[LARTC] Are There better EQL devices
I have set up one of our routers to use a TEQL Device to direct the outbound traffic but I would like to have a bit more control with how it sends out traffic. Is there a better EQL device that would allow me to say set the rate of the connections and have it fill up the first pipe then dump to the second then the third and so on so that an outbound connection could use the combined outbound connection more efficiently? Joe Gavin ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] know if packets are marked
On Mi, 2007-01-24 at 07:29 -0300, Roberto Pereyra wrote: /usr/local/sbin/iptables -A PREROUTING -t mangle -m physdev --physdev-in eth1 -p tcp --dport 80 -j MARK --set-mark 2 How I can know if this packets are marked ? On the same machine (your bridge), you can match the mark later with iptables ... -m mark --mark value[/mask] ... and there is a classifier for tc, too, I think. The mark doesn't stay on the packets once they leave your bridge, though, so you can't match them on other boxes. Regards, Torsten ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] know if packets are marked
Also connection tracking (cat /proc/net/ip_conntrack) if loaded will show up the mark id (mark=). Andreas On Wed, 2007-01-24 at 07:29 -0300, Roberto Pereyra wrote: Hi !! I marking packets in a bridge: Mark outbound www packets from clients: /usr/local/sbin/iptables -A PREROUTING -t mangle -m physdev --physdev-in eth1 -p tcp --dport 80 -j MARK --set-mark 2 How I can know if this packets are marked ? roberto ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Thoughput
Hi, I am after a feel of the throughput capabilities for TC and Iptables in comparison to dedicated hardware. I have heard talk about 1Gb+ throughput with minimal performance impact using 50ish TC rules and 100+ Iptables rules. Is there anyone here running large throughput / large configurations, and if so, what sort of figures? Regards Dan ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Where can I get a patch to use ipt_time module on POSROUTING chain
Hello, Does someone know where can I get a patch to use ipt_time module on POSTROUTING chain ? The original patch won't works on POSTROUTING I've setup my server as QoS bridge with Layer7, ipp2p so all my rules are on POSTROUTING chain ... Regards ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] ip alias + dsl modem
On Thu, Jan 25, 2007 at 12:14:56AM +0900, GodSharp wrote: Hi Guys, Just wondering for some reason when I switched providers(DSL) IP aliasing stopped working. And, I am not sure what kind of modem this is, the previous one had some Ethernet ports at the back(it has a bult-in 4 port switch) the new doesn't have one, only a single Ethernet port and It is directly connected to my Linux box. My provider gave me a /24 subnet and 9 useable IP's. # ip a s eth2 6: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:08:a1:72:c1:f5 brd ff:ff:ff:ff:ff:ff inet xxx.xxx.xxx.50/24 brd xxx.xxx.xxx.255 scope global eth2 inet xxx.xxx.xxx.51/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.52/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.53/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.54/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.55/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.56/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.57/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.58/24 brd xxx.xxx.xxx.255 scope global secondary eth2 -- settings -- ip link set eth2 up ip addr flush dev eth2 ip addr add xxx.xxx.xxx.50/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.51/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.52/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.53/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.54/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.55/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.56/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.57/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.58/24 brd xxx.xxx.xxx.255 dev eth2 ip route add default via xxx.xxx.xxx.1 --- end settings --- /proc/sys/net/ipv4/ip_forward is 1 /proc/sys/net/ipv4/ip_dynaddr is 1 works: ping google.com -I eth2 works: ping google.com -I xxx.xxx.xxx.50 not working: ping google.com -I xxx.xxx.xxx.58 have you tried ip route get it will tell you what the kernel is thinking on how its going to route the packet. you might also need to setup some ip rule lines for each of the secondary addresses. but first try pinging the next hop with each of the addresses ! From the outside I can ping xxx.xxx.xxx.50 but cannot ping any secondary IP's. I tried tcpdump but didn't receive any replies from the secondary ip's I got replies from the primary IP though. If I remove the secondary IP's and use it on another computer the secondary IP works. It looks like I can only use 1 IP per computer(per mac). What seems to be the problem? Is it the modem? I am not sure about adsl's and their type of settings (bridge/router) and I would like to contact my provider. But I am having troubles on asking them regarding the problem. If there's a technical explanation regarding this or some trick it would help me clarify them or me. There are no filters involved(iptables). On my previous provider aliasing works both are dsl's. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc signature.asc Description: Digital signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] ip alias + dsl modem
GodSharp wrote: Hi Guys, Just wondering for some reason when I switched providers(DSL) IP aliasing stopped working. And, I am not sure what kind of modem this is, the previous one had some Ethernet ports at the back(it has a bult-in 4 port switch) the new doesn't have one, only a single Ethernet port and It is directly connected to my Linux box. My provider gave me a /24 subnet and 9 useable IP's. # ip a s eth2 6: eth2: BROADCAST,MULTICAST,UP mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:08:a1:72:c1:f5 brd ff:ff:ff:ff:ff:ff inet xxx.xxx.xxx.50/24 brd xxx.xxx.xxx.255 scope global eth2 inet xxx.xxx.xxx.51/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.52/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.53/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.54/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.55/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.56/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.57/24 brd xxx.xxx.xxx.255 scope global secondary eth2 inet xxx.xxx.xxx.58/24 brd xxx.xxx.xxx.255 scope global secondary eth2 -- settings -- ip link set eth2 up ip addr flush dev eth2 ip addr add xxx.xxx.xxx.50/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.51/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.52/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.53/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.54/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.55/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.56/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.57/24 brd xxx.xxx.xxx.255 dev eth2 ip addr add xxx.xxx.xxx.58/24 brd xxx.xxx.xxx.255 dev eth2 ip route add default via xxx.xxx.xxx.1 --- end settings --- /proc/sys/net/ipv4/ip_forward is 1 /proc/sys/net/ipv4/ip_dynaddr is 1 My brain refuses to engage this evening, but I think you mean rp_filter, not ip_dynaddr. -- buck ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
