From mboxrd@z Thu Jan 1 00:00:00 1970 From: VedaVyas Diwakar Date: Fri, 04 Oct 2002 07:30:31 +0000 Subject: [LARTC] Help MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------8FBEE5B3F5E108988D834EAA" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org This is a multi-part message in MIME format. --------------8FBEE5B3F5E108988D834EAA Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Please unsubscribe my ID vyas@yukthi.com from the mailing list. Thanks & Regards Vyas lartc-request@mailman.ds9a.nl wrote: > Send LARTC mailing list submissions to > lartc@mailman.ds9a.nl > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.ds9a.nl/mailman/listinfo/lartc > or, via email, send a message with subject or body 'help' to > lartc-request@mailman.ds9a.nl > > You can reach the person managing the list at > lartc-admin@mailman.ds9a.nl > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of LARTC digest..." > > Today's Topics: > > 1. iptables MARK (Blagovest Lazarov) > 2. Re: iptables MARK (Ramin Alidousti) > 3. Re: iptables MARK (Martin A. Brown) > 4. Multiple Static Ip's on a adls connection (mike ferguson) > 5. RE: Multiple Static Ip's on a adls connection (S Mohan) > 6. bandwidth manager using a linux bridge (Paul P. Pongco) > 7. ip rule and traceroute (Jacob Teplitsky) > 8. dsl latency... (Mattt) > 9. Re: dsl latency... (Mattt) > > --__--__-- > > Message: 1 > Date: Thu, 03 Oct 2002 17:20:08 +0300 > From: Blagovest Lazarov > Reply-To: bla@internet-bg.net > Organization: Internet Bulgaria PLC > To: lartc@mailman.ds9a.nl > Subject: [LARTC] iptables MARK > > Hi, > Please help me. Does somebody know exactly which part of ip header carry iptables > MARK? > I would like to mark packets on cisco router and shape it on a linux box. > Sorry for the English :))) > Thanks a lot, > > Blagovest Lazarov > > --__--__-- > > Message: 2 > Date: Thu, 3 Oct 2002 10:56:42 -0400 > From: Ramin Alidousti > To: Blagovest Lazarov > Cc: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] iptables MARK > > On Thu, Oct 03, 2002 at 05:20:08PM +0300, Blagovest Lazarov wrote: > > > Hi, > > Please help me. Does somebody know exactly which part of ip header carry iptables > > MARK? > > The MARKing is not done on the IP packet itself. It MARKs the internal > IP data structure used by the kernel. If you want to mark (note the > lower case notation here as opposed to MARK) you can use the TOS field. > > Ramin > > > I would like to mark packets on cisco router and shape it on a linux box. > > Sorry for the English :))) > > Thanks a lot, > > > > Blagovest Lazarov > > > > > > > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > --__--__-- > > Message: 3 > Date: Thu, 3 Oct 2002 11:07:39 -0500 (CDT) > From: "Martin A. Brown" > To: Blagovest Lazarov > Cc: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] iptables MARK > > Blagovest, > > You are actually desiring to use ToS (Type of Service) markers on the IP > packet itself. In order to set ToS, you'll use the -j TOS option to > iptables. > > http://iptables-tutorial.frozentux.net/iptables-tutorial.html#AEN2530 > > Good luck, > > -Martin > > On Thu, 3 Oct 2002, Blagovest Lazarov wrote: > > : Hi, > : Please help me. Does somebody know exactly which part of ip header carry iptables > : MARK? > : I would like to mark packets on cisco router and shape it on a linux box. > : Sorry for the English :))) > : Thanks a lot, > : > : Blagovest Lazarov > : > : > : > : > : _______________________________________________ > : LARTC mailing list / LARTC@mailman.ds9a.nl > : http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > : > > -- > Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com > > --__--__-- > > Message: 4 > From: "mike ferguson" > To: > Date: Thu, 3 Oct 2002 15:10:32 -0700 > Subject: [LARTC] Multiple Static Ip's on a adls connection > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0017_01C26AEF.043511B0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hi all.=20 > > I have recently signed up with a adsl supplier. I ordered static ip's I = > was given a block from 153-158. I am trying to make it so that each = > machine gets a live ip address that is accessable on the wan. I am using = > floppyfw as my router on a p200. I know that I could setup the the eth0 = > as multiple ip's and do nat, but I am wondering if there is another way. = > I just want all the machines to have there own ip and have that ip = > accessible to the internet with no port blocking or anything..If someone = > could help that would be greatly apreciated > ------=_NextPart_000_0017_01C26AEF.043511B0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > charset=3Diso-8859-1"> > > > > >
Hi all.
>
 
>
I have recently signed up with a adsl = > supplier. I=20 > ordered static ip's I was given a block from 153-158. I am trying to = > make it so=20 > that each machine gets a live ip address that is accessable on the wan. = > I am=20 > using floppyfw as my router on a p200. I know that I could setup the the = > eth0 as=20 > multiple ip's and do nat, but I am wondering if there is another way. I = > just=20 > want all the machines to have there own ip and have that ip accessible = > to the=20 > internet with no port blocking or anything..If someone could help that = > would be=20 > greatly apreciated
> > ------=_NextPart_000_0017_01C26AEF.043511B0-- > > --__--__-- > > Message: 5 > Reply-To: > From: "S Mohan" > To: "'mike ferguson'" , > Subject: RE: [LARTC] Multiple Static Ip's on a adls connection > Date: Fri, 4 Oct 2002 07:18:37 +0530 > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0040_01C26B76.43B5B510 > Content-Type: text/plain; > charset="US-ASCII" > Content-Transfer-Encoding: 7bit > > You need to use destination nat or dnat. I use iptables and iptables can > do this. Regarding ipchains, I'm not sure, need to check. Does floppyfw > use iptables? > > Mohan > > -----Original Message----- > From: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] > On Behalf Of mike ferguson > Sent: Friday, October 04, 2002 3:41 AM > To: lartc@mailman.ds9a.nl > Subject: [LARTC] Multiple Static Ip's on a adls connection > > Hi all. > > I have recently signed up with a adsl supplier. I ordered static ip's I > was given a block from 153-158. I am trying to make it so that each > machine gets a live ip address that is accessable on the wan. I am using > floppyfw as my router on a p200. I know that I could setup the the eth0 > as multiple ip's and do nat, but I am wondering if there is another way. > I just want all the machines to have there own ip and have that ip > accessible to the internet with no port blocking or anything..If someone > could help that would be greatly apreciated > > ------=_NextPart_000_0040_01C26B76.43B5B510 > Content-Type: text/html; > charset="US-ASCII" > Content-Transfer-Encoding: quoted-printable > > > > charset=3Dus-ascii"> > Message > > > > > >
You = > need to use=20 > destination nat or dnat. I use iptables and iptables can do this. = > Regarding=20 > ipchains, I'm not sure, need to check. Does floppyfw use=20 > iptables?
>
size=3D2> 
>
size=3D2>Mohan
>
>
>
align=3Dleft> face=3DTahoma size=3D2>-----Original Message-----
From:=20 > lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] On = > Behalf=20 > Of mike ferguson
Sent: Friday, October 04, 2002 3:41=20 > AM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] = > Multiple=20 > Static Ip's on a adls connection

>
Hi all.
>
 
>
I have recently signed up with a adsl = > supplier. I=20 > ordered static ip's I was given a block from 153-158. I am trying to = > make it=20 > so that each machine gets a live ip address that is accessable on the = > wan. I=20 > am using floppyfw as my router on a p200. I know that I could setup = > the the=20 > eth0 as multiple ip's and do nat, but I am wondering if there is = > another way.=20 > I just want all the machines to have there own ip and have that ip = > accessible=20 > to the internet with no port blocking or anything..If someone could = > help that=20 > would be greatly apreciated
> > ------=_NextPart_000_0040_01C26B76.43B5B510-- > > --__--__-- > > Message: 6 > From: "Paul P. Pongco" > To: lartc@mailman.ds9a.nl > Date: 04 Oct 2002 10:04:03 +0800 > Subject: [LARTC] bandwidth manager using a linux bridge > > Hello List, > > Has anyone tried doing this using CBQ or HTB? I have seen > implementations of firewall(using ipchains and iptables) using a linux > bridge. > Thanks. > > -- > Cheers, > > Paul P. Pongco > > > > --__--__-- > > Message: 7 > From: Jacob Teplitsky > To: lartc@mailman.ds9a.nl > Date: Thu, 3 Oct 2002 20:25:19 -0700 (PDT) > Subject: [LARTC] ip rule and traceroute > > I'm trying to force traceroute to use non default (not main) routing table, but it doesn't work. > Anyclues are appriciated. > Thanks > - Jacob > > # ip route get 192.168.2.1 > RTNETLINK answers: Network is unreachable > # ip route get 192.168.2.1 from 10.10.10.13 > 192.168.2.1 from 10.10.10.13 via 10.10.10.1 dev nr0 > cache mtu 1500 advmss 1460 > > # traceroute -s 10.10.10.13 192.168.2.1 > traceroute to 192.168.2.1 (192.168.2.1) from 10.10.10.13, 30 hops max, 40 byte packets > 1 sendto: Network is unreachable > traceroute: wrote 192.168.2.1 40 chars, ret=-1 > > # ip rule > 0: from all lookup local > 1: from 10.10.10.13 lookup nr > 32766: from all lookup main > 32767: from all lookup 253 > # ip route show table nr > default via 10.10.10.1 dev nr0 > > --__--__-- > > Message: 8 > From: Mattt > To: lartc@mailman.ds9a.nl > Date: 04 Oct 2002 14:14:29 +1000 > Subject: [LARTC] dsl latency... > > Hi all, > > I've gotten the WonderShaper (slightly modified) running on the > router. We have a 512/128 connection, and I set DOWNLINK=300, UPLINK=100 > (the link is currently under-utilised, and huge performance is not > required at this stage). All appears well (at least, it's stable), but I > have two questions. > > Firstly, given that the link is *very* under-utilised, does the > following output look reasonable? It looks as if only qdisc has actually > seen traffic : > > ========== > jenner:/etc/firewall/wondershaper-1.1a# ./wshaper status > qdisc ingress ffff: ---------------- > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc sfq 30: quantum 1514b perturb 10sec > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc sfq 20: quantum 1514b perturb 10sec > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc sfq 10: quantum 1514b perturb 10sec > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit > Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 624 undertime 0 > > class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit > Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 624 undertime 0 > class cbq 1:10 parent 1:1 leaf 10: rate 100Kbit prio 1 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 624 undertime 0 > class cbq 1:1 parent 1: rate 100Kbit (bounded,isolated) prio 5 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 624 undertime 0 > class cbq 1:20 parent 1:1 leaf 20: rate 90Kbit prio 2 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 624 undertime 0 > class cbq 1:30 parent 1:1 leaf 30: rate 80Kbit prio 2 > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > borrowed 0 overactions 0 avgidle 624 undertime 0 > jenner:/etc/firewall/wondershaper-1.1a# > ========== > > Also, I'm noticing a fair wait before, for instance, downloading a web > site (although the phenomenom is also quite apparent over at least most > protocols, though). Say, perhaps, 1 or 2 seconds before *any* page > 'instantaneously' appears ;-) > > We run our own DNS, as well as a DNS cache (the djbdns package), so > lookups should not be causing a problem (in fact, they're not - this > only happens to traffic leaving the DSL interface). > > I realise that DSL latency isn't as good as some other technologies, > but is this something I should be able to minimise the effect of? > > Admittedly, it sounds to me as if the traffic is still queuing at the > modem - have I simply done something stupid? I'm applying the qdiscs to > eth3 rather than ppp0 (as applying them to ppp0 would oops the kernel > after less than a minute or two reliably...). > > I'm new to lartc, but learning (through necessity). I can't help but > feel that my questions here are actually related - the lack of counter > data on the qdiscs, the classic symtoms(?) of DSL latency... Is it even > working for me? > > -- > Cheers, > Mattt. icq : 117539757 > aboveNetworks www : www.above.nq4u.net > mattt@above.nq4u.net jabber: mattt@jabber.above.nq4u.net > > What's got four legs and an arm? A happy Pit Bull... > > --__--__-- > > Message: 9 > Subject: Re: [LARTC] dsl latency... > From: Mattt > To: lartc@mailman.ds9a.nl > Date: 04 Oct 2002 14:24:30 +1000 > > Was just reading over the script, and remembered that I re-installed it > fresh... it's *not* slightly modified as stated below, other than the > d/u link numbers... the noprio stuff is all empty... > > On Fri, 2002-10-04 at 14:14, Mattt wrote: > > Hi all, > > > > I've gotten the WonderShaper (slightly modified) running on the > > router. We have a 512/128 connection, and I set DOWNLINK=300, UPLINK=100 > > (the link is currently under-utilised, and huge performance is not > > required at this stage). All appears well (at least, it's stable), but I > > have two questions. > > > > Firstly, given that the link is *very* under-utilised, does the > > following output look reasonable? It looks as if only qdisc has actually > > seen traffic : > > > > ========== > > jenner:/etc/firewall/wondershaper-1.1a# ./wshaper status > > qdisc ingress ffff: ---------------- > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > > > qdisc sfq 30: quantum 1514b perturb 10sec > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > > > qdisc sfq 20: quantum 1514b perturb 10sec > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > > > qdisc sfq 10: quantum 1514b perturb 10sec > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > > > qdisc cbq 1: rate 10Mbit (bounded,isolated) prio no-transmit > > Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0) > > borrowed 0 overactions 0 avgidle 624 undertime 0 > > > > class cbq 1: root rate 10Mbit (bounded,isolated) prio no-transmit > > Sent 2896610 bytes 29310 pkts (dropped 0, overlimits 0) > > borrowed 0 overactions 0 avgidle 624 undertime 0 > > class cbq 1:10 parent 1:1 leaf 10: rate 100Kbit prio 1 > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > borrowed 0 overactions 0 avgidle 624 undertime 0 > > class cbq 1:1 parent 1: rate 100Kbit (bounded,isolated) prio 5 > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > borrowed 0 overactions 0 avgidle 624 undertime 0 > > class cbq 1:20 parent 1:1 leaf 20: rate 90Kbit prio 2 > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > borrowed 0 overactions 0 avgidle 624 undertime 0 > > class cbq 1:30 parent 1:1 leaf 30: rate 80Kbit prio 2 > > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > borrowed 0 overactions 0 avgidle 624 undertime 0 > > jenner:/etc/firewall/wondershaper-1.1a# > > ========== > > > > Also, I'm noticing a fair wait before, for instance, downloading a web > > site (although the phenomenom is also quite apparent over at least most > > protocols, though). Say, perhaps, 1 or 2 seconds before *any* page > > 'instantaneously' appears ;-) > > > > We run our own DNS, as well as a DNS cache (the djbdns package), so > > lookups should not be causing a problem (in fact, they're not - this > > only happens to traffic leaving the DSL interface). > > > > I realise that DSL latency isn't as good as some other technologies, > > but is this something I should be able to minimise the effect of? > > > > Admittedly, it sounds to me as if the traffic is still queuing at the > > modem - have I simply done something stupid? I'm applying the qdiscs to > > eth3 rather than ppp0 (as applying them to ppp0 would oops the kernel > > after less than a minute or two reliably...). > > > > I'm new to lartc, but learning (through necessity). I can't help but > > feel that my questions here are actually related - the lack of counter > > data on the qdiscs, the classic symtoms(?) of DSL latency... Is it even > > working for me? > > > > -- > > Cheers, > > Mattt. icq : 117539757 > > aboveNetworks www : www.above.nq4u.net > > mattt@above.nq4u.net jabber: mattt@jabber.above.nq4u.net > > > > What's got four legs and an arm? A happy Pit Bull... > > > > _______________________________________________ > > LARTC mailing list / LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > -- > Cheers, > Mattt. icq : 117539757 > aboveNetworks www : www.above.nq4u.net > mattt@above.nq4u.net jabber: mattt@jabber.above.nq4u.net > > What's got four legs and an arm? A happy Pit Bull... > > --__--__-- > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc > > End of LARTC Digest --------------8FBEE5B3F5E108988D834EAA Content-Type: text/x-vcard; charset=us-ascii; name="vyas.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for VedaVyas Diwakar Content-Disposition: attachment; filename="vyas.vcf" begin:vcard n:Diwakar;VedaVyas tel;cell:98450 61219 tel;work:+91 80 6587116, 6582923 x-mozilla-html:FALSE org:Yukthi Systems Pvt. Ltd.;www.yukthi.com adr:;;;;;; version:2.1 email;internet:vyas@yukthi.com title:Manager OPS fn:VedaVyas Diwakar end:vcard --------------8FBEE5B3F5E108988D834EAA-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/