Hello everyone. I have been lurking on this list for some time now, and it all look like this would be the right place to ask for some advice. We are a few freinds haveing some adsl''s and have a network going over air, from the 3 different buildings we live in, our goal was to use some software to splitout trafick so we all could enjoy some good bandwith all the time, so my question is, can i do this with 1 outside network card, and 1 lan only? on the same cables even? Becours we have some bridges and routers that handel the air link, and we should also our self go over thoes lines, like we have router 1 - 3 on ip''s 192.168.0.251 - 254 outside network card on 192.168.0.1, internal card at 192.168.100.1, servers at 192.168.100.10 - 99, and clients at 192.168.100.100 - 254 the box that will do the routing will proberly be an old 233mhz pentium w/96 or 128mb ram, this box will only do routing, shaping and some firewalling etc. and will run of a floppy, forwarding every thing to 192.168.100.2 that will be our gateway from the local lan with proxy on etc. and that will direct our connections localy and do firewalling to and redirect mails to mailservers and webservers we have some apache some iis. the big question is how do i make trafick go from 192.168.0.1 or 192.168.100.1 to 0.0.0.0 etc. and what about our 6 different dns servers? we have 3 x 512/512 and 3 x 2 different dns servers. Hope this helps, and no you should not need to know about diagram on the network, it is very simpen, 1 router in each appardment, 1 switch, som accesspoints and some bridges, thats it. it is 3 different lans bridget to gether via. airlink so to speak. Michael Gerner Andreasen
Michael Gerner Andreasen wrote:> > the big question is how do i make trafick go from 192.168.0.1 or > 192.168.100.1 to 0.0.0.0 etc. and what about our 6 different dns > servers? we have 3 x 512/512 and 3 x 2 different dns servers.If i understand correctly, what you want, is the one PC doing the routing, firewalling and traffic shaping. It has one interface (perhaps with multiple addresses) that everyone uses as their default gateway. It then has one or more another interface/s that it directs load balanced traffic out across the links to the 3 ISPs. You should be able to do this fairly easily with an equalized default route and source based routing (for the return traffic). Then just plug in the firewall and QoS on the interfaces in between. Was that the answer you wanted? or did you want some specific examples? For the DNS problem, you may want to run something like dnsmasq (http://thekelleys.org.uk/dnsmasq/doc.html) on your router PC, and then add all the dns servers to your resolve.conf and add appropriate host routes on the correct gateways. regards -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> If i understand correctly, what you want, is the one PC doing the routing, > firewalling and traffic shaping. It has one interface (perhaps withmultiple> addresses) that everyone uses as their default gateway. > It then has one or more another interface/s that it directs load balancedtraffic out> across the links to the 3 ISPs. > > You should be able to do this fairly easily with an equalized defaultroute and> source based routing (for the return traffic). > Then just plug in the firewall and QoS on the interfaces in between. > > Was that the answer you wanted? or did you want some specific examples? > > For the DNS problem, you may want to run something like dnsmasq > (http://thekelleys.org.uk/dnsmasq/doc.html) on your router PC, and thenadd all the> dns servers to your resolve.conf and add appropriate host routes on thecorrect gateways.> > regards >Well it was close, 1 interface to talk to the 3 routers, the routers simply forwards all trafik to em to the linux box doing all the funny stuff, and another interface in the box, that sends the stuff to the proxy server dirrectly, then the proxy sends out stuff on its second interface to the same switch but just to the lan. R=Router S=Switch C=Clints A=Airlink equipment G=Gateway P=Proxy R1 <-> S1 <-> A & C R2 <-> S2 <-> A & C R3 <-> S3 <-> A & C & G & P Gateways external link to the switch. Gateways internal link to proxys external link Proxys internal link to S3 S3 <===> G <===> to P S3 <===> P <===> to G R1 connects to the switch in building 1, and that switch is connected to 4 clients and a bridge. R2 connects to the switch in building 2, and that switch is connected to 4 clients and a bridge. R3 connects to the switch in building 3, and that switch is connected to 4 clients, 4 servers and a Accesspoint that the bridge connects to. Accesstimes across network smallere than 1ms except from airlink 1-3ms and 11Mbit but it aint bad at all. hope it helps alittle. btw. Gateway proberly will have 192.168.0.1 as ip but i dont know if i should make virtuals on it or, i could live with just one, could i do balancing on routes only? instead of interfaces? as you normaly have 3 nics till 3 different isp''s and then 1 or 2 to your lan or dmz, this is almost the otherway around 3 isp''s on 1 nic, then 1 nic to a proxy server and from there to the switch and back to clients or the servers. forgot to say that it does need to work for 3+ connections >=) as we plan on adding 3 more with in a year if we ever get to solv this problem. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
This seems like it ought to be simple, but so far, no joy. I need to simulate latency in a network connection, e.g. a sattelite link, but can''t figure out how to do that. I don''t need to drop packets or otherwise limit rates, just introduce certain fixed amounts of latency. I know about NIST Net, but would rather use iptables, ip, tc, etc. Any ideas? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Have you looked into Ethloop? Information can be found on the HTB site: http://luxik.cdi.cz/~devik/qos/ethloop/ I know it is primarily used for testing qdiscs. I''m not sure if it will simulate the latency, but it may be worth looking into. Walt ----- Original Message ----- From: "Morey ixipetl" <mixipetl@comcast.net> Cc: <lartc@mailman.ds9a.nl> Sent: Thursday, September 25, 2003 11:27 AM Subject: [LARTC] Simulated latency> This seems like it ought to be simple, but so far, no joy. I need to > simulate latency in a network connection, e.g. a sattelite link, but > can''t figure out how to do that. I don''t need to drop packets or > otherwise limit rates, just introduce certain fixed amounts of latency. > I know about NIST Net, but would rather use iptables, ip, tc, etc. Any > ideas? > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > >**************************************************************************** ******************> * This message has been scanned by CityNET''s email scanner for viruses anddangerous content *> * and is believed to be clean. CityNET is proud to use MailScanner. Formore information *> * concerning MailScanner, visit http://www.mailscanner.info*>**************************************************************************** ******************>********************************************************************************************** * This message has been scanned by CityNET''s email scanner for viruses and dangerous content * * and is believed to be clean. CityNET is proud to use MailScanner. For more information * * concerning MailScanner, visit http://www.mailscanner.info * ********************************************************************************************** _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
You could use the iptables QUEUE target. It allows you to "catch" packets in a user space program (e.g. perl), do stuff with it (or nothing: sleep) and then ACCEPT the packet (or DROP). It''s a pretty crude method, but it works. ----- Original Message ----- From: "Morey ixipetl" <mixipetl@comcast.net> Cc: <lartc@mailman.ds9a.nl> Sent: Thursday, September 25, 2003 5:27 PM Subject: [LARTC] Simulated latency> This seems like it ought to be simple, but so far, no joy. I need to > simulate latency in a network connection, e.g. a sattelite link, but > can''t figure out how to do that. I don''t need to drop packets or > otherwise limit rates, just introduce certain fixed amounts of latency. > I know about NIST Net, but would rather use iptables, ip, tc, etc. Any > ideas?_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/