From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Don Gould - BVC" Date: Thu, 18 Dec 2003 02:20:20 +0000 Subject: Re: [LARTC] pptp, vpn & traffic control Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Thanks for the help so far... > : (ie: Each user connects to the VPN server then connects=20 > netmeeting from : point to point using the private ip that the=20 > poptop pptp vpn assigns : each client) >=20 > Neat idea. Thanks. It works quite well with VPN off a NT4 machine but I wanted to do = it=20 all on a nix machine :) Talk about make things hard thou... getting RRAS working on NT took an hou= r. =20 > : I want to be able to restrict each vpn tunnel to xk (where xk=20 > might be : 128kbits or less). >=20 > You'll probably want to use an HTB tree with a child class where > rate=CEil=128kbit for each of your clients...but you'll probably get=20 > some ideas of your own as you familiarize yourself with the tools. Before I got your message I spent a couple of hours reading chapter 9 of th= e=20 how to at lartc.org. The HTB option makes sense in concept to me... =20 Can you provide some example syntax for me given the following... Lan Testing... I have set up poptop with a local IP of 192.168.1.6 and remote IP of=20 192.168.1.200-250 I have 2 windows machines (XP Home & Win2k server) connecting as clients. They come up as ppp0:192.168.1.200 and ppp1:192.168.1.201 when I check usin= g=20 ifconfig. The machines are all connected to a 10bit hub I would like to slow the connections to 56kbits Internet Testing... On Monday Telecom NZ will deliver the second of 2 128k ADSL connections. I will then put the two WIN machines on Inet1 and the linux box on Inet2. I would like to slow the connections to 56kbits - this should mean that Ine= t1=20 and 2 both have 112kbits running across them. Does this all make sense? As I understand it the HTB works by limited the 'outgoing' data and not the= =20 incomming data and the limits will be placed on the ppp sessions and not th= e=20 eth0. How do I make the limiting start when the ppp session comes up? > : I also want to be able to stop users from using any ports on the vpn > : tunnel other than the ones required by netmeeting and port 80. >=20 > Use iptables. The iptables tutorial [3] will help you here. I suspected you were going to say as must... iptables is next on my learni= ng=20 curve! =20 > : I have read all about compiling kernels but I still haven't got this > : sused. >=20 > This makes no sense to me. What means this verb "sused"? =20 I might not have spelt it right. Like the English use the word 'sorted' as= =20 in "I don't have the problem sorted out." In other words, "I understand th= e=20 theory of compiling a kernel but I haven't done it in pratice". :) Sorry = for using slang on an international forum :) > Is that what > happens when an admin leaves, dropping a lousy old crufty SuSe box=20 > in your lap? ( "I've been Sused!" ?? )=20 heheheh :) =20 In seriousness, though, > what distribution and kernel are you using? It is likely if you=20 > have a recent installation that you have everything you need already=20 > (with the possible exception of an HTB-capable tc). I'm using Rethat 9 with kernel 2.4.20-8. Thanks again for your assistance. Cheers DiG =20 -- Don Gould The technology exists to give every home 10mbits per second for $10 per mon= th! http://sourceforge.net/donate/ - Give a little and watch the love grow! www.skype.com - sorry it's not a linux tool but it's very kewl! Wish a lin= ux=20 guru would make something for nix as good as this! news@dslprime.com - Best information about DSL technology and trends I've=20 found yet. http://www.linuxforum.com/forums/ - need I say more? :) http://australianit.news.com.au/ - My fav IT news site. http:/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/