Networking :: (Debian) IP Traffic Shaping Based On IP/subnets?
Dec 27, 2010
We have a need to shape outgoing traffic EXCEPT to certain IP/subnets (sounds opposite to the title, but not really :P), using iptables if possible. We've had decent luck doing it with various things, but one of the big problems is the decrease in download speed (which DOES NOT need to be shaped at all) due to upload shaping. ie, we want the shaping not to apply to TCP/UDP overhead. Semi related but probably not important is the ability to shape virtualised systems as well (ie the guests), but as the guest traffic goes through the host any traffic shaping done on/to the host should affect the guests as well.
View 1 Replies
ADVERTISEMENT
Sep 24, 2010
I want to explicitly commit bandwidth to only 3 VOIP connections, where a connection is defined as a source IP address, destination IP address, and a traffic class. I would like the traffic controller to put the first 3 VOIP connections into 3 different queues that would have equal priorities that are higher than Best Effort. If a 4th VOIP connection were to start, its packets would be put into the Best Effort queue. When one of the VOIP connections ends, I would like the incoming packets of a VOIP connection that is in the Best Effort queue (assuming there is one) to now start going into the free VOIP queue. Is it possible to do this? Can traffic control keep track of connections being created and deleted like that? If so, how is it done? I would like to avoid having to be constantly updating my filters whenever a connection starts/ends. In actuality, I would want to do this for several different classes.
View 2 Replies
View Related
Sep 19, 2010
I have a question regarding Traffic Shaping in Linux, Suppose I have a server on the internet (web, email or ftp) and I want to shape outgoing traffic per IP, say 256k for each destination IP. I've seen examples on the internet on how to shape traffic per IP by adding a queue for each IP, and some examples by using u32 hash if I have e.g. a /24 network, but if I have a server and I want to shape the traffic by destination IP, and of course... since it is a server on the internet I can't manually define any IPs of subnets. An example using the tc command?
View 2 Replies
View Related
Apr 12, 2009
I am running Fedora 9 and KDE 4.2.1. I want to set up some traffic shaping on my machine to prevent my torrent client from hogging my entire bandwidth. I.e., I want KTorrent to download and upload to the best of its ability, but still be able to browse the net freely in spite of the torrents. I have done some reading about traffic shaping in Linux. There is lots of material about it, but most of it (such as the lartc.org "howto") is very complex and comprehensive and looks extremely intimidating. Furthermore, most of it addresses situations where you want to distribute traffic between multiple computers in a network. I just want to manage processes on a single machine. I am hoping for a piece of software that lets me assign each a "priority" to each application, or something like that. Like cFosSpeed for Windows.
View 6 Replies
View Related
Jan 6, 2010
I maintain a network in a hostel for university students. As we often have a relatively slow connection I tried to find a solution. A friend of mine used traffic shaping / QoS here before I got the job. But we seem to have not made the best rules for the shaping as the connection was way faster without the shaper than with. As he himself installed the system alone I have nearly no knowledge how to put up another, better system.
About the hostel:
- 90 people in this house
- 10 mbit SDSL dedicated line, full flatrate
- very mixed type of internet traffic (P2P, HTTP, EMails, Rapidshare, Torrents, Skype, ...)
I would like to install a linux router with traffic shaping, QoS and maybe even SQUID. Googling for the words brought so much older stuff, but nothing newer.
View 2 Replies
View Related
Jan 17, 2010
I've been searching the last days for a tool to limit the bandwidth per application. I found the perfect tool for it: trickle, but it doesn't work (I tested it with firefox and chrome but they didn't obey the limit and I think the problem is that they don't use dynamically linked libs and trickle doesn't work for statically linked apps). I found some other tools but they don't limit per application (only per user or network interface).Does someone knows any other tools like trickle (easy too use and able to limit bandwidth per application) but for all applications?
View 2 Replies
View Related
May 24, 2009
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies
View Related
May 7, 2011
My linux machine is connected to the outside internet, and I have a minecraft server running on an internal machine (192.168.1.201). Right now, I am forwarding port 80 on the linux machine to 192.168.1.30, which is working.
iptables -t nat -I PREROUTING -i eth0 -d 192.168.1.30 -j DNAT --to-destination 192.168.1.201
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to 192.168.1.201
______________________________
I want to filter out the GET/POST requests and forward them to port 8080. I can't seem to get that working.
I've tried this:
iptables -A INPUT -d 192.168.1.30 -p tcp --dport 80 -m string --algo bm --string 'GET' -j REDIRECT --to-ports 8080
View 1 Replies
View Related
Oct 18, 2010
We are using squid deplay pools successfully in our lan and it is working very fine but now i want each computer bandwidth to be shaped for each port means that whenever the user make ftp connection with ftp software or whenever the user access outlook express for email each port like smtp,ftp,remote desktop connection will be shaped or otherwords each pc will get fixed bandwidth.
Our Broaband having 1Mbps connection and we have 16 user who access the internet so i want the 1Mbps will distribute in each user. Our Six Users of internet is our directors and managers of the company so i want to give them max speed and 10 users will get low speed.
Six Special users Ip address: 192.168.1.3 to 192.168.1.9. Other Regular users Ip Address: 192.168.1.10 to 192.168.1.20.
View 2 Replies
View Related
Dec 11, 2010
I have installed conky from soft manager after knowing its power today. I'm using 10.10. I want to design a conky script which monitor the network traffic ie total upload + download on monthly basis as I'm on limited internet plan which is too common here. I have free usage from 2am to 8am in the morning and want to exclude this traffic. So I'm in search of a custom script which can accomplish this.
View 1 Replies
View Related
Apr 22, 2011
I have an Ubuntu server box with multiple NICs. I'd like to specify that all traffic bound for a certain IP range goes through one NIC, and everything else goes through the other. Does anyone know how to do that? I'm not a total newbie, but I'm also not a linux guru (but usually can google my way to a solution...usually).
ETA: Source and destination IP for routing.We have 1 NIC with a public IP, all public IP's should talk to it.Another NIC with a private IP, all private traffic should talk to this.In practice, I have some devices on a different subnet of the public IP range we have that will only talk to the private IP.
View 2 Replies
View Related
Jan 20, 2010
I'm trying to shape bandwidth using HTB method and filtering classes with destination mac address. for this I've found two codes but none of them seem to filter bandwidth as i want (test with iperf) can some one explain me the problem with theses codes
Code:
tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit
tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8
code2:
[Code]...
View 1 Replies
View Related
Nov 27, 2010
I want to implement bandwidth shaping policy in a virtual environment. So i have 2mbps link, which i want to distribute it among Email,http(s),ssh,... and some other traffic. I want to do this in a virtual environment, for testing purpose. I want to run this script on a virtualbox virtual machine, which has ubuntu installed on it. and then use that as the router.
(a) is there any software that could simulate email,http,... traffic so that i could test it?
(b) my second question is (though not related to networking) how do i set a (virtual) machine as a router? or is it even possible?
View 1 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
Apr 24, 2010
I have a fairly clean install of Debian 5.04 on a G5 tower and am having some local network sharing problems. The machine linuxG5 has an address of 192.168.1.4 and when I am logged into that machine I get the following output
silver@linuxG5:~$ nmap localhost
Starting Nmap 4.62 ( http://nmap.org ) at 2010-04-24 10:19 EDT
Interesting ports on localhost (127.0.0.1):
Not shown: 1706 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
[Code]...
View 2 Replies
View Related
Sep 5, 2015
I am running Raspbian, on my Raspberry Pi I have plugged in a Ethernet cable : eth0 and a Wifi Usb Dongle : wlan0
I have my etc/network/interfaces file configured like so
Code: Select allauto lo
iface lo inet loopback
iface eth0 inet dhcp
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
[Code] .....
When trying to connect with SSH to address 192.168.1.100, I get a connection, when trying with address 192.168.2.200, SSH returns Network Error: Connection timed out.
Also receive no response when trying to ping 192.168.2.200 from a windows machine
If however Iadjust the wlan0 block in etc/network/interfaces to the following
Code: Select alliface wlan0 inet static
address 192.168.1.200
netmask 255.255.255.0
I am able to connect to wlan0 in SSH to address 192.168.1.200, and I also receive requests when ping 192.168.1.200 from a windows machine. How can I use a different subnet for my wlan0 iface...
View 0 Replies
View Related
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Jul 7, 2010
I have a firewall between two different subnets. The reason for the second subnet within the internal network is because I have a mail server that I want to protect. However, we need to make sure that the mail server can communicate with the internal network as well.
Mail server is 192.168.100.100
Firewall is 192.168.100.1 and 10.110.101.5 (and its gateway is 10.110.101.1 to the router)
I go to another workstation and ping the mail server. I can't. It times out. I do the same from the mail server. It times out as well.
View 1 Replies
View Related
Nov 27, 2010
I have a 2-floor house, with a single ethernet cable from the ground floor to the 1st. Downstair there is my ADSL modem, which is connected to the router upstair through this one cable. Now, I would like to have some more ethernet ports on the ground floor, but there's no room left to run another cable between the floors, so here's the big question: can I run both the modem-router connection and my regular LAN (which are on different subnets) through that one cable, with a switch at both ends?
To make it a little more clear, here is my present configuration
Code:
DOWNSTAIR UPSTAIR
ADSL Modem ------- Router --- Clients
Here is what i would like to do:
Code:
DOWNSTAIR UPSTAIR
ADSL Modem ---- Switch ------ Switch ----(WAN Port) Router --- Clients
Clients ---- ----(LAN Port)
Would it work?
View 6 Replies
View Related
Jun 26, 2010
I have two subnets which I am interested in connecting.
Some basic network details:
Subnet A:
Subnet B:
I am trying to think of any further relevant details, but that seems to be it to me. If I forgot anything, please tell me.
Ok the question. WHAT do I type? (Explicitly!) And WHERE do I type it? In order to reach ubuntu-01.tec.lan, or ubuntu-02.tec.lan from perpetrator.tec.lan or rapine.tec.lan?
I'm interested in using actuall ROUTES. I can already achieve results similair to this with either a NAT firewall, or with VPN.. but that's not what I am interested in.
From what I have found out so far, I should need something like the following:
On Gateway 1B:
Code:
And on Gateway 1A:
Code:
View 5 Replies
View Related
Jun 7, 2010
I notice that on DistroWatch, the descriptions include "debian based", "arch based", etc. For the newbie, is there any practical difference between the different bases, or is it a Coke vs Pepsi type question?
Is a distro based on Debian say, easier for a newbie to learn or work with than say one that is FreeBSD based?
View 9 Replies
View Related
Feb 16, 2011
I have a network routing problem that I need to fix using a PC with ubuntu installed.
Here are the details of my problem:
- I have two networks.
- The first network is an ADSL router with subnet 192.168.1.x. I do not have access to the router nor change any of its configuration.
- The second network has a subnet 172.26.x.x and connect via a wireless access point. Some of the devices connected to the network require to have static IPs.
- I have a PC with ubuntu installed and two ethernet cards: one connected to the first network and the other connected to the access point.
- I need to share the internet connection between the two networks using ubuntu. I already tried before on windows and the sharing worked when both networks were configured to use the same subnet. Once I changed the subnet of the second network, internet sharing stopped working.
View 1 Replies
View Related
Sep 3, 2010
Im having a issue with routing internet traffic from my router two different subnets (vlans).
Theres my setup:-
Server:
Both eth0,1 are running dhcp (two scoopes) that works fine!
The output of route -n is:
I have ip_forwarding on aswell, but i can ping the ip on the server running that dhcp scoope ie ping 192.168.4.1 works great but i just cant get the internet on the clients.
View 8 Replies
View Related
Jan 15, 2011
Bear with me cos i'm just learning this stuff.
I've set up a couple of virtual networks with vmware workstation and experienced the same problem each time. I'll explain the one i'm working on now.
Machines -
Host - Slackware 13.1, VMware workstation 7.x.
VM1 - Vyatta (router).
VM2 - WinXP (client).
[Code]....
BUT I can't ping the XP client from the virtual router, and from the host I can't ping the virtual router.
Why is this?? I assume i've done something wrong but I don't know what.
View 3 Replies
View Related
Mar 3, 2011
i have two subnets with different gateways.i am thinking of connecting them via a linux server which would enable them to communicate.but i dont know how to proceed for getting this done.how should the connection be made and what should be the configuration settings on the linux server.
View 2 Replies
View Related
Mar 17, 2010
I'm trying to build a linux(fedora 12) dhcpd server(and gateway), that have 3 network cards(eth0 have with public ip, eth1 192.168.2.1 class and eth3 with 192.168.3.1 class).
Because I have just a switch, I want to put both cables(from eth1, eth2) in the switch. Every client has 2 network card(eth0, eth1). My question is, is there any way to conf eth0 to take from server ip from 192.168.2.1 class, and eth1 from 192.168.3.1? The internet will work only on eth0.
my dhcpd.conf for now looks like this:
subnet 192.168.2.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option routers 192.168.2.1;
[Code]....
View 1 Replies
View Related
Oct 28, 2010
I have some CISCO,Linux related problem with 2 Class C subnets:
192.168.64.0 -> PC5
192.168.65.0 -> PC6
Here's a picture of my situation: [URL]
HQ has to have 2 STATIC routes in order those 2 "PCs" mentioned above to have end to end connectivity with NETWORK A and NETWORK B. Now I try with
route0 -> network: 0.0.0.0, mask: 0.0.0.0, nexthop: Serial 0/0/0
route1 -> network: 0.0.0.0, mask: 0.0.0.0, nexthop: Serial 0/0/1
And it seems to work but I don't think it's proper! I feel it's kinda wrong ... but all my other attempts to set another couple of static routes ends in "Request timed out" and thus connection lost.
View 1 Replies
View Related
Nov 2, 2010
I have a Ubuntu server with multiple NICs and I'm just thinking about a potential scenario that might come up soon.
Imagine I have a network on floor 1 with an independent cable connection to my Ubuntu server -> switch -> assorted devices, on the subnet 192.168.0.x Now imagine friends upstairs have another independent network with cable -> router -> assorted devices, on subnet 192.168.1.x.
How can I set up my server to provide access for the 1.x subnet to the 0.x and vice versa. Ideally the devices all access internet from their appropriate subnet. I've read something about bridging, is this what I need?
View 1 Replies
View Related
Apr 23, 2010
I have one main subnet 192.168.50.0/24 with a defaultrouter 192.168.50.1 connected to the internet. I have an NFS server on that network. Everything is working as desired and machines are able to see each other and access the internet.
Now, I would like to add two more interfaces to the NFS server (running Slackware Linux), each on its own different subnet, say 192.168.51.0/24 and 192.168.52.0/24. The clients on those new subnets should also be able to access the internet (through the router 192.168.50.1). how to setup routing? Do I need any additional hardware router in between, or just a software configuration on the NFS server?
On a side note I have VLAN capable switches (couple of ProCurve 1800-24G) and would like to separate the three subnets using VLANs instead of using three separate switches.
View 1 Replies
View Related
