From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: RE: [LARTC] new user
Date: Wed, 14 May 2003 18:22:42 +0000 [thread overview]
Message-ID: <marc-lartc-105293662519365@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101688861206225@msgid-missing>
Ismet,
As you may have noticed we don't really understand exactly what you wish
to do. We understand that you have a number of "client" networks behind
your router, and that you wish to use linux (LARTC), but we are not sure
about the nature of your question.
: it is possible in LARTC?
Quite probably. I understand that there may be a linguistic barrier for
you in communicating your question to the list, but we need to know more
in order to engage your question. So please ask better questions in the
future. With that said, here are some answers to the questions I thought
you were asking:
Are you asking
1. if you can limit bandwidth for each client?
Yes. You'll want to learn about HTB. You will probably
wish to create a top-level class to limit the total bandwidth to
the available bandwidth for all of your clients, and then create
child classes alloting 128k for each client, e.g.,
1:1 (77mbit) +--------+ 1:1001 (128kbit)
+--------+ 1:1002 (128kbit)
+--------+ 1:1003 (128kbit)
...
+--------+ 1:1200 (128kbit)
Your clients will still be "fighting" over any bandwidth left in
class 1:1, but at least you can limit the total bandwidth that
all of them will be able to consume. You can also cap each
individual class by using the rate and ceil parameters for the
child classes.
There is a metric boatload of documentation on HTB by the author [1]
and by Stef Coene [2].
OR
: eth0 internet
: eth1 local
: i want 200 ip on eth1
2. if you can use a single router with multiple IPs on a single
ethernet interface?
Yes. You can trivially host multiple IPs on the same interface by
making use of the "ip address add" command. I have not completed
writing my documentation [3] and examples for this command, but the
ip-cref manual [4] which comes with the iproute2 package will
provide the necessary clues.
In short, the machine can host many IPs on a single interface, and
according to the rules for source address selection [5], should even
generate ICMP messages from the correct IPs for your client
networks.
OR
: > client1 not connect client200
3. if you can prevent the different client networks from communicating
with each other?
Yes. You can do so by using iptables. I would suggest the iptables
tutorial [6] for an introduction to the capabilities of packet
filtering with kernel 2.4 and iptables.
You can also prevent different client networks from connecting to
each other by using clever policy routing. See a discussion between
me and Tomas Bonnedahl from earlier this year [7]. I would suggest
using policy routing in addition to (not as a replacement for)
correctly configured packet filters (see next answer).
OR
: > 7.client 10.client cant connect p2p.
4. if you can configure different packet filters for each client?
Yes. You can do so by using iptables. I would suggest the iptables
tutorial [6] for an introduction to the capabilities of packet
filtering with kernel 2.4 and iptables.
There are a large number of tools for automating the writing of
packet filters. These tools can be found on freshmeat.net [8]. I
would suggest choosing one of these after you understand how
iptables can help you solve your problem.
So, in short, Ismet, linux-2.4 can probably do what you want. Please feel
free to ask more specific questions after you have familiarized yourself
with the wealth of options.
-Martin
[1] http://luxik.cdi.cz/~devik/qos/htb/
[2] http://www.docum.org/
[3] http://linux-ip.net/html/tools-ip-address.html
[4] http://linux-ip.net/gl/ip-cref/node22.html
[5] http://linux-ip.net/html/routing-saddr-selection.html
http://linux-ip.net/gl/ip-cref/node155.html
[6] http://iptables-tutorial.frozentux.net/
[7] http://mailman.ds9a.nl/pipermail/lartc/2003q1/007174.html
[8] http://freshmeat.net/search/?q=iptables§ion=projects&x=0&y=0
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-14 18:22 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-03-23 13:02 [LARTC] New User Giuliano Cardozo Medalha
2002-03-23 14:10 ` Stef Coene
2003-05-13 6:16 ` [LARTC] new user Ismet Sonmez
2003-05-13 12:27 ` hare ram
2003-05-13 17:05 ` Stef Coene
2003-05-14 6:57 ` Ismet Sonmez
2003-05-14 15:00 ` Ismet Sonmez
2003-05-14 18:02 ` Stef Coene
2003-05-14 18:22 ` Martin A. Brown [this message]
2003-05-14 19:08 ` Ismet Sonmez
2003-11-02 17:31 ` raz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105293662519365@msgid-missing \
--to=mabrown-lartc@securepipe.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.