Networking :: Bandwidth Management With It / Ubuntu - Filter Traffics Using Tc And Iptables
Jan 1, 2011
i wanted to do bandwidth management/traffic shaping on my Internet link(have two internet connections), but i have some questions to ask: I want to know how could i for example filter some traffics using tc and iptables (e.g Peer-to-Peer,IM,Download Managers,Flash videos..) i can do filtering for known services like http,ssh,... but since these applications doesn't use one port, i am confused a little bit. I also want to do some bandwidth allocations (based on protocol) thats why i need filtering.
The other question is that currently i am using tc for bandwidth allocation and iptables for marking packets to send to these classes, am i doing it right? I mean it does work, but is it better to use for example "U32" filters for filtering? P.S: i tried to use ClearOS in gateway mode, but it doesn't have bandwidth allocation functionality. Does anyone know if i could do bandwidth allocation in ClearOS/Endian.
View 1 Replies
ADVERTISEMENT
Sep 25, 2010
I am Network Administrator in a Degree College managing around 2500 Comps. My ISP has terminated its Internet link (15 Mbps) to our Linux Server (Installed 2 NIC) from where Internet connection is extended to rest of the machines in network. I am supposed to send different bandwidth to different departments say 5 Mbps to Hostel, 2 Mbps to Staff room etc. I am new to linux and don't know anything about Bandwidth Management in linux.
View 2 Replies
View Related
Apr 9, 2010
I'd like to set up an iptables configuration as follows:- Allow all traffic by default- For one user account (anonymous), block all traffic except:- All traffic on lo- All DNS requests, which should be redirected to 127.0.0.1Here's what I tried:
# Redirect
iptables -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
[code]....
View 3 Replies
View Related
Feb 28, 2010
How to set download limit using SQUID? I want to specify the download limit for a particular list in MB. Is it possible to limit bandwith for some group of machines in network?
View 6 Replies
View Related
Feb 28, 2010
How to set download limit using SQUID? I want to specify the download limit for a particular list in MB. Is it possible to limit bandwith for some group of machines in network?
View 1 Replies
View Related
Nov 29, 2010
I am trying to do some bandwidth management testing, so I have developed a small script for doing so. When I try to run it it gives the error <error> RTNETLINK answers: invalid argument</error>. I have searched the net, and so far they say it has to do something with the kernel support.
the script:
<code>
tc qdisc add dev eth1 root handle 1: htb
tc class add dev eth1 parent 1: classid 1:1 htb rate 2mbit ceil 2mbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 600kbit ceil 2mbit prio 2
tc class add dev eth1 parent 1:1 classid 1:20 htb rate 1400kbit ceil 2mbit
tc class add dev eth1 parent 1:20 classid 20:100 htb rate 700kbit ceil 2mbit prio 0 #when running this command it gives the error
tc class add dev eth1 parent 1:20 classid 20:200 htb rate 700kbit ceil 2mbit pro 1
</code>
I am running this script on a virtual machine that has ubuntu 9.04 installed.
View 1 Replies
View Related
Mar 26, 2010
Is it possible to only view certain chains and more specifically certain chain policies with options when doing:
iptables -L
I would like for example view FORWARD ACCEPT rules instead of waiting for all of the drop rules to load when viewing a firewalled iptables.
View 3 Replies
View Related
Apr 29, 2011
On my diskless cluster, I want to open a port on the image that nodes use it.Here is what I get:
Code:
root@server:~# chroot /home/nfsroot/
root@server:/# iptables -A INPUT -p tcp -d 0/0 -s 0/0 --dport 4949 -j ACCEPT
[code]...
View 12 Replies
View Related
Mar 1, 2010
I would like to set up a logging system for rtorrent, the only way that i could think of this would be to set up bandwidth moniters in the ip tables but im not sure how to go around this.
View 1 Replies
View Related
May 14, 2010
I am trying to limit bandwidth of certain ip addresses on my server. I have been doing hours of reading and not getting very far...
So far I believe the iptables command is:
And now I just need the tc command to read those marks and limit bandwidth, I have a gigabit connection and would like to limit each of these ip addresses to 10mbit in and out.
View 1 Replies
View Related
Mar 8, 2011
for quite a while inside of our organization we've been editing /etc/sysconfig/iptables directly without much issues. However it was suggested to us that by doing so we risk losing all those rules whenever some package decides to use lokkit or "system-config-firewal*"Doing a bit of analysis I can't really find any trace of code that would prevent us from maintaining iptables just the way we were (as long as *we* don't use lokkit or system-config-firewall*) since "service iptables save" is a valid technique and uses iptables-save script which is part of iptables package and *not* part of system-config-firewall*
So we've got some evidence that may confirm our usage as valid, however it would be nice to know if indeed this is *not* a recommended way of maintaining iptables and we should reconsider how we approach it.
View 9 Replies
View Related
Mar 2, 2016
We have an Apache Subversion (http) server for hosting our codes, and, for the 3 next month, we are behind a DSL connection (max upload 100 kB/s).
When a remote co-worker try to download a new fresh copy of our projects on his computer directly over http, the transfer goes fine : with a bandwidth monitor (gnome-system-monitor or bwm-ng) we can see that the server is trying to send ~95kB/s and the connection remains usable for others task in parallel (just a bit slower, which is normal).
But : when the remote co-worker is connected through SSH to this server, and uses tunneling to communicate with Apache Subversion, the server is sending more than 200kB/s : the connection is not usable for other tasks during the transfer as with ~102kB/s actually transferred through the DSL Line, it's completely congested and more than fifty percents of the packets are lost.
I think that I understand why : TCP/IP auto-detects the max amount of successfully transmitted bytes per second, and try not send more than this maximum value.
When the Apache server is connected to the local instance of openssh-server through localhost, packets are transmitted successfully between them. Only after, openssh-server try to send it to the client (and should retry if it's not successfull) but during that time, Apache is already giving the next one... giving this saturation effect (Apache is not aware of the saturation, or at least, not enough)
View 3 Replies
View Related
Jun 17, 2011
I wanted to implement a server for a small network, but am a bit in-experienced. The server that I want to use should be able to do load-balancing (two connections) and also act as firewall/proxy. And also it should be able to do some bandwidth management. The network that its going to serve has two parts. One part of the network should be served, say during day time,and the other during night time. The one that is going to be served at night-time should not have access to internet during day-time, but should have access to, say local mirror-server. I am a bit confused what software/hardware to use. I am planing to use EndianFirewall, but since I don't have experience, don't know if it can do all that I need (?).
View 1 Replies
View Related
Jan 4, 2010
In my household a number of people use the internet. Up to a maximum of 3 wired connections and 2 wireless connections at its peak, all connection through my D-LINK G604T router. The problem is, when one person is downloading or watching ..... or whatever, the others using the internet suffer. I've spent hours configuring QoS on my router, and long story short, no matter how I configure it, it just simply does not work. QoS in no way shape or form limits connection speed (which it says it should). Anyway.
I have a spare computer under my desk, and I'd like to know if I could set this up with a (free) linux distro that limits bandwidth speed per connection. For example, of the 1500 kb/ps (about) my modem pulls, is there a way to limit that to 768 or 512 per connection? so person A can still download, person B can still watch ....., and person C can still play counterstrike with a latency under 100. This would solve many, many arguments in my house I am *fairly* good with computers, but if the distro came with documentation and a GUI that would be awesome.
* TL;DR: *
Is there a linux distro I can load on a spare computer that limits bandwidth per connection, wireless or otherwise, with good documentation?
Failing that is there firmware I can use for my modem (dlink g604t) that would do the same?
Failing that do you know of any good hitmen that would solve my family arguments, ahem, permanently?
View 6 Replies
View Related
Oct 8, 2010
I have a very simple set up.With Network Manager I can have my laptop act as a router (sharing all connections).I also have apt-cacher-ng as a debian package cacher.I would like to set up iptables to filter only the urls that are meant for a debian package cacher.
For example:I could use a "forward all" rule:
Code:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3142
Except then I would get a bunch of error pages every time I tried to do normal navigating.My question (again) is: Can iptables handle forwarding only on a specific url? If so how?Or is there another solution? (prferably without full fledged software like squid)
View 3 Replies
View Related
Jul 10, 2011
Does anyone know the iptables statement that will block inbound SMTP messages that are NOT S/MIME encrypted?
View 1 Replies
View Related
Dec 16, 2010
I'm deploying new ubuntu server which should act as a router. I've already set up the NAT for local network, and also did some shaping for different groups of users, but now I'm facing new problem.I need to make a scheduled URL filter. I know it's not a problem with cron and simple script, but maybe there is existing way to do that? And also, I need to make statistics on web-traffic. I need to have list of URLs visited by users (source ip, destination url). Is it possible with iptables? or with any other software but without using proxy servers.
View 9 Replies
View Related
Apr 30, 2010
I setup a server with vmware esxi 4. I installed opensuse 11.2 and I have successfully setup an internet gateway and I manually configured (static) my client IP. My question is, is there any software or commands that I could use to manage the bandwidth usage for each client? eg. only 5Mbps for 192.168.1.5, 10Mbps for 192.168.1.10, etc
View 3 Replies
View Related
Nov 18, 2010
I created a the class like this for shaping the packets with a specified bandwidth rate.....
tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: htb default 15
tc class add dev eth0 parent 1:0 classid 1:1 htb rate 750kbit ceil 750kbit
tc class add dev eth0 parent 1:1 classid 1:3 htb rate 600kbit ceil 750kbit prio 0
For Our Requirement:-
I dont want to specify the bandwidth rate strictly like this rate750kbit ceil 750kbit,based on whatever speed is coming which should allocate the bandwidth rate for particular class...I need one application for finding the upcoming bandwidth & Is any other method is there for specify the bandwidth rate in a classes.
View 1 Replies
View Related
Apr 26, 2011
My server has been the repeated victim of bandwidth attacks: any large file on the server is downloaded repeatedly, with the goal of pushing the server over the provider's bandwidth limit. How can I lessen the effect of these kinds of attacks with IPTables or APF? For example, can I set the server to: Is this possible? Is there a more effective way, and can a firewall even do this? My web server is Lighttpd, perhaps I can place such a rule directly in its config?
View 1 Replies
View Related
Apr 5, 2011
Can I, with only the use of IPTABLES, limit the incoming bandwith for a protocol? We have for example servers that have a FTP and HTTP server running and whenever HTTP has a lot of connections open, the other uploads/downloads get a timeout. I know I can limit the number of connections but prefer to limit on protocol level. Is this possible using IPTABLES and if so, can someone indicate how to proceed or provide a link? If it's not possible can someone point me to the right tool for the job?
View 6 Replies
View Related
May 27, 2009
We have a sipmle office network set up that we also use use to connect to the internet, however of late the number of users has increased thus slowing internet access. Bandwidth upgrade is not an option thus i have to do bandwidth shaping on our linux router. The question is how do set the squid configs to allow certain IP's range a certain percentage bandwidtheg 60% and furthe divide the rest. Alternatively how can allow certain IPs to have higher bandwidth access.
View 1 Replies
View Related
May 6, 2010
Can you show me how to block a domain from local access through URL Filter?ay be an example is a very good start.
View 10 Replies
View Related
Aug 20, 2010
ntop installed on CentOS5 system running as squid using yum. Starting ntop on command line and not as daemon and gives error for illegal filter.
Code:
Fri Aug 20 14:10:12 2010 NOTE: Interface merge enabled by default
Fri Aug 20 14:10:12 2010 Initializing gdbm databases
[code]....
View 1 Replies
View Related
Apr 12, 2010
You may have seen some other posts by me about my final year college project. Im implementing a web based network management website. Iv got a lot of the functionality working at this stage but one part is allocating bandwidth.
Iv got an eircom 3mb broadband connection and I want to be able to split this between users. At the moment I only have my desktop and laptop on the network. Im looking for advice on how i can allocate bandwidth with iptables and/or the tc tool in ubuntu.
My website is on an ubuntu virtual machine and written in php. Whatever about running the iptables and tc commands from php I still need to figure out the actual commands i need to use in the first place.
View 14 Replies
View Related
May 13, 2011
I'm using ubuntu server 10.04 with openvpn installed on it. My vpn is working fine, all the users can connect without any issue.My problem is that I'm unable to filter the VPN traffic using openvpn. I can't allow all users to be able to interact with other vpn users. I need to avoid this kind of traffic.I was trying to build an iptables firewall, but I just noticed that my openvpn traffic isn't being filtered by iptables.In FORWARD chain, no matter what rule I use openvpn would continue to allow traffic between my clients. It does appear that openvpn is skipping FORWARD chain?For example:
Code:
# iptables -L FORWARD -nv
Chain FORWARD (policy DROP 0 packets, 0 bytes)
[code]....
View 3 Replies
View Related
Jan 18, 2011
I have a problem here for which I am unable to find any relevant info on google. I have an openfiler server and another server which is running OEL(redhat5). When i give the following command iscsiadm -m discovery -t sendtargets -p 192.168.2.13it only gives me one line output which is:192.168.2.13:3260,1 iqn.2006-01.com.openfiler:tsn.03821172572cNone of the mapped LUNS gets identified neither it shows me any message that it is connecting. I have setup CHAP in openfiler to accept an incoming user plus gave access to my OEL server.Any feedback is helpful. If you need the contents of /etc/iscsi/iscsid.conf file let me know
View 1 Replies
View Related
May 3, 2010
Hey when i am downloading any thing using firefox or torrent, the downloading application eats up all the bandwidth, meaning i cannot browse the web simultaneously downloading anything , even Gwibber does not get updated...
View 4 Replies
View Related
Jul 6, 2011
Since this is my number 1 place for asking questions, I figured I would go here first. So I live in New Zealand where good internet doesn't exist yet, and I'm in a flat with 3 other people and we get 40gb a month which hasn't been lasting more than 2 weeks. It is somewhat of a mystery where all our data has gone, so I need a way to monitor usage. We use a variety of operating systems including linux, xp & windows 7 on my pc, and xbox 360. Is there any kind of integrated solution I can use to monitor everything with password protection so it can't be disabled? I have tried looking in the router, but it doesn't give me many statistics, and I think it combines lan with wan usage. At this stage I don't have the money to make a linux box to put between the router and the switch that can monitor everything, but if it comes to it, I will shell out for one.
View 3 Replies
View Related
Jan 12, 2010
What are the commands available in ubuntu to share & divide the incoming Bandwidth in Ubuntu? I am developing a Network management application for ubuntu in java. I am going to use it in server.Also I want to know about the networking commands available in Ubuntu.
View 3 Replies
View Related
