Networking :: Shape Bandwidth Using HTB Method And Filtering Classes With Destination Mac Address?
Jan 21, 2010
I'm trying to shape bandwidth using HTB method and filtering classes with destination mac address. for this I've found two codes but none of them seem to filter bandwidth as i want (test with iperf)
code 1 Code: tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit
tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF
code....
I created a the class like this for shaping the packets with a specified bandwidth rate.....
tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 15 tc class add dev eth0 parent 1:0 classid 1:1 htb rate 750kbit ceil 750kbit tc class add dev eth0 parent 1:1 classid 1:3 htb rate 600kbit ceil 750kbit prio 0
For Our Requirement:-
I dont want to specify the bandwidth rate strictly like this rate750kbit ceil 750kbit,based on whatever speed is coming which should allocate the bandwidth rate for particular class...I need one application for finding the upcoming bandwidth & Is any other method is there for specify the bandwidth rate in a classes.
I pay for wifi usage. The access points are using mac address filtering. I know this because I can spoof the mac of another computer of mine and get it online. I'd like to get both the computer's online. I've been trying to do ip masquerading. It hasn't been working so far. I am not sure if the computer connected to mine through a cross over cable is revealing its mac address to the access points when communicating. If so, how does one get around this? ping shows connectivity between the two computers.
I'm trying to shape bandwidth using HTB method and filtering classes with destination mac address. for this I've found two codes but none of them seem to filter bandwidth as i want (test with iperf) can some one explain me the problem with theses codes
Code: tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8 code2:
I have one server that has Asterisk running.On front of that, I use DD-WRT router as gateway. As I have checked the log files, I saw that there is a specific IP Address that is continuously accessing the application and trying to authenticate to SIP with a series of extensions. This is like DoS attack for SIP. What I did was to block/drop the IP in DD-WRT using the iptables. I can see from the /proc/net/ip_conntrack that it is being "UNREPLIED". But my concern is that does it still uses a lot of bandwidth even though it is already being blocked?
i configured Squid3 server in my Ubuntu 10.04.Now the ip based and content based blocking is working fine.Now i want to configured bandwidth allocation of ip address and group ip address..pls give the solution
We have a sipmle office network set up that we also use use to connect to the internet, however of late the number of users has increased thus slowing internet access. Bandwidth upgrade is not an option thus i have to do bandwidth shaping on our linux router. The question is how do set the squid configs to allow certain IP's range a certain percentage bandwidtheg 60% and furthe divide the rest. Alternatively how can allow certain IPs to have higher bandwidth access.
I have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
I am trying to block unappropriated sites on my ubuntu 11.04 with openDNS I installed it and in addithion to the catagoriegs I checked I also added some sites to the always block list, everything according to the site should work. But the problem is that nothing is blocked (also the sites in the always block list). I cleared the browsers cache but it didn't help when i try to clear the local cache with the provided command in their site I think it says it ignored my network.
About firefox,I want to block images only on facebook automatically so I added [URL] to the always block list in the images category and it should work but it just won't block the images. I should note that I use the same method on chrome and there it work like a charm. how to get that working on firefox?
I am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
I work at a cybercafe and i am currently plagued by users who, despite the warning not to, continue to watch porn and use p2p software on my connection. I have done some preliminary research on how to filter the web content as well as to reduce the bandwidth used by p2p software on my network. I found that a solution that has worked for many with regard to web content control is danguardian + squid or privoxy in conjunction with a firewall like firehol or something of the sort. Others use an os like untangle or clear os and install it on a stand alone server. then others use open dns. although i would like the open dns solution, i will need to install a dns client, ddclient and i am a linux newbie so and ddclient requires some compiling or so, and i'm not yet into that. I am also currently not in the mood to dabble into untangle or clear os bcos it will cost me a lot do download the iso's. Internet access is costly over here.
Before i go ahead to implement the steps in any of the tutorials i have seen, i am wondering if such a measure will even help at all.You see, at my cafe, i use my server to share the connection to all my clients. I connect to the internet using a gsm modem. then i have two nic's. nic1 is set to share my connection and my router connects to that nic1. nic2 connects to my router using a static ip to enable communicate with my clients. If i implement something like dansguardian on my server, will it solve the problem for me, that is, do i have to also re-implement the steps i took to configure dansguardian on all the other pc's, that is, my clients?
My network is: ISP --> SonicWALL--> Proxy --> LAN Currently Sonicwall is running VPN, DHCP, port forwarding etc.. in a range of 10.0.0.0/24 and I have tried to configure Squid Proxy for content filtering (using squid 3 Transparent mode on Fedora 10 and Iptables). Now I need to implement the proxy over my network without changing the SonicWALL current settings (VPN, Port forwarding and DHCP).
is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
Using iptables is there a way to switch the destination IP to become the new source IP and forward that connection.iptables store the src and dst IP in a variable for a particular connection?
I am playing around with transparent proxies, The current way I am doing things is the program makes a request to a computer on port 80, I use
Code: iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that I am playing with. the proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy) so I want to do something like
Code: iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80 The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip? Or am I doing this setup completely wrong,
I am doing a university course and am struggling to find a method of sending 1 message down route A and then the next message to the same destination via route B, alternating between the two with each new message sent.I am going to use a Linux computer with two Ethernet cards connected to two different networks via a routers and then to the destination host via a switch.
On my system, I have built my own tunneling protocol, where I relay packets over a non-standardized but verified medium. What I do is capture the packets using iptables and NFQUEUE, relay them over my medium, and at the other end I reinject them using raw sockets. The packet going into the tunnel is exactly the same as the one coming out, verified. The problem is that this doesn't work for ICMP Ping (Echo Request) if the destination of the ping is the same as the tunnel endpoint. If the destination is not the same as the tunnel endpoint, the ping packet is rerouted and arrives as it should at the receiver, and the ping reply comes back to the sender. Does anyone know whats going on? Isn't it possible to send raw icmp to yourself? If not, anyone have an idea what I should do instead?
I have 5 1955 blades in an enclosure for an custom application cluster.All were running Centos 4.4 no problem.We wanted to start upgrading them cleanly to 5.5 so two of them got fresh installs of 5.5.The installs went well enough, no glaring errors.However they can only ping each other! The network settings are fine, no firewall or selinux. I'd run the info script but I can neither download it to them nor paste it in via kvm.Standard static entries, virtually identical to their 4.4 brethren. They ping each other so network drivers are fine, no built in switch configuration changes. It has to be some kind of network configuration issue that i'm just not seeing.
Edit* When i try and ping anything else, including the other blades, I get Destination Host Unreachable.
I've been interested in Synfig for a while. In the last version of Ubuntu, there were some problems so I couldn't install it. Yesterday I remembered the program and decided to try it on 9.10. I was amazed, it installed fine and everything worked just how it should. Then later last night, I must have done something because everything turned invisible and when I created a new layer or shape, nothing new appeared.
I fiddled with it for a while and then reinstalled the program a total of like 3 times just in case that would help. Then, I went straight to the Synfig site and downloaded the newest version. It looked better, different, but it behaved exactly the same. I'm very confused and I would like to use Synfig, it seems amazing. I assume there's some little thing I missed or something I pressed that I shouldn't have. Here are screen shots of both versions.
I have two partition in my netbook (plus swap): /dev/sda4 with Ubuntu 10.4 /dev/sda5 with Centos 5.5 I use Ubuntu obviously. Centos is there because I need to run some test on that distro. The problem is Centos uses Grub and Ubuntu uses Grub2.
This is /boot/grub/menu.lst from Centos: Code: default=0 timeout=5 splashimage=(hd0,4)/boot/grub/splash.xpm.gz title CentOS (2.6.18-194.17.4.el5xen) root (hd0,4) kernel /boot/xen.gz-2.6.18-194.17.4.el5 module /boot/vmlinuz-2.6.18-194.17.4.el5xen ro root=LABEL=/1 rhgb quiet module /boot/initrd-2.6.18-194.17.4.el5xen.img .....
This was generated running update-grub2 and grub-install under Ubuntu. It's not working. It gives me something like bad magic number. How can I convert the grub1 entry in a grub2 shape?
I have a problem with the Fedora 12 Network Manager - OpenVPN configuration. If I use the same configuration and manually start openvpn (as client) I get connected to the OpenVPN server and I can ping the network that I am accessing. With Network Manager - I get connected but when I try to ping is giving me "Destination host unreachable". The routing table looks similar except that when connecting with network manager is giving me on more route in table
Destination Gateway Genmask Flags Metric Ref Use Iface xxx.xxx.xxx.xxx 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0 192.168.0.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
Where xxx.xxx.xxx.xxx is the IP of the OpenVPN server. When connecting "manually" I this routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 2 0 0 wlan0 192.168.171.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
What I do wrong in Network Manager? If I try to delete the route with xxx.xxx.xxx.xxx is disconnecting the vpn connection.
I am an 'experienced perpetual newbie' using Ubuntu 9.04. I know a little about quite a few things but nothing past intermediate knowledge so:I am trying to set up a simple LAN between 'rhino' (192.168.1.102) and 'polly-laptop' (192.168.1.101). My router address is 192.168.1.1
From polly-laptop: sudo mount rhino:/home /media/rhinohome polly-laptop can access rhino:/home fine.
i don't understand what I am doing wrong. I started a CentOS Vm through Vmware server 1.05 When I run the machine I preform Dhclient and my machine gets an IP internet works fine.
When I change my IP to static everything stops working I cant ping anything anymore I cant ping my server I cant ping my gateway I cant ping google My config is done through Webmin but I know it can also be done through /etc/sysconfig/network-scripts/ifcfg-eth0 My hosts file has this
127.0.0.1 localhost srvspam my /etc/sysconfig/network-scripts/ifcfg-eth0 file has this BOOTPROTO=none NAME="" MACADDR="" HWADDR=00:0C:29:59:91:DE
Currently my OS is Ubuntu 9.04 Jaunty Jackalope Desktop OS and my web server is Apache2. I have a public address 60.x.y.z and my pc local address is 10.x.y.z. I have a web app in my Apache2 which currently run in localhost(10.x.y.z).
I would like to enable the web app so that it could be browse from outside. I know there maybe some port forwarding process and some commands involved in order to do that. But I have no idea on the steps to do that.
