If you put your friends in NAT (Private IP), no problem .. They have webserver, all you have to do is forward packets going to port 80 to private ip:80 Further more read iptables-howto Regards, Rio Martin. Original Message: ----------------- From: Joe ox_in@gmx.net Date: Wed, 25 Jun 2003 17:51:51 +0530 To: lartc@mailman.ds9a.nl Subject: [LARTC] Linux router and Bandwidth control Hello All, I have 1.5Mbits Backbone connection with 16 public ip address. I like to provide share my connection with someother my friends how will have public ip addess. So i wanted to configre linux router with bandwidth controll for my friends connection. Actully i tried with single interface in linux and CBQ but it does not controll. I should do not use NAT as my friends are running web servers. Is it possible to configure in linux.or some links to configure this Advance thanks Joe _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello Martin, Currently i am using this configuration. In future they may run mail server then i have to go for new configuration where i have to give them the public ip address. Thanks Sathyan If you put your friends in NAT (Private IP), no problem .. They have webserver, all you have to do is forward packets going to port 80 to private ip:80 Further more read iptables-howto Regards, Rio Martin. Original Message: ----------------- From: Joe ox_in@gmx.net Date: Wed, 25 Jun 2003 17:51:51 +0530 To: lartc@mailman.ds9a.nl Subject: [LARTC] Linux router and Bandwidth control Hello All, I have 1.5Mbits Backbone connection with 16 public ip address. I like to provide share my connection with someother my friends how will have public ip addess. So i wanted to configre linux router with bandwidth controll for my friends connection. Actully i tried with single interface in linux and CBQ but it does not controll. I should do not use NAT as my friends are running web servers. Is it possible to configure in linux.or some links to configure this Advance thanks Joe _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> Hi Joe, > > I see no real reason giving the servers real IP addresses, you''re better > keeping the NAT and forward the ports to the private address. > If you have more than one mail server, you can map diffrent public IP > address > to a diffrent private address. this will also keep your servers safe... >Agreed this is of course the best way to secure lots of servers. And if you like the look of "wrr" as a qdisc, (and it does seem to have some very advanced features - such as the ability to "spot" large downloads and automatically decrease the available bandwidth for that connection for the duration of the download - although I could be wrong in my understanding of this) , then you can still use this qdisc with a NATing router, so have a look at their site anyway. The suggestion of a bridge was intended as a simple "no fuss" solution which can easily be bypassed in times of need - such as component failure - by simply taking the cable out of the bridge and plopping it straight back in the router. I was of course assuming that your "friends" would take care of their own security, thus removing the burden of you even telling them about the traffic shaping as well as preventing you from having to manage all their port forwarding requirements. I''m sure the whole business of traffic shaping is far too complicated for any one answer to be correct even one percent of the time so I accept that this answer may be useless for you. Good luck! Leigh> Cheers, > > Shay Bosse > System Administrator > PointMatch Ltd. http://www.pointmatch.com > > > ----- Original Message ----- > From: "Joe" <ox_in@gmx.net> > To: <rio@martin.mu>; <lartc@mailman.ds9a.nl> > Sent: Wednesday, June 25, 2003 5:10 PM > Subject: Re: [LARTC] Linux router and Bandwidth control > > >> Hello Martin, >> >> Currently i am using this configuration. >> >> In future they may run mail server then i have to go for new configuration >> where i have to give them the public ip address. >> >> Thanks >> Sathyan >> >> If you put your friends in NAT (Private IP), no problem .. >> They have webserver, all you have to do is forward packets going to port > 80 >> to private ip:80 >> Further more read iptables-howto >> >> Regards, >> Rio Martin. >> >> >> >> Original Message: >> ----------------- >> From: Joe ox_in@gmx.net >> Date: Wed, 25 Jun 2003 17:51:51 +0530 >> To: lartc@mailman.ds9a.nl >> Subject: [LARTC] Linux router and Bandwidth control >> >> >> Hello All, >> >> I have 1.5Mbits Backbone connection with 16 public ip address. >> >> I like to provide share my connection with someother my friends how will >> have public ip addess. >> >> So i wanted to configre linux router with bandwidth controll for my > friends >> connection. >> >> Actully i tried with single interface in linux and CBQ but it does not >> controll. >> >> I should do not use NAT as my friends are running web servers. >> >> Is it possible to configure in linux.or some links to configure this >> >> Advance thanks >> Joe >> >> >> _______________________________________________ >> LARTC mailing list / LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >> >> -------------------------------------------------------------------- >> mail2web - Check your email from the web at >> http://mail2web.com/ . >> >> >> _______________________________________________ >> LARTC mailing list / LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >> >> >> >> _______________________________________________ >> LARTC mailing list / LARTC@mailman.ds9a.nl >> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >> >> > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Joe, I see no real reason giving the servers real IP addresses, you''re better keeping the NAT and forward the ports to the private address. If you have more than one mail server, you can map diffrent public IP address to a diffrent private address. this will also keep your servers safe... Cheers, Shay Bosse System Administrator PointMatch Ltd. http://www.pointmatch.com ----- Original Message ----- From: "Joe" <ox_in@gmx.net> To: <rio@martin.mu>; <lartc@mailman.ds9a.nl> Sent: Wednesday, June 25, 2003 5:10 PM Subject: Re: [LARTC] Linux router and Bandwidth control> Hello Martin, > > Currently i am using this configuration. > > In future they may run mail server then i have to go for new configuration > where i have to give them the public ip address. > > Thanks > Sathyan > > If you put your friends in NAT (Private IP), no problem .. > They have webserver, all you have to do is forward packets going to port80> to private ip:80 > Further more read iptables-howto > > Regards, > Rio Martin. > > > > Original Message: > ----------------- > From: Joe ox_in@gmx.net > Date: Wed, 25 Jun 2003 17:51:51 +0530 > To: lartc@mailman.ds9a.nl > Subject: [LARTC] Linux router and Bandwidth control > > > Hello All, > > I have 1.5Mbits Backbone connection with 16 public ip address. > > I like to provide share my connection with someother my friends how will > have public ip addess. > > So i wanted to configre linux router with bandwidth controll for myfriends> connection. > > Actully i tried with single interface in linux and CBQ but it does not > controll. > > I should do not use NAT as my friends are running web servers. > > Is it possible to configure in linux.or some links to configure this > > Advance thanks > Joe > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > -------------------------------------------------------------------- > mail2web - Check your email from the web at > http://mail2web.com/ . > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi all, About servers in private network, could you all mention good points why servers should be put in private network. I must write down some reports about these, because during this week, i have new jobs maintaining new organisation that still put their servers in public ip range. I ve just moved several servers like mailserver,dns,web to private network. And soon all servers will be moved to the private network. Thanks. Regards, Rio Martin. Original Message: ----------------- From: Leigh Waldie lartc@thisisnota.co.uk Date: Wed, 25 Jun 2003 16:42:26 +0100 (BST) To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Linux router and Bandwidth control> Hi Joe, > > I see no real reason giving the servers real IP addresses, you''re better > keeping the NAT and forward the ports to the private address. > If you have more than one mail server, you can map diffrent public IP > address > to a diffrent private address. this will also keep your servers safe... >Agreed this is of course the best way to secure lots of servers. And if you like the look of "wrr" as a qdisc, (and it does seem to have some very advanced features - such as the ability to "spot" large downloads and automatically decrease the available bandwidth for that connection for the duration of the download - although I could be wrong in my understanding of this) , then you can still use this qdisc with a NATing router, so have a look at their site anyway. The suggestion of a bridge was intended as a simple "no fuss" solution which can easily be bypassed in times of need - such as component failure - by simply taking the cable out of the bridge and plopping it straight back in the router. I was of course assuming that your "friends" would take care of their own security, thus removing the burden of you even telling them about the traffic shaping as well as preventing you from having to manage all their port forwarding requirements. I''m sure the whole business of traffic shaping is far too complicated for any one answer to be correct even one percent of the time so I accept that this answer may be useless for you. Good luck! Leigh -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/