3. Exit to the outside world via some unmentioned, third, interface Is that correct? This is the idea, except for the packets won't go out to wire. Traffic = NIC A's IP = NIC B's IP = NIC B's gateway. This is, as you pointed out, NATing, I am convinced it is not possible without iptables or such. and finally to outside? without the aid of iptables or anything similar, e.g. just changing the routing table? Suppose ip forwarding works. Why the restriction? Is this, specifically, because you want to achieve some VoIP and tunnelling related goal with the iPhone, and it only provides a standard routing stack? I ask, because the Linux IP stack is extremely flexible and can do a wide range of things that a more traditional BSD stack, well, can't. Anyway, assuming that my best guess is, in fact, correct -- which I think it probably is from the iPhone bit below -- then, no. What you are asking is impossible without the addition of NAT, packet marking, or some other method to identify the packet beyond what you get in the standard facility. The routing table doesn't include a lot of if for an individual packet, and retains no state -- you can't say if this is the second time I have seen ... Just out of curiosity, does anyone know how iPhone restricts VOIP traffic over 3G technically? It is done for profit, and by the request of customers. (The real customers, the telecoms companies, not you and the other end users who hold the physical device...) Suppose one can make a tunnel, e.g. IPSec, PPTP (which iPhone has native support), to a VPN endpoint, e.g. home computer through 3G. Is it possible to then run a VOIP app inside the tunnel? Not if Apple and their customers have any say in the matter, no. Not reliably, in the long term, because it some something other than what Apple have approved of your doing with their iPhone.[2] Regards, Daniel Footnotes: [1] ...which, under Linux, is actually a property of the computer, not the network card, and is equally valid as an outbound address for any interface, technically speaking. [2] Since you don't actually have any particular control of the device I wouldn't really call you the owner of it. You may have paid for it, but Apple still run the show... -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] route traffic through multiple interfaces
On Mon, Sep 8, 2008 at 10:30 AM, Alex Samad [EMAIL PROTECTED] wrote: On Fri, Sep 05, 2008 at 02:02:25PM +1000, Chris Zhang wrote: On Fri, Sep 5, 2008 at 11:16 AM, Daniel Pittman [EMAIL PROTECTED] wrote: Chris Zhang [EMAIL PROTECTED] writes: Hi Daniel, You were correct in guessing what I was after. I am trying to get VOIP working over 3G. Silly question but isn't voip data more expensive than normal call costs That'd depend. Most people will have a couple of hundred MB 3G download allowance thrown in. According to http://www.fring.com/fring_is/why_fring/ , VOIP usage is really not much. [snip] -- I am here to make an announcement that this Thursday, ticket counters and airplanes will fly out of Ronald Reagan Airport. - George W. Bush 10/03/2001 Washington, DC -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjEch0ACgkQkZz88chpJ2MDmwCgoDzi6QBXmFkjI09ly+G3aO1O sVUAoLZXuipHMltBH6aDsqoPbehnahGP =sZcO -END PGP SIGNATURE- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] route traffic through multiple interfaces
Hi list, Suppose I have two NICs on one host, NIC A and NIC B. Is it possible to get all traffic to use A, and then route them through B, and finally to outside? without the aid of iptables or anything similar, e.g. just changing the routing table? Suppose ip forwarding works. Just out of curiosity, does anyone know how iPhone restricts VOIP traffic over 3G technically? Suppose one can make a tunnel, e.g. IPSec, PPTP (which iPhone has native support), to a VPN endpoint, e.g. home computer through 3G. Is it possible to then run a VOIP app inside the tunnel? Thanks, Chris -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] route traffic through multiple interfaces
On Thu, Sep 4, 2008 at 10:49 PM, Alex Samad [EMAIL PROTECTED] wrote: On Thu, Sep 04, 2008 at 08:50:39PM +1000, Chris Zhang wrote: Hi list, Suppose I have two NICs on one host, NIC A and NIC B. Is it possible to get all traffic to use A, and then route them through B, and finally to outside? without the aid of iptables or anything similar, e.g. just changing the routing table? Suppose ip forwarding works. not sure what you mean, but will take a stab if you had A) eth0 192.168.1.1/24 gw 192.168.1.254 B) eth1 192.168.2.1/24 gw 192.168.2.254 you want something like ip r a default via 192.168.2.254 src 192.168.1.1 I did the aforementioned as a test, I had to remove the current gateway before I ran this otherwise it complains about an existent route. After this is done, I tried to access www.google.com, with 'links www.google.com' netstat -tapn | grep 80 tcp0 1 192.168.1.1:45154 74.125.19.99:80 SYN_SENT2132/links 'route -n' gives identical information as before. It doesn't look like traffic is going through 192.168.2.1 first. I don't have 192.168.1.254 as the gateway here. But it shouldn't matter, the idea is not to pass traffic to it but pass them to 192.168.2.1 instead. This is one step closer, at least it is using 192.168.1.1 address. Thanks Alex. so this say's all applications that attempt to open a socket without binding to and address will get 192.168.1.1 (NIC A's address), but will route out NIC B not sure if it will work, might take a bit more work Just out of curiosity, does anyone know how iPhone restricts VOIP traffic over 3G technically? Suppose one can make a tunnel, e.g. IPSec, PPTP (which iPhone has native support), to a VPN endpoint, e.g. home computer through 3G. Is it possible to then run a VOIP app inside the tunnel? Thanks, Chris -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- This foreign policy stuff is a little frustrating. - George W. Bush 04/23/2002 as quoted by the New York Daily News -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAki/2UAACgkQkZz88chpJ2PEUQCfQghSOO2MtJPLOciEDdySceud tA4AmwThccwoS6RHR6XrPU2TKsSmCuKO =XaLC -END PGP SIGNATURE- -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Off-topic ThinkPad X60s
Hi List, To sell a brand new ThinkPad X60s at a discount, if anyone is interested please email me off list. Cheers, Chris -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html