Delay

Delay

[Jose Rocha]

Hi, everybody!!!

Does anybody know if I can introduce delay to all packets that come from one
IP??? For example, I want to intruduce 10ms of delay in all packets that come
from one IP. May I use the netfilter to do this? Does anyone have another idea??


Thanks a lot for the attention.
Rocha 




http://www.ieg.com.br

Re: Delay

[Maciej Soltysiak]

> Does anybody know if I can introduce delay to all packets that come from one
> IP??? For example, I want to intruduce 10ms of delay in all packets that come
> from one IP. May I use the netfilter to do this? Does anyone have another idea??
Read about IMQ in Linux Advanced Routing and Traffic Control (lartc)

Regards,
Maciej Soltysiak

delay

[Paulo Ricardo Bruck]

Hi guys

Just a question. I have a firewall w/ 3 NIC as below:

			Internet ADSL
			|
			|eth1 200.200.200.44/26
		_________________________	
		|	Firewall	|	DMZ
		| iptables 1.2.8	|_eth2 192.168.1.1/24______EMail
		|_______________________|			192.168.1.3	
			|
			| eth0 10.0.0.1/24
			LAN


Firewall : Debian 2.4.22 + iptables 1.2.8


route:
200.200.200.0/26 dev eth1  proto kernel  scope link  src 200.200.200.44
10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.1
192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.1
default via 200.200.200.1 dev eth1

rules:

a) iptables -A PREROUTING -d 200.200.200.1 -p tcp -m multiport --dports
smtp,pop3,imap2,webcache -j DNAT --to-destination 192.168.1.3

b) iptables -A POSTROUTING -o eth1 -j SNAT --to-source 200.200.200.1

c) iptables -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.1.1


What happens:

- all desktops ( M$windows) access webmail and email w/ no problems, but
if I insert rule c) above it causes a delay when any desktop hit
get/post e-mail in Outlook and it takes +- 40 seconds to "connenct".

I know that must be a silly misconfiguration of something but after 1
week searching the problem I can't imagine what's wrong.

Can anybody help me please

Thanks in advance

Re: delay

[Ramin Dousti]

On Fri, Oct 31, 2003 at 04:56:33PM -0200, Paulo Ricardo Bruck wrote:

> Hi guys
> 
> Just a question. I have a firewall w/ 3 NIC as below:
> 
> 			Internet ADSL
> 			|
> 			|eth1 200.200.200.44/26
> 		_________________________	
> 		|	Firewall	|	DMZ
> 		| iptables 1.2.8	|_eth2 192.168.1.1/24______EMail
> 		|_______________________|			192.168.1.3	
> 			|
> 			| eth0 10.0.0.1/24
> 			LAN
> 
> 
> Firewall : Debian 2.4.22 + iptables 1.2.8
> 
> 
> route:
> 200.200.200.0/26 dev eth1  proto kernel  scope link  src 200.200.200.44
> 10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.1
> 192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.1
> default via 200.200.200.1 dev eth1
> 
> rules:
> 
> a) iptables -A PREROUTING -d 200.200.200.1 -p tcp -m multiport --dports
> smtp,pop3,imap2,webcache -j DNAT --to-destination 192.168.1.3
> 
> b) iptables -A POSTROUTING -o eth1 -j SNAT --to-source 200.200.200.1
> 
> c) iptables -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.1.1
> 
> 
> What happens:
> 
> - all desktops ( M$windows) access webmail and email w/ no problems, but
> if I insert rule c) above it causes a delay when any desktop hit
> get/post e-mail in Outlook and it takes +- 40 seconds to "connenct".

Let me not ask you why you have rule (c). But in general a long delay
is most of the time related to a faulty or non-existent reverse DNS.
But in case of SMTP it also might have something to do with ident
being dropped...

Ramin

> 
> I know that must be a silly misconfiguration of something but after 1
> week searching the problem I can't imagine what's wrong.
> 
> Can anybody help me please
> 
> Thanks in advance
> 
> 
> 
> 
> 

Re: delay

[Maciej Soltysiak]

> But in case of SMTP it also might have something to do with ident
> being dropped...
I do not think i have seen SMTP use ident, ever.

Regards,
Maciej

Re: delay

[Ramin Dousti]

On Fri, Oct 31, 2003 at 08:25:45PM +0100, Maciej Soltysiak wrote:

> > But in case of SMTP it also might have something to do with ident
> > being dropped...
> I do not think i have seen SMTP use ident, ever.

No but sendmail (an SMTP server) uses ident back to the client to verify.
Have you ever seen this before?

Ramin

> 
> Regards,
> Maciej

Re: delay

[Aaron P. Martinez]

On Fri, 2003-10-31 at 14:07, Ramin Dousti wrote:
> On Fri, Oct 31, 2003 at 08:25:45PM +0100, Maciej Soltysiak wrote:
> 
> > > But in case of SMTP it also might have something to do with ident
> > > being dropped...
> > I do not think i have seen SMTP use ident, ever.
> 
> No but sendmail (an SMTP server) uses ident back to the client to verify.
> Have you ever seen this before?
Also, depending on what pop/imap server you're using...it will also use
ident...You can get around this using UofW imapd and popd by commenting
out the appropriate line in the xinetd.conf

Aaron
> 
> Ramin
> 
> > 
> > Regards,
> > Maciej
> 

Re: delay

[Maciej Soltysiak]

> No but sendmail (an SMTP server) uses ident back to the client to verify.
> Have you ever seen this before?
Just checked it, it really does use ident :-)

I've been using postfix and sendmail, so I have not seen this. Good to
know that :)

Regards,
Maciej

Re: delay

[Paulo Ricardo Bruck]

Em Sex, 2003-10-31 às 17:15, Ramin Dousti escreveu:
> On Fri, Oct 31, 2003 at 04:56:33PM -0200, Paulo Ricardo Bruck wrote:
> 
> > Hi guys
> > 
> > Just a question. I have a firewall w/ 3 NIC as below:
> > 
> > 			Internet ADSL
> > 			|
> > 			|eth1 200.200.200.44/26
> > 		_________________________	
> > 		|	Firewall	|	DMZ
> > 		| iptables 1.2.8	|_eth2 192.168.1.1/24______EMail
> > 		|_______________________|			192.168.1.3	
> > 			|
> > 			| eth0 10.0.0.1/24
> > 			LAN
> > 
> > 
> > Firewall : Debian 2.4.22 + iptables 1.2.8
> > 
> > 
> > route:
> > 200.200.200.0/26 dev eth1  proto kernel  scope link  src 200.200.200.44
> > 10.0.0.0/24 dev eth0  proto kernel  scope link  src 10.0.0.1
> > 192.168.1.0/24 dev eth2  proto kernel  scope link  src 192.168.1.1
> > default via 200.200.200.1 dev eth1
> > 
> > rules:
> > 
> > a) iptables -A PREROUTING -d 200.200.200.1 -p tcp -m multiport --dports
> > smtp,pop3,imap2,webcache -j DNAT --to-destination 192.168.1.3
> > 
> > b) iptables -A POSTROUTING -o eth1 -j SNAT --to-source 200.200.200.1
> > 
> > c) iptables -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.1.1
> > 
> > 
> > What happens:
> > 
> > - all desktops ( M$windows) access webmail and email w/ no problems, but
> > if I insert rule c) above it causes a delay when any desktop hit
> > get/post e-mail in Outlook and it takes +- 40 seconds to "connenct".
> 
> Let me not ask you why you have rule (c). 
c) I insert because we have in DMZ a IIS and as far as I known I could
protect it putting PREROUTING rules.... who knows??? If someone invade
IIS at least I'll be protecting LAN changing their IP ....80)


> But in general a long delay
> is most of the time related to a faulty or non-existent reverse DNS.
> But in case of SMTP it also might have something to do with ident
> being dropped...
maybe it can help: 
 iptables -N AUTH
iptables -A FORWARD -d $LAN -p tcp --dport 113 -j AUTH
iptables -A FORWARD -d $REDEDMZ -p tcp  --dport 113 -j AUTH
iptables -A AUTH  -j REJECT -p tcp --reject-with tcp-reset

As you can see I'm rejecting ident.... Is that the problem ??



> 
> Ramin
> 
> > 
> > I know that must be a silly misconfiguration of something but after 1
> > week searching the problem I can't imagine what's wrong.
> > 
> > Can anybody help me please
> > 
> > Thanks in advance
> > 
> > 
> > 
> > 
> > 

Re: delay

[Ramin Dousti]

On Fri, Oct 31, 2003 at 07:13:44PM -0200, Paulo Ricardo Bruck wrote:
> > > 
> > > c) iptables -A POSTROUTING -o eth2 -j SNAT --to-source 192.168.1.1
> > > 
> > > 
> > > What happens:
> > > 
> > > - all desktops ( M$windows) access webmail and email w/ no problems, but
> > > if I insert rule c) above it causes a delay when any desktop hit
> > > get/post e-mail in Outlook and it takes +- 40 seconds to "connenct".
> > 
> > Let me not ask you why you have rule (c). 
> c) I insert because we have in DMZ a IIS and as far as I known I could
> protect it putting PREROUTING rules.... who knows??? If someone invade
> IIS at least I'll be protecting LAN changing their IP ....80)

And changing their IP to 192.168.1.1 protects you, how?

> > But in general a long delay
> > is most of the time related to a faulty or non-existent reverse DNS.
> > But in case of SMTP it also might have something to do with ident
> > being dropped...
> maybe it can help: 
>  iptables -N AUTH
> iptables -A FORWARD -d $LAN -p tcp --dport 113 -j AUTH
> iptables -A FORWARD -d $REDEDMZ -p tcp  --dport 113 -j AUTH
> iptables -A AUTH  -j REJECT -p tcp --reject-with tcp-reset
> 
> As you can see I'm rejecting ident.... Is that the problem ??

Try tcpdump and see what is happening. I'm not sure but some of the
--reject-with options didn't do their job correctly (AFAICR).

Ramin

delay

[raja]

Hi,
    Would you please tell me how to write a function that generates a 
delay of Less than a sec.(ie for 1 milli se or one microsec etc).

Thankingyou,
Raja

Re: delay

[Vladimir V. Saveliev]

Hello

raja wrote:
> Hi,
>    Would you please tell me how to write a function that generates a
> delay of Less than a sec.(ie for 1 milli se or one microsec etc).
> 

Maybe you could use: linux/kernel/timer.c:schedule_timeout()

> Thankingyou,
> Raja
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
> 
> 

Re: delay

[Jesper Juhl]

On 8/24/05, Vladimir V. Saveliev <vs@namesys.com> wrote:
> Hello
> 
> raja wrote:
> > Hi,
> >    Would you please tell me how to write a function that generates a
> > delay of Less than a sec.(ie for 1 milli se or one microsec etc).
> >
> 
> Maybe you could use: linux/kernel/timer.c:schedule_timeout()
> 

udelay() / ndelay() ?

-- 
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html

Re: delay

[Tim Bird]

raja wrote:
> Hi,
>     Would you please tell me how to write a function that generates a 
> delay of Less than a sec.(ie for 1 milli se or one microsec etc).

See udelay() (follow the trail from: include/linux/delay.h)

=============================
Tim Bird
Architecture Group Chair, CE Linux Forum
Senior Staff Engineer, Sony Electronics
=============================

delay

[Karel Zak]

Hi,

sorry for delay with patches & replies in last days. I had flu last
week. I'll try to cleanup my INBOX in next days. Thanks.

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com