[LARTC] Help

From: VedaVyas Diwakar <vyas@yukthi.com>
To: lartc@vger.kernel.org
Subject: [LARTC] Help
Date: Fri, 04 Oct 2002 07:30:31 +0000	[thread overview]
Message-ID: <marc-lartc-103371567523477@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98694625714468@msgid-missing>

[-- Attachment #1: Type: text/plain, Size: 19157 bytes --]

Please unsubscribe my ID vyas@yukthi.com from the mailing list.

Thanks & Regards
Vyas

lartc-request@mailman.ds9a.nl wrote:

> Send LARTC mailing list submissions to
>         lartc@mailman.ds9a.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://mailman.ds9a.nl/mailman/listinfo/lartc
> or, via email, send a message with subject or body 'help' to
>         lartc-request@mailman.ds9a.nl
>
> You can reach the person managing the list at
>         lartc-admin@mailman.ds9a.nl
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of LARTC digest..."
>
> Today's Topics:
>
>    1. iptables MARK (Blagovest Lazarov)
>    2. Re: iptables MARK (Ramin Alidousti)
>    3. Re: iptables MARK (Martin A. Brown)
>    4. Multiple Static Ip's on a adls connection (mike ferguson)
>    5. RE: Multiple Static Ip's on a adls connection (S Mohan)
>    6. bandwidth manager using a linux bridge (Paul P. Pongco)
>    7. ip rule and traceroute (Jacob Teplitsky)
>    8. dsl latency... (Mattt)
>    9. Re: dsl latency... (Mattt)
>
> --__--__--
>
> Message: 1
> Date: Thu, 03 Oct 2002 17:20:08 +0300
> From: Blagovest Lazarov <bla@internet-bg.net>
> Reply-To: bla@internet-bg.net
> Organization: Internet Bulgaria PLC
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] iptables MARK
>
> Hi,
> Please help me. Does somebody know exactly which part of ip header carry iptables
> MARK?
> I would like to mark packets on cisco router and shape it on a linux box.
> Sorry for the English  :)))
> Thanks a lot,
>
> Blagovest Lazarov
>
> --__--__--
>
> Message: 2
> Date: Thu, 3 Oct 2002 10:56:42 -0400
> From: Ramin Alidousti <ramin@cannon.eng.us.uu.net>
> To: Blagovest Lazarov <bla@internet-bg.net>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] iptables MARK
>
> On Thu, Oct 03, 2002 at 05:20:08PM +0300, Blagovest Lazarov wrote:
>
> > Hi,
> > Please help me. Does somebody know exactly which part of ip header carry iptables
> > MARK?
>
> The MARKing is not done on the IP packet itself. It MARKs the internal
> IP data structure used by the kernel. If you want to mark (note the
> lower case notation here as opposed to MARK) you can use the TOS field.
>
> Ramin
>
> > I would like to mark packets on cisco router and shape it on a linux box.
> > Sorry for the English  :)))
> > Thanks a lot,
> >
> > Blagovest Lazarov
> >
> >
> >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
> --__--__--
>
> Message: 3
> Date: Thu, 3 Oct 2002 11:07:39 -0500 (CDT)
> From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
> To: Blagovest Lazarov <bla@internet-bg.net>
> Cc: lartc@mailman.ds9a.nl
> Subject: Re: [LARTC] iptables MARK
>
> Blagovest,
>
> You are actually desiring to use ToS (Type of Service) markers on the IP
> packet itself.  In order to set ToS, you'll use the -j TOS option to
> iptables.
>
>   http://iptables-tutorial.frozentux.net/iptables-tutorial.html#AEN2530
>
> Good luck,
>
> -Martin
>
> On Thu, 3 Oct 2002, Blagovest Lazarov wrote:
>
>  : Hi,
>  : Please help me. Does somebody know exactly which part of ip header carry iptables
>  : MARK?
>  : I would like to mark packets on cisco router and shape it on a linux box.
>  : Sorry for the English  :)))
>  : Thanks a lot,
>  :
>  : Blagovest Lazarov
>  :
>  :
>  :
>  :
>  : _______________________________________________
>  : LARTC mailing list / LARTC@mailman.ds9a.nl
>  : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>  :
>
> --
> Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
>
> --__--__--
>
> Message: 4
> From: "mike ferguson" <thadude@gta.igs.net>
> To: <lartc@mailman.ds9a.nl>
> Date: Thu, 3 Oct 2002 15:10:32 -0700
> Subject: [LARTC] Multiple Static Ip's on a adls connection
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0017_01C26AEF.043511B0
> Content-Type: text/plain;
>         charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hi all.=20
>
> I have recently signed up with a adsl supplier. I ordered static ip's I =
> was given a block from 153-158. I am trying to make it so that each =
> machine gets a live ip address that is accessable on the wan. I am using =
> floppyfw as my router on a p200. I know that I could setup the the eth0 =
> as multiple ip's and do nat, but I am wondering if there is another way. =
> I just want all the machines to have there own ip and have that ip =
> accessible to the internet with no port blocking or anything..If someone =
> could help that would be greatly apreciated
> ------=_NextPart_000_0017_01C26AEF.043511B0
> Content-Type: text/html;
>         charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Diso-8859-1">
> <META content=3D"MSHTML 5.50.4919.2200" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2>Hi all. </FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial size=3D2>I have recently signed up with a adsl =
> supplier. I=20
> ordered static ip's I was given a block from 153-158. I am trying to =
> make it so=20
> that each machine gets a live ip address that is accessable on the wan. =
> I am=20
> using floppyfw as my router on a p200. I know that I could setup the the =
> eth0 as=20
> multiple ip's and do nat, but I am wondering if there is another way. I =
> just=20
> want all the machines to have there own ip and have that ip accessible =
> to the=20
> internet with no port blocking or anything..If someone could help that =
> would be=20
> greatly apreciated</FONT></DIV></BODY></HTML>
>
> ------=_NextPart_000_0017_01C26AEF.043511B0--
>
> --__--__--
>
> Message: 5
> Reply-To: <smohan@vsnl.com>
> From: "S Mohan" <smohan@vsnl.com>
> To: "'mike ferguson'" <thadude@gta.igs.net>, <lartc@mailman.ds9a.nl>
> Subject: RE: [LARTC] Multiple Static Ip's on a adls connection
> Date: Fri, 4 Oct 2002 07:18:37 +0530
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_0040_01C26B76.43B5B510
> Content-Type: text/plain;
>         charset="US-ASCII"
> Content-Transfer-Encoding: 7bit
>
> You need to use destination nat or dnat. I use iptables and iptables can
> do this. Regarding ipchains, I'm not sure, need to check. Does floppyfw
> use iptables?
>
> Mohan
>
> -----Original Message-----
> From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl]
> On Behalf Of mike ferguson
> Sent: Friday, October 04, 2002 3:41 AM
> To: lartc@mailman.ds9a.nl
> Subject: [LARTC] Multiple Static Ip's on a adls connection
>
> Hi all.
>
> I have recently signed up with a adsl supplier. I ordered static ip's I
> was given a block from 153-158. I am trying to make it so that each
> machine gets a live ip address that is accessable on the wan. I am using
> floppyfw as my router on a p200. I know that I could setup the the eth0
> as multiple ip's and do nat, but I am wondering if there is another way.
> I just want all the machines to have there own ip and have that ip
> accessible to the internet with no port blocking or anything..If someone
> could help that would be greatly apreciated
>
> ------=_NextPart_000_0040_01C26B76.43B5B510
> Content-Type: text/html;
>         charset="US-ASCII"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
> charset=3Dus-ascii">
> <TITLE>Message</TITLE>
>
> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><SPAN class=3D640454501-04102002><FONT color=3D#0000ff size=3D2>You =
> need to use=20
> destination nat or dnat. I use iptables and iptables can do this. =
> Regarding=20
> ipchains, I'm not sure, need to check. Does floppyfw use=20
> iptables?</FONT></SPAN></DIV>
> <DIV><SPAN class=3D640454501-04102002><FONT color=3D#0000ff=20
> size=3D2></FONT></SPAN>&nbsp;</DIV>
> <DIV><SPAN class=3D640454501-04102002><FONT color=3D#0000ff=20
> size=3D2>Mohan</FONT></SPAN></DIV>
> <BLOCKQUOTE dir=3Dltr style=3D"MARGIN-RIGHT: 0px">
>   <DIV></DIV>
>   <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr =
> align=3Dleft><FONT=20
>   face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20
>   lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] <B>On =
> Behalf=20
>   Of </B>mike ferguson<BR><B>Sent:</B> Friday, October 04, 2002 3:41=20
>   AM<BR><B>To:</B> lartc@mailman.ds9a.nl<BR><B>Subject:</B> [LARTC] =
> Multiple=20
>   Static Ip's on a adls connection<BR><BR></FONT></DIV>
>   <DIV><FONT face=3DArial size=3D2>Hi all. </FONT></DIV>
>   <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
>   <DIV><FONT face=3DArial size=3D2>I have recently signed up with a adsl =
> supplier. I=20
>   ordered static ip's I was given a block from 153-158. I am trying to =
> make it=20
>   so that each machine gets a live ip address that is accessable on the =
> wan. I=20
>   am using floppyfw as my router on a p200. I know that I could setup =
> the the=20
>   eth0 as multiple ip's and do nat, but I am wondering if there is =
> another way.=20
>   I just want all the machines to have there own ip and have that ip =
> accessible=20
>   to the internet with no port blocking or anything..If someone could =
> help that=20
>   would be greatly apreciated</FONT></DIV></BLOCKQUOTE></BODY></HTML>
>
> ------=_NextPart_000_0040_01C26B76.43B5B510--
>
> --__--__--
>
> Message: 6
> From: "Paul P. Pongco" <paulp@mozcom.com>
> To: lartc@mailman.ds9a.nl
> Date: 04 Oct 2002 10:04:03 +0800
> Subject: [LARTC] bandwidth manager using a linux bridge
>
> Hello List,
>
> Has anyone tried doing this using CBQ or HTB? I have seen
> implementations of firewall(using ipchains and iptables) using a linux
> bridge.
> Thanks.
>
> --
> Cheers,
>
> Paul P. Pongco
>
>
>
> --__--__--
>
> Message: 7
> From: Jacob Teplitsky <jacobt@bivio.net>
> To: lartc@mailman.ds9a.nl
> Date: Thu, 3 Oct 2002 20:25:19 -0700 (PDT)
> Subject: [LARTC] ip rule and traceroute
>
> I'm trying to force traceroute to use non default (not main) routing table, but it doesn't work.
> Anyclues are appriciated.
> Thanks
> - Jacob
>
> # ip route get 192.168.2.1
> RTNETLINK answers: Network is unreachable
> # ip route get 192.168.2.1 from 10.10.10.13
> 192.168.2.1 from 10.10.10.13 via 10.10.10.1 dev nr0
>     cache  mtu 1500 advmss 1460
>
> # traceroute -s 10.10.10.13 192.168.2.1
> traceroute to 192.168.2.1 (192.168.2.1) from 10.10.10.13, 30 hops max, 40 byte packets
>  1 sendto: Network is unreachable
> traceroute: wrote 192.168.2.1 40 chars, ret=-1
>
> # ip rule
> 0:      from all lookup local
> 1:      from 10.10.10.13 lookup nr
> 32766:  from all lookup main
> 32767:  from all lookup 253
> # ip route show table nr
> default via 10.10.10.1 dev nr0
>
> --__--__--
>
> Message: 8
> From: Mattt <mattt@above.nq4u.net>
> To: lartc@mailman.ds9a.nl
> Date: 04 Oct 2002 14:14:29 +1000
> Subject: [LARTC] dsl latency...
>
> Hi all,
>
>   I've gotten the WonderShaper (slightly modified) running on the
> router. We have a 512/128 connection, and I set DOWNLINK=300, UPLINK=100
> (the link is currently under-utilised, and huge performance is not
> required at this stage). All appears well (at least, it's stable), but I
> have two questions.
>
>   Firstly, given that the link is *very* under-utilised, does the
> following output look reasonable? It looks as if only qdisc has actually
> seen traffic :
>
> ==========
> jenner:/etc/firewall/wondershaper-1.1a# ./wshaper status
> qdisc ingress ffff: ----------------
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>
> qdisc sfq 30: quantum 1514b perturb 10sec
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>
> qdisc sfq 20: quantum 1514b perturb 10sec
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>
> qdisc sfq 10: quantum 1514b perturb 10sec
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>
> qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit
>  Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 624 undertime 0
>
> class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
>  Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 624 undertime 0
> class cbq 1:10 parent 1:1 leaf 10: rate 100Kbit prio 1
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 624 undertime 0
> class cbq 1:1 parent 1: rate 100Kbit (bounded,isolated) prio 5
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 624 undertime 0
> class cbq 1:20 parent 1:1 leaf 20: rate 90Kbit prio 2
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 624 undertime 0
> class cbq 1:30 parent 1:1 leaf 30: rate 80Kbit prio 2
>  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
>   borrowed 0 overactions 0 avgidle 624 undertime 0
> jenner:/etc/firewall/wondershaper-1.1a#
> ==========
>
>   Also, I'm noticing a fair wait before, for instance, downloading a web
> site (although the phenomenom is also quite apparent over at least most
> protocols, though). Say, perhaps, 1 or 2 seconds before *any* page
> 'instantaneously' appears ;-)
>
>   We run our own DNS, as well as a DNS cache (the djbdns package), so
> lookups should not be causing a problem (in fact, they're not - this
> only happens to traffic leaving the DSL interface).
>
>   I realise that DSL latency isn't as good as some other technologies,
> but is this something I should be able to minimise the effect of?
>
>   Admittedly, it sounds to me as if the traffic is still queuing at the
> modem - have I simply done something stupid? I'm applying the qdiscs to
> eth3 rather than ppp0 (as applying them to ppp0 would oops the kernel
> after less than a minute or two reliably...).
>
>   I'm new to lartc, but learning (through necessity). I can't help but
> feel that my questions here are actually related - the lack of counter
> data on the qdiscs, the classic symtoms(?) of DSL latency... Is it even
> working for me?
>
> --
> Cheers,
>  Mattt.                      icq   : 117539757
>  aboveNetworks               www   : www.above.nq4u.net
>  mattt@above.nq4u.net        jabber: mattt@jabber.above.nq4u.net
>
>          What's got four legs and an arm?  A happy Pit Bull...
>
> --__--__--
>
> Message: 9
> Subject: Re: [LARTC] dsl latency...
> From: Mattt <mattt@above.nq4u.net>
> To: lartc@mailman.ds9a.nl
> Date: 04 Oct 2002 14:24:30 +1000
>
> Was just reading over the script, and remembered that I re-installed it
> fresh... it's *not* slightly modified as stated below, other than the
> d/u link numbers... the noprio stuff is all empty...
>
> On Fri, 2002-10-04 at 14:14, Mattt wrote:
> > Hi all,
> >
> >   I've gotten the WonderShaper (slightly modified) running on the
> > router. We have a 512/128 connection, and I set DOWNLINK=300, UPLINK=100
> > (the link is currently under-utilised, and huge performance is not
> > required at this stage). All appears well (at least, it's stable), but I
> > have two questions.
> >
> >   Firstly, given that the link is *very* under-utilised, does the
> > following output look reasonable? It looks as if only qdisc has actually
> > seen traffic :
> >
> > ==========
> > jenner:/etc/firewall/wondershaper-1.1a# ./wshaper status
> > qdisc ingress ffff: ----------------
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >
> > qdisc sfq 30: quantum 1514b perturb 10sec
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >
> > qdisc sfq 20: quantum 1514b perturb 10sec
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >
> > qdisc sfq 10: quantum 1514b perturb 10sec
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >
> > qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit
> >  Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0)
> >   borrowed 0 overactions 0 avgidle 624 undertime 0
> >
> > class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit
> >  Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0)
> >   borrowed 0 overactions 0 avgidle 624 undertime 0
> > class cbq 1:10 parent 1:1 leaf 10: rate 100Kbit prio 1
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >   borrowed 0 overactions 0 avgidle 624 undertime 0
> > class cbq 1:1 parent 1: rate 100Kbit (bounded,isolated) prio 5
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >   borrowed 0 overactions 0 avgidle 624 undertime 0
> > class cbq 1:20 parent 1:1 leaf 20: rate 90Kbit prio 2
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >   borrowed 0 overactions 0 avgidle 624 undertime 0
> > class cbq 1:30 parent 1:1 leaf 30: rate 80Kbit prio 2
> >  Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
> >   borrowed 0 overactions 0 avgidle 624 undertime 0
> > jenner:/etc/firewall/wondershaper-1.1a#
> > ==========
> >
> >   Also, I'm noticing a fair wait before, for instance, downloading a web
> > site (although the phenomenom is also quite apparent over at least most
> > protocols, though). Say, perhaps, 1 or 2 seconds before *any* page
> > 'instantaneously' appears ;-)
> >
> >   We run our own DNS, as well as a DNS cache (the djbdns package), so
> > lookups should not be causing a problem (in fact, they're not - this
> > only happens to traffic leaving the DSL interface).
> >
> >   I realise that DSL latency isn't as good as some other technologies,
> > but is this something I should be able to minimise the effect of?
> >
> >   Admittedly, it sounds to me as if the traffic is still queuing at the
> > modem - have I simply done something stupid? I'm applying the qdiscs to
> > eth3 rather than ppp0 (as applying them to ppp0 would oops the kernel
> > after less than a minute or two reliably...).
> >
> >   I'm new to lartc, but learning (through necessity). I can't help but
> > feel that my questions here are actually related - the lack of counter
> > data on the qdiscs, the classic symtoms(?) of DSL latency... Is it even
> > working for me?
> >
> > --
> > Cheers,
> >  Mattt.                      icq   : 117539757
> >  aboveNetworks               www   : www.above.nq4u.net
> >  mattt@above.nq4u.net        jabber: mattt@jabber.above.nq4u.net
> >
> >        What's got four legs and an arm?  A happy Pit Bull...
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
> --
> Cheers,
>  Mattt.                      icq   : 117539757
>  aboveNetworks               www   : www.above.nq4u.net
>  mattt@above.nq4u.net        jabber: mattt@jabber.above.nq4u.net
>
>          What's got four legs and an arm?  A happy Pit Bull...
>
> --__--__--
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc
>
> End of LARTC Digest

[-- Attachment #2: Card for VedaVyas Diwakar --]
[-- Type: text/x-vcard, Size: 253 bytes --]

begin:vcard 
n:Diwakar;VedaVyas
tel;cell:98450 61219
tel;work:+91 80 6587116, 6582923
x-mozilla-html:FALSE
org:Yukthi Systems Pvt. Ltd.;www.yukthi.com
adr:;;;;;;
version:2.1
email;internet:vyas@yukthi.com
title:Manager OPS
fn:VedaVyas Diwakar
end:vcard