Re: [LARTC] pptp, vpn & traffic control

From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] pptp, vpn & traffic control
Date: Thu, 18 Dec 2003 00:26:02 +0000	[thread overview]
Message-ID: <marc-lartc-107170764319108@msgid-missing> (raw)
In-Reply-To: <marc-lartc-107170129112910@msgid-missing>

Don,

 : I want to set up some traffic control and don't know where to start...

I'll copy my own comments from the LARTC FAQ (o-Matic) [0].

[ begin from FAQ ]

  In addition to the lartc.org HOWTO itself, I'd suggest some introductory
  reading....first my own traffic control overview (and some links to other
  documentation):

    http://tldp.org/HOWTO/Traffic-Control-HOWTO/
    http://tldp.org/HOWTO/Traffic-Control-HOWTO/links.html

  An alternative introduction is Leonardo Balliache's pages:

    http://opalsoft.net/qos/DS.htm

  Werner Almesberger's still relevant implementation overview of 1999
  warrants (and rewards) careful study:

    http://www.almesberger.net/cv/papers.html
    http://www.almesberger.net/cv/papers/tcio8.pdf

  Once you have an understanding of the entire traffic control system, the
  easiest way to some practical configurations is with the tcng software:

    http://tcng.sourceforge.net/

  The tcng software reads a structured configuration file, where the "tc"
  command line utility is documented in parts of documents all over the
  'net.

[ end from FAQ ]

I'd suggest my Traffic Control HOWTO and Werner's pages for you until you have
a rough idea of the entire system.  Once you understand the system, head over
to the LARTC site [1] to get some detailed help on what commands to use.
Also never forget that Stef Coene has a large set of pages [2] which detail HTB
and traffic control generally in an excellent fashion.

 : (ie: Each user connects to the VPN server then connects netmeeting from
 : point to point using the private ip that the poptop pptp vpn assigns
 : each client)

Neat idea.

 : Netmeeting will use up as much bandwidth as it can. (As I understand
 : it)

So will a bulk file download.  ;-)

 : I want to be able to restrict each vpn tunnel to xk (where xk might be
 : 128kbits or less).

You'll probably want to use an HTB tree with a child class where
rateÎil\x128kbit for each of your clients...but you'll probably get some
ideas of your own as you familiarize yourself with the tools.

 : I also want to be able to stop users from using any ports on the vpn
 : tunnel other than the ones required by netmeeting and port 80.

Use iptables.  The iptables tutorial [3] will help you here.

 : I have read all about compiling kernels but I still haven't got this
 : sused.

This makes no sense to me.  What means this verb "sused"?  Is that what
happens when an admin leaves, dropping a lousy old crufty SuSe box in your
lap?  ( "I've been Sused!"  ?? )  In seriousness, though, what
distribution and kernel are you using?  It is likely if you have a recent
installation that you have everything you need already (with the possible
exception of an HTB-capable tc).

-Martin

 [0] http://www.docum.org/stef.coene/qos/faq/cache/
     http://www.docum.org/stef.coene/qos/faq/cache/46.html
 [1] http://lartc.org/
     http://lartc.org/howto/
 [2] http://docum.org/
 [3] http://iptables-tutorial.frozentux.net/

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/