we have an external 2Mbit dsl connection and running on it are several gre vpn tunnels so far i''ve given priority to the vpn traffic (using htb) can i now put rules in for the tunnels to control traffic within each tunnel (that''s where our video conferencing etc runs)? or can i only control the real interface (eth1 in our setup)? if not can i somehow see the packets inside the vpn packets and then control them? thanks rick _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi Rick,> can i now put rules in for the tunnels to control traffic within each > tunnel (that''s where our video conferencing etc runs)?What type of VPNs are you using? IPSec ? You can put htb rules on ipsecX interfaces and they will work. the pppX interfaces for pptp and l2tp VPNs should work just as well.> control the real interface (eth1 in our setup)? if not can i somehow see > the packets inside the vpn packets and then control them?With some clever kernel hackery, you probably could do this, I don''t think it would be any fun at all though. regards, -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
linux-linux using ip tunnels - modprobe ip_gre eg ip tunnel add china mode gre remote xxx.xxx.xxx.xxx local \ xxx.xxx.xxx.xxx ttl 255 ip link set china up ip addr add 192.168.1.11 dev china ip route add 192.168.5.0/24 dev china ps - any hackers - don''t bother - the firewalls will only accept connections from specific ip addresses On Mon, 2004-01-05 at 16:24, Damion de Soto wrote:> Hi Rick, > > can i now put rules in for the tunnels to control traffic within each > > tunnel (that''s where our video conferencing etc runs)? > What type of VPNs are you using? IPSec ? > You can put htb rules on ipsecX interfaces and they will work. > the pppX interfaces for pptp and l2tp VPNs should work just as well. > > > control the real interface (eth1 in our setup)? if not can i somehow see > > the packets inside the vpn packets and then control them? > With some clever kernel hackery, you probably could do this, I don''t think it would > be any fun at all though. > > regards,_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Rick Marshall wrote:> linux-linux using ip tunnels - modprobe ip_gre > > ip tunnel add china mode gre remote xxx.xxx.xxx.xxx local \ > xxx.xxx.xxx.xxx ttl 255 > ip link set china up > ip addr add 192.168.1.11 dev china > ip route add 192.168.5.0/24 dev chinaHrrm, not 100% sure on GRE tunnels, but I can''t see why they wouldn''t. You should be able to just create all your tc rules on the ''china'' device. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@snapgear.com SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org --- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/