Fedora Networking :: Netem Rate Limiting (token Bucket Filter) Not Supported?
Apr 3, 2010
I've been trying for a couple days now to get netem rate limiting to work on a Fedora 12 i686 virtual machine (both on VMware Fusion and KVM), and have had no success.In order to do outbound rate limiting, I want to use the netem token bucket filter (TBF), as described here:[URL]Unfortunately, attempting to use the TBF results in this error:
Code:
[root@f12-build ~]# tc qdisc add dev eth1 parent 1:1 handle 10: tbf rate 256kbit buffer 1600 limit 3000
[code]...
View 1 Replies
ADVERTISEMENT
Oct 27, 2010
I have a bridged network setup ifconfig -a gives following output
Code:
br0 Link encap:Ethernet HWaddr 00:26:b9:82:42:38
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::226:b9ff:fe82:4238/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:150779 errors:0 dropped:0 overruns:0 frame:0
[Code]...
3) What are these vmnet1,vmnet2,vmnet3,vmne4 which I see above. I used kvm and virt-manager to create a bridged setup.
View 1 Replies
View Related
May 20, 2011
I'd like to discourage the SSH bots that try to log into my system (CentOSv5), and among other things, I've changed my SSH port to someting other than 22. As well, I've been playing around with the idea of some iptables rules (note port 22 is used here as example):
Code:
# Allow SSH with a rate limit
iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -m hashlimit --hashlimit 15/hour --hashlimit-burst 3 --hashlimit-htable-expire 600000 --hashlimit-mode srcip --hashlimit-name ssh -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j LOG --log-prefix "[DROPPED SSH]: "
iptables -A INPUT -i ppp0 -p tcp --syn --dport 22 -j DROP
I am *NOT* an iptables expert. What do you all think about the above code snip?
View 4 Replies
View Related
Mar 6, 2011
I have about 5 machines that are under Ddos daily and I use rate-limit for Iptables to protect that and it works good.My UDP ports 20100 to 20400 are actually under Ddos so these are the commands I use:
Code:
A INPUT -p udp -m udp --dport 20100:20500 -m state --state NEW -m recent --set --name DEFAULT --rsource
[code]....
View 5 Replies
View Related
Jun 22, 2010
Is there any good tool in GNU/Linux that copy files like cp, but also shows progress and limits speed (and changes limit without interruption) like pv?
Prototype: find source_directory | cpio -H newc -o | pv -s `du -bs source_directory/ | awk '{print $1}'` | (cd /destination/directory && cpio -di)
Also rsync -aP source_directory /destionation/directory/, but this shows progress bars individually and can't change rate after started. Or may be I should just write a wrapper for pv/cpio? Done.
View 2 Replies
View Related
Feb 4, 2011
I see on my webserver some logs as follows Quote:
203.252.157.98 - :25:02 "GET //phpmyadmin/ HTTP/1.1" 404 393 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro"
203.252.157.98 - :25:03 "GET //phpMyAdmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @
[code]....
View 2 Replies
View Related
Feb 21, 2010
I am getting this error "Unknown filter "police", hence option "rate" is unparsable. This is in Linux Kernel 2.6 which is compiled with the "policing" option enabled in Qos (Kernel config). The error seems to be coming from the file tc.c in iproute2/
static int parse_nofopt(struct filter_util *qu, char *fhandle, int argc, char **argv, struct nlmsghdr *n) {
__u32 handle;
if (argc) {
fprintf(stderr, "Unknown filter "%s", hence option "%s" is unparsable
", qu->id, *argv);
return -1;
} if (fhandle) {
struct tcmsg *t = NLMSG_DATA(n);
if (get_u32(&handle, fhandle, 16)) {
fprintf(stderr, "Unparsable filter ID "%s"
", fhandle);
return -1; }
t->tcm_handle = handle; }
return 0; }
This is called from get_filter_kind() which is called from tc_filter_modify(), called from do_filter(), from do_cmd() from main()...all in tc.c. Is this a known "bug" in iproute2+2.6 as the 2.4 Kernel works with the same settings?
View 14 Replies
View Related
Feb 21, 2011
Is there any way to connect a Fedora 14 PC to a Token Ring LAN? I know I need to use the olympic driver for my card and I know how to configure it in an older version ubuntu, but I'm coming up totally empty on Fedora.
View 11 Replies
View Related
Nov 11, 2010
We have a DSL , how can we calculate the available bandwidth so that we can shape the packet, We can assume the bandwidth to be 100mbps on the ethernet interface However, in DSL devices, the train rate(Bandwidth rate ) is varies according to different situation. How can i get the available bandwidth rate(from varies)?. Any method is there for getting the available bandwidth value....
View 7 Replies
View Related
Nov 25, 2010
I have a FC13 box that has both Gnome and KDE sessions installed.
I have noticed on the KDE session that data transfer rates are slower than when I use Gnome.
In Gnome, I can transfer files between my FC13 machine and my Ubuntu 10.04 pc at a rate of 6.5 MB/s (52 Mb/s if my maths is correct), but in KDE the rate is only 3.5 MB/s (28 Mb/s).
"ethtool eth0" shows my NIC speed as 100 Mb/s. Obviously I am not hitting anywhere near that speed in either session, (a separate article may be happen in the future to address that), but I am curious as to why KDE is that much slower for file transfer.
View 3 Replies
View Related
Jun 2, 2011
Is it possible to diagnose the cable between the PC and switch using F14 tools? I am suspecting that something is wrong due to <100Mbit xfer rates on a gigabit connection, but can't be certain. The switch is no help as it's a cheapo one with only link/act lights.
View 2 Replies
View Related
Feb 26, 2011
I am new to fedora and I've installed fedora 14, I want to know what are the steps to make my machine act as a transparent (IP-less) bridge? Second, after setting the bridge, I want to make all the packets that passes through the bridge execute a servlet filter (to make some tests and add cookies) is it possible? Is there a simpler way to do those tests on the packets and add cookies?
View 4 Replies
View Related
Feb 21, 2011
I have 2 ISP where give me IP Public with ISP A (/29) and ISP B (/28). So, I connect this two ISP to unmanaged switch. And from that switch, I take one cable connected to eth0 on the server. (Note : My server have 2 dev ethernet, eth0 and eth1). eth1 will go to the Switch which will go to the LAN.
My Question is : 1. Is this possible to make bandwith control on the gateway server with mode separating International bandwith and local bandwith (my country bandwith)? ie, for my Mail Server I will give the "intl bandwith" only 512 kpbs and for local bandwith with 1Mbps. What a software can I use for this model ?
2. Which model I should to used, with NAT or with Bridging router? That's all for now..
View 5 Replies
View Related
Apr 12, 2010
You may have seen some other posts by me about my final year college project. Im implementing a web based network management website. Iv got a lot of the functionality working at this stage but one part is allocating bandwidth.
Iv got an eircom 3mb broadband connection and I want to be able to split this between users. At the moment I only have my desktop and laptop on the network. Im looking for advice on how i can allocate bandwidth with iptables and/or the tc tool in ubuntu.
My website is on an ubuntu virtual machine and written in php. Whatever about running the iptables and tc commands from php I still need to figure out the actual commands i need to use in the first place.
View 14 Replies
View Related
Aug 9, 2010
I'm looking for an open source/free network emulator tool that I could use on Mac OS X, to simulate a slow network connection, limited bandwidth and other network characteristics such as dropped packets etc for both UDP/TCP connections (or even on the physical layer).
I'm looking for the simplest solution that would allow me to run TCP/UDP servers and have a few clients connect to them on localhost emulating various network connections. I'm mainly wondering if I can use something like Linux's netem on Mac OS X (or even better cross-platform Windows/Linux/Mac). Perhaps I can run VirtualBox and a Linux kernel running netem, has anyone had luck with that?[URL]...
View 2 Replies
View Related
Nov 30, 2010
I have a teenage daughter that understands Ubuntu, but not so much the terminal, and she does not know the superuser password. Unfortunately, she regularly goes on the Internet during the nighttime and in the early morning. What I am attempting to do is prevent anyone from going onto the Internet during the night (11 PM - 5:30 AM) unless they know the superuser password or a fair bit about the terminal.
I have already tried some commands, however all of them can be bypassed by restarting the computer. ex. sudo ifconfig eth0 down
For additional information on my Internet:
My Internet connection is relatively slow, so I would prefer if the solution does not hinder it any further. It is slow because there is no high-speed in my area, and I am forced to use Xplorenet -> "Fixed Wireless". I do not have a router.
View 9 Replies
View Related
Dec 4, 2009
I'm having problems with NX, it's doing strange things, trying to connect to some IP host in timbuktoo because my DNS provider's DNS sucks AND because NX is looking up the host "localhost" without first consulting my hosts file (which nsswitch explicitly tells it to do). THAT's all beside the point.
To work around this apparent bug in NX I tried creating an iptables rule to redirect traffic destin for a certain IP (10.x.x.x) to localhost (127.0.0.1) with the following rule: iptables -t nat -I PREROUTING -d 10.x.x.x -j DNAT --to 127.0.0.1. After adding the above rule, my attempts to connect to that host continued to get routed right off into the internet where I DIDN't want them to go. Instead of being redirected to the localhost/loopback address.
It seems DNAT to localhost is not supported? A Google search reveals many other people having this issue but blaming it on everything but iptables. I'm proposing that it's not supported, by design or not, to redirect traffic from a NIC to the loopback network?
View 1 Replies
View Related
Nov 26, 2010
Can anyone suggest a wireless-N adapter (USB or PCI) that is well supported under F13? And do you think an upgrade from G to N is worth it? I'm probably going to upgrade my router to N in any case as the old one is buggy and/or dying.
View 2 Replies
View Related
Jun 25, 2010
I have configured dhcp3-server on my debian box and I'm wanting to offer dhcp on one of the vlan interfaces. The dhcp is functioning but when I test applying it to a different vlan, the original PC can still get an IP. For example: eth1 has vlan100 and vlan200. Our managed switch has the ports configured such the pc1 is on vlan100 and pc2 is on vlan2. This works fine and I can inter-route between vlans with static IPs. Our dhcp config is currently set as:
ping-check true;
ddns-update-style none;
default-lease-time 21600;
max-lease-time 86400;
INTERFACES="vlan100";
authoritative;
[code]....
View 2 Replies
View Related
Jan 22, 2010
I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions.all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.This Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
View 5 Replies
View Related
Jun 13, 2010
I am currently having problems with my server. Its being DDOSed. I have a vps with Centos 64bit. The attack I want to block is udp flood. I was trying to do something like this: iptables -I INPUT -p udp --dport 123 -m limit --limit 40/s -j DROP but instead of blocking certain hosts it blocks the whole port and during the attack its unreachable. How to limit packets per host or any other way to protect from udp flood.
View 11 Replies
View Related
Aug 18, 2010
This message appears very often in teh output of very different programs, for example Firefox/Swiftfox, Thunderbird, Mplayer In case of Mozilla apps it sometimes freezes KDE interface too (can't switch windows or panel does not pop-up) for a few seconds. IPV6 is not compiled into kernel and module is not built. It is disabled on the eth0 interface too.
View 1 Replies
View Related
Mar 9, 2011
Can both token ring and ethernet be connected to same switch? If we can connect so, how can a switch able to differentiate them.
View 1 Replies
View Related
Jan 22, 2009
I have a fedora 9 server. It is used purely as a dedicated server. Until recently I never came close to my allowed bandwidth of 1 TB but I expect that may change in the near future because I will be adding many files for downloading. I have Apache 2.2.9, PHP 5.2.6, mySQL 5.0.51 and Webmin 1.441.
The most critical thing is monitoring total bandwidth and then doing a job, probably using Cron to change a folder's name, to stop downloads before a critical point is reached and my sites shut down. I would also probably eventually like to limit member downloads so all members of the sites get a chance to download and one person doesn't use all the bandwidth. I expect that would be possible using php. to log the bandwidth used by members. I know php but I don't know how to get the bandwidth using php.
View 1 Replies
View Related
Oct 26, 2010
I have been spending several days getting wxwidgets to work in code::blocks ide on several different platforms. Now I am down to one instance that I can't figure out. I have wxwidgets working in Fedora 13 x64, but cannot get it to work in a Fedora 13 x32 version. Actually, wxwidgets seem to be installed OK, but I run into compiler errors when I try to compile the default wxhello project. I get quite a few messages, in different header files, of this type:
/usr/include/assert.h:39:42: error: missing binary operator before token "("#if defined __cplusplus && __GNUC_PREREQ (2,95) From my friend Google this would seem to be caused by an older version of boost (before 1.37) - see http://bugs.xmms2.xmms.se/view.php?id=2215 ("It is an issue with old versions of boost and gcc4.4 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36453 It is fixed in boost 1.37")
I did a yum info command on both systems for every relevant package I could think of, including gcc(v4.4.4), gcc-c++(4.4.4), libgcc(4.4.4), libstdc++(4.4.4), boost(1.41.0), wxGTK(2.8.11), wxBase(2.8.11). Both systems are fully updated and have the same versions, with the only difference being 32 vs 64 bit. The same headers compile with no errors on the x64 system, but not x32. I have been able to find no other reason for this error than older versions of the preprocessor, yet that is apparently not the case here).
View 1 Replies
View Related
Nov 10, 2010
I have a very bad attempt at hashing the components of an tcp session to assign/locate the session in a hash table bucket. I am pretty sure that it has a very high collision rate and when there are a very large number of tcp sessions my application is having to search a long linked list to find the session within the bucket.
All the hashing functions I have found take a single string input where I need to input several integers and hash them into a single result. My guess is that any real hashing function is going to produce better results than what I am currently doing.
[Code]...
View 2 Replies
View Related
Feb 15, 2011
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
View 3 Replies
View Related
May 6, 2010
Can you show me how to block a domain from local access through URL Filter?ay be an example is a very good start.
View 10 Replies
View Related
Apr 9, 2010
I'd like to set up an iptables configuration as follows:- Allow all traffic by default- For one user account (anonymous), block all traffic except:- All traffic on lo- All DNS requests, which should be redirected to 127.0.0.1Here's what I tried:
# Redirect
iptables -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
[code]....
View 3 Replies
View Related
May 30, 2010
I have a linux box running between my router and my LAN. My connection speed is 10MB download and 1MB upload. The issue is that whenever someone starts to upload something, it is like my connection is down. No one else can open websites, read emails etc.Is it possible to place a limit for upload, maybe 50kb/s? This way, people won't use the entire upload speed available.
View 1 Replies
View Related
