From: psihozefir <sorin.panca@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: restricting connections from a single connection to a single destination
Date: Fri, 26 Aug 2005 11:21:09 +0300 [thread overview]
Message-ID: <fdb0cf3905082601211b085c1c@mail.gmail.com> (raw)
Grant Taylor wrote:
> P.S. If you would like help trying to explain
> the VLAN concept let me know as I'm having to
> implement this at one of my clients now. In fact I may just write a How-To
> on it and see about
> submitting it somewhere b/c I think it will be rather interesting
> (read "fun" to those of us who like > challenges) to do.
I have a small LAN with my neighbours and they have access to the
Internet through my router. I once needed to block pc to pc traffic
because the LAN is made of about 10 low cost ethernet switching hubs
on four level tree and they could not manage the connections between
machines. So I had a lot of unuseful traffic in the network. They
started to act like non-switching hubs. The maximum transfer speed
dropped to 2.5 Mbyte/s (that's unacceptable). [ They are 48 neighbours
connected to this LAN. ]
Solution:
Each switch has its own subnet and the router is virtually on all
subnets with the lowest address on that subnet. The router has aliases
for eth1 (10 aliases). Problem: the traffic between subnets goes
through the router. The router has one 100 Mbit/s connection to LAN.
Concurrent connections slow each other, if they are all betweeen
different subnets. The router is unnecesarily loaded.
I had to develop the solution fast, and I know nothing about vlans. I
googled for docs but none I've found was short and step-oriented. I
also looked for solutions that explaind in terms of "for this feature
to work these are the minimum requirements: a), b) and c)". This could
improve troubleshooting in case of something is not working. I just
verify the a), b) and c) conditions to be fulfilled.
I've found sites where the concept was explained, but it was too much
to read and experiment until I could be able to do something useful.
The network should be operational during the tests with short times of
inoperability.
Sorin...
P.S. If you can explain the VLAN concepts and write a How-to I would
very much appreciate your effort. Thank you.
next reply other threads:[~2005-08-26 8:21 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-26 8:21 psihozefir [this message]
2005-08-26 21:25 ` restricting connections from a single connection to a single destination Taylor, Grant
-- strict thread matches above, loose matches on Subject: below --
2005-08-25 14:11 Todd Landfried
2005-08-26 2:05 ` Grant Taylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fdb0cf3905082601211b085c1c@mail.gmail.com \
--to=sorin.panca@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.