[masq] Load distribution over two interfaces
I'm looking to see if either ipfwadm or ipchains (or anything else, for that matter) will work for what I'm trying to do. The end result will (hopefully) have a linux box seperating two networks.. one internal, and one external. The linux box will have 3 ethernet cards, one for the internal network, and two for the external network. Is it possible to have the outgoing load balanced over the two external interfaces? It would seem plausible, since we're going out to a switch, and we would have 2 cards * 10mbit each, totalling a theoretical 20mbit connection to a 100mbit uplink. Even if it isn't natural load balancing, is there a way to have all traffic of say, web type, go over one nic, and all quake traffic go over another? Or is this method fundamentally flawed by something simple that I'm missing? If ipfwadm can't do this, I'm sure someone knows of something like this that will get the job done.. :) Thanks a bunch.. --Doug Clements [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] IP Masq - FTP problems
When NOT using PASV, I believe the problem has more to do with the use of non-standard FTP ports than anything else. From my experience, the masq software uses a different technique when setting up the masq routing entries for non-standard versus standard FTP port usage. This causes demasquerading problems when a FTP server trys to do the data connection back to the client (using of course, ip info from a prior masq'd PORT command). Provided that the server can support PASV mode, that would be the favored solution. Unless your friend's server could be altered to use the standard 21 listening port (which appears to satisfy masq). I, for one would welcome a solution for non-PASV and non-standard PORT servers. Regards, Dave Corlew -Original Message- From: David A. Ranch [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 09, 1999 2:24 PM To: Carl Engstrom; [EMAIL PROTECTED] Subject: Re: [masq] IP Masq - FTP problems 1) My friend has an ftp site that for some reason I can't get data transers from . I can log in to the site just fine, but when The site sends me a directory list, I get a 425 can't build data connection: No route to host can't initiate data transfer. I can connect to every other site that I've tried. The site I'm connecting to is not at PORT 21 it's at PORT 2001 and he's running glftpd not the standard ftpd from red hat. Ahhh.. check. You either need to do FTPs with the PASV mode or you need to load the ip_masq_ftp module with: /sbin/insmod ip_masq_ftp ports=21,2001 This is what the /usr/src/linux/net/ipv4/ip_masq_ftp.c source code says: -- * Multiple Port Support * The helper can be made to handle up to MAX_MASQ_APP_PORTS (normally 12) * with the port numbers being defined at module load time. The module * uses the symbol "ports" to define a list of monitored ports, which can * be specified on the insmod command line as * ports=x1,x2,x3... * where x[n] are integer port numbers. This option can be put into * /etc/conf.modules (or /etc/modules.conf depending on your config) * where modload will pick it up should you use modload to load your * modules. * */ -- 2) I can't connect directly with ICQ. I can send messages through the server, but I can't chat or send a direct message. Did you properly configure ICQ for: - non-socks firewall - limit ports to 2000-2020 Did you change the IPFWADM UDP timeout to 8 minutes? Did you setup IPPORTFW and forward ports 2000-2020 to your MASQed ICQ machine? Anyway, the TrinityOS doc (updated yesterday and today), have all these settings documented. Just check out: 11 - Patching, Compiling, and installing IPPORTFW 10 - MASQ startup and advanced firewall rulesets for single and multi-NIC setups --David .--- -. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | ! ! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] IP Masq - FTP problems
On 10 Jan 99, at 10:15, Carl Petersen wrote about "Re: [masq] IP Masq - FTP problems": | Hi, | I have a new ipmasq setup running just great after I set the mtu on the | ppp0 interface to 1500. Using Win98, linux, WinNT 5.0and BeOS as | clients. | | Could someone shed some light on the FTP issue? I seem to have the | same issue Mr. Engstrom wrote about except the ftp server I'm connecting | to is on port 21. Some ftp clients hang when attempting a file list and | others succeed? Are you talking about outside clients connecting to a masqueraded server? If so, clients using PASV mode (i.e. most web browsers) won't work. - Fred Viles mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Mail Errors
When reviewing my messages log I seem to get the following errors when people check their mail and certain services: Jan 11 06:19:31 zoom5208 identd[3606]: Returned: 63534 , 110 : NO-USER Jan 11 06:19:34 zoom5208 identd[3607]: from: 205.228.208.11 (ares.soonernet.com) for: 63535, 110 Jan 7 20:06:18 zoom5208 identd[1995]: Returned: 64832 , 7000 : NO-USER Jan 7 20:06:56 zoom5208 identd[1996]: from: 205.219.23.75 (hera.webzone.net) for: 64833, 7000 What are these and how do I correct this problem, or is it a problem? R. Brett Gilbert mailto:[EMAIL PROTECTED]http://205.228.205.208 ICQ User: http://www.mirabilis.com ICQ ID#: 3109887 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] if-out errors when using external SMTP
Hello. I've got a Win95 box going through my Linux box to get to the internet. When I send email from the Win machine using an SMTP server that is external to my network, I get a handful of the following errors in my log file: IP fw-out deny eth0 ICMP/3 x.x.x.x y.y.y.y L=108 S=0xC0 I=26547 F=0x T=64 x.x.x.x = external IP address on my linux box (eth0). y.y.y.y = SMTP server, external to my network And I have the following outgoing firewall rules set up for ICMP (assuming this is where it is): ipfwadm -O -a accept -P icmp -W $EXTERNAL_INTERFACE \ -S $IPADDR 0 4 812 -D $ANYWHERE ipfwadm -O -a accept -P icmp -W $EXTERNAL_INTERFACE \ -S $IPADDR 3 11 -D $DHCP_SERVERS ipfwadm -O -a deny -P icmp -o -W $EXTERNAL_INTERFACE \ -S $ANYWHERE -D $ANYWHERE The email does get sent though I cannot really be sure there is a performance hit from this or not. If I remove the deny line above, there are no errors. I cobbled these firewall rules together so I have to admit that I don't yet understand the ICMP configurations and therefore don't know if I need it. Can someone explain what this is, and offer a suggested change to my firewall rules to eliminate this error? thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] IP Masq - FTP problems
AFAIK this 2000-2020 stuff is not necessary, nor are changing the IPFWADM UDP timeouts. I'm running a 2.0.36 masq right now with the default UDP timeout and no special forwarding for ICQ, and have two hosts behind it running ICQ with no problems. I did configure for a non-socks firewall, however, and set the firewall timeout to ~1 minute. Unless you setup IPPORTFW, ICQ Chat won't work though messaging will. Regarding the changing the of the UDP timeouts, you are right though I found this option in ICQ later. If DO need to change the UDP timeout if you don't change ICQ's firewall timeout. --David .. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Question about the ip_masq_raudio module
Current RA clients tend to negotiate the best one they can manage over the link - so no UDP causes fallback to TCP. Ahhh.. check! So, realistically I might get a little less loss with RealAudio if I use UDP traffic. I'll try it. Thanks Nigel! --David .. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]