similar to: Classful queues

Dear all, I am trying to set up multi-user traffic control. In short, I want each user (each IP) to be hard limited to 128kbit download and 64kbit upload. On top of that, I want interactive traffic (ICMP, ACK packets, SSH, etc) to be prioritised to minimise latency. It sounds like it ought to be done with a classful qdisc but I don''t really know what I''m doing. I think I

I want to stop shaping from running on my box, without rebooting it. What''s the best way to get rid of any tc rules? I have tried "tc qdisc del dev eth0 root" which appeared to be successful but traffic through my box is still very slow. Cheers, Jonathan ------------------------ Jonathan Gazeley ResNet | Wireless & VPN Team Information Systems & Computing University

Dear all, I''m having real problems getting tc to do anything useful at all. I''m also under pressure to get this fixed before the students start arriving later this month (I work in a university). In short, I want each IP address to be hard limited to 128kbit down, 64kbit up, never to be allowed more bandwidth than this. It is also important that the latency remains

Hi all, I''m having some problems working with puppet-selinux[1] I''ve successfully deployed the module in nodes.pp and got it to set various SELinux modes, by using class { selinux: mode => ''permissive'' } or class { selinux: mode => ''enforcing'' } Now I want to load a custom SELinux policy file. According to the docs, the correct

I have setup natd, enabled logging with -l and it is working perfectly. However is there a more detailed log to see the translation tables. I need to log the ipaddress internal 172.*.*.* to the outside with what port is being used. natd just seems to log the statistics such as icmp=5 and so on. If natd does not have this function what does?

Hello I am trying to redirect all http traffic of unauthorized wifi users on a wireless hotspot to a login page. The problem I have is that I can not disable the regular address translation (I want the source address to stay the same). 10.0.0.7 is the wifi client 195.250.155.29 is the web wifi user tries to access from his browser 195.113.17.94 is my login page 10.0.0.1 is the wifi

[ -netters, please Cc me or security@ with replies. ] I'm running into trouble integrating dynamic racoon-based IPSec into a network with ipfw and natd. I need to be able to allow VPN access from any address from authenticated clients. I've got the dynamic VPN working, with racoon negotiating SAs and installing SPs, but the problem is that I can't tell whether an incoming packet on

Hi everyone, I''m new to tc but I need to use it to set up shaping on a new NAT box. In short: Each user must have their upload limited to 128kbit and downlink limited to 256kbit. Global bandwidth to be limited to 100Mbit Interactive packets to have higher priority 200+ users, so need to match packets fast So far I have managed to get the download limits working. However I need to

We are planning to provide a personal network directory for our ResNet Win95 users using one samba server and I'm wondering whether we are apt to encounter any issues of scale that might affect us in moving from 100 users to over 1000. I can see some problems keeping the Win95 computer identity unique on each system, but I wonder if there are known limits to the size of a single workgroup,

I'm facing a problem with accessing a HTTPd (Apache) jail locally. Consider this jail scenario: /etc/hosts: 127.0.0.1 localhost foo.com 172.16.0.1 apache /etc/natd.conf: use_sockets yes same_ports yes unregistered_only yes redirect_port tcp 172.16.0.1:80 80 redirect_port tcp 172.16.0.1:443 443 /etc/firewall.sh ... ${fwcmd} add divert natd all from any to any via ${oif}(IPFW) ... rl0, my

Hi, in the kernel I have these lines: [...] device miibus # MII bus support device rl device ed options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=0 #limit verbosity options IPDIVERT #divert sockets options DUMMYNET

Hi. We just opened a gaming center and have chosen to run a FreeBsd box for our firewall. IPFW is configured at it's very basic running natd through rl0 and allowing any to any connections from the lan to the outer world. Natd controls access to the lan. We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, however if a gamer starts downloading a file, that file

Made a typo in the cc: line. Coffee time, I guess. -------- Original Message -------- Date: Mon, 12 May 2003 19:52:17 -0400 From: Bob K <melange@yip.org> To: Michael Collette <metrol@metrol.net> CC: freebsd.-security@freebsd.org Subject: Re: Down the MPD road > I did this, and it does correct the immediate problem. Of course, it > also > creates a new glitchy. >

hi all, i've been struggling with setting appropriate rules for an SMTP-server behind by NAT'd firewall. it's not that there is too little info on the web -- or here, for that matter -- there's scads of it for seemingly endless configs/req'ts -- none that seem to be exactly my own. bottom line: i'm a bit confused, and looking for some experienced advice. my goals (for

I am having problems in the implementation of a VPN, below made a project of my net: INTRANET (10.0.0.0/24) | 10.0.0.5 xl0 NetBSD IPNAT ( map wi0 10.0.0.0/24 -> 192.168.213.10 ) wi0 192.168.213.10/30 | | Wireless VPN | | 192.168.213.9/30 xl2 FreeBSD NATD ( divert natd all from any to any ) xl0 200.x.x.5/24 | 200.x.x.1/24

Hallo there, I had to change the provider. And after that my public IP adress are routed straight through FreeBSD Box. What is it best way to do it? I personally done it the way, where exist the localnet alias for every interface... eg.. ifconfig_ed0="inet 62.168.40.188 netmask 255.255.255.252 broadcast 62.168.40.191" after that there is local interface 192.168.1.1/255 and it's

Is it just me or do others have a problem with the ATA-186 de-registering? Every couple of hours, if I don't make use of the ATA connected line, I find that I have to unplug and let the ATA reboot. After that it is good to go for awhile, but eventually I have to repeat the process. My ATA sits behind a NATd firewall, any ideas what might cause the de-registration? Kim C. Callis

Hello, I''m still new in using tc...I wanna ask... 1. what is the difference between classless and classful qdisc?? when I made a qdisc, are I must create both of that qdisc...??? 2. what is the difference beetween three of the classless qdisc in linux redhat 2.4, sfq pfifo and tbf if I using the htb classful qdisc ??? because when I use htb classful qdisc it means I made a qdisc that

I have a people table with four types of people: clients, spouses, children, and others all setup using single-table inheritance with a foreign key back to a household record. A Household has_one client and spouse, and has_many children and others. I want to use a single "Household.find(@session [:household_id], :include => [:client, :spouse, :children, :others])"

I feel I should know the answer to this, but I wanted to verify. I have a bunch of Windows PC's running Win 2K Pro, on three subnetworks. Two of the subnets are served by Unix (FreeBSD) boxes running NATD, but all are joined to a domain being run on a Win 2K Pro server in another building on the campus. So far I haven't joined the two Unix boxes to the domain. I'd like to