LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-26-2002, 07:40 PM   #1
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Rep: Reputation: 30
router of a huge network... need a little help here.


Ok, by huge network I don't mean with a lot of computers, I mean with a lot of usage. hehehe...

Here is the problem: I have a linux box with red hat7.1 as a router/firewall. And I have 5 other computers on the network.

I was wandering if there is a way (I'm thinking squid) to limit the maximum bandwidth available for each machine.

Ok, I know there is a way, ISP's do it all the time, but I was wandering if it was hardware or software managed. And if it is software what kind of software... and if it is hardware... is it too expensive for a home LAN?.

I know this will limit my bandwidth all the time, but I think it is worth it. Does this 'splitter' support 'over-selling'??? (you know, when they say they sell you 128kbps but they use the same 128 for 3 or 4 users.

Thanks a lot.

 
Old 12-26-2002, 07:49 PM   #2
Miky
Member
 
Registered: Dec 2002
Location: London / Paris
Distribution: Debian (optionally Free/OpenBsd)
Posts: 72

Rep: Reputation: 15
Yes absolutely

You have to use iproute2 with netfilter

1. Compile you kernel with some QoS options and advanced router options, for iptables the mark options
2. Write rules in the mangle table to mark the packets reagrding from which machine they come from (you could use the mac address)
3. Create your queueing disciple and your classes and attach the mark packets to the class you want it to belong to.

More info on QoS howto

Bye
 
Old 12-26-2002, 07:54 PM   #3
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
Ok... I didn't understand a thing. what is QoS (queue of service?) iroute2 and netfilter... do I need to recompile my kernel to enable them? becaus I don't like to recompile it... it is trickie and I'm using a special kernel (for alpha processors)...

could you please be a little more clear... and give me a few addresses where I can find info about what you are talking about...

Thank you. A LOT.

 
Old 12-26-2002, 08:00 PM   #4
Miky
Member
 
Registered: Dec 2002
Location: London / Paris
Distribution: Debian (optionally Free/OpenBsd)
Posts: 72

Rep: Reputation: 15
QoS = Quality of service (qualitad del servicio lol)
iproute2 is a package
netfilter is the name of that package that uses iptables.

Yes there's 99% probability you'll have to recompile (i always do to optimize my kernel though)

For links google is your friend
search for strings
kernel recompile
netfilter mark
iproute2 or Qos linux

Hastaluego
 
Old 12-26-2002, 08:16 PM   #5
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
Ok, the problem is that I'm using an alpha procesor. an alphaserver. So, I don't have the same kind of boot loader and I think that toms root boot wont work. IF something goes wrong with my recompile or if I lose my OS I'll have to reintall EVERYTHIN... and that will take a few hours... not to mention that I won't have access to internet in any other machine.... AND I dont have a contigency. is there something like step-by-step guide to recompile your kernel... I've never done that alone... so... I thik a guide would be great...

about netfilter and iproute2 I've found a lot of documentation... but about kernel recompilation... none. could you help me on this one please. THANKS.
 
Old 12-26-2002, 08:29 PM   #6
Miky
Member
 
Registered: Dec 2002
Location: London / Paris
Distribution: Debian (optionally Free/OpenBsd)
Posts: 72

Rep: Reputation: 15
Kernel compilation is kind of very easy

first download the latest kernel (or one that works) 2.4.18 work well, but the latest is 2.4.20

Copy it in /usr/src and decompress it.

do make config or make menuconfig (requires libncurses-dev) or make xconfig depending if you want text mode, bash windows or Xwindow style

The (this is the most difficult)
choose your options in the kernel, this part is very important and will cause you a kernel panic or minor problems if you forget something. Save your kernel configuration once you've finished

the make dep && make bzImage && make modules && make modules_install
(be carefull if you're using the same version of your kernel you have to back up your modules !!!)

The make a dual boot with you're old kernel and your new one (very important !!!! if it crashes)

And that's all !!!

Try to find a junk machine to get some trainning with recompilation.

If you're confident make sure you have a nice dual boot on your alpha machine.

I would advice you to ask help to a good sysadmin besides you to help to configure the kernel.

btw the command dmesg|less will help you to configure the kernel

nos vemos
 
Old 12-26-2002, 08:34 PM   #7
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
Ok... Thanks a lot... I'll try recompilling my mandrake (thisone is kind of easy to recover)

Thanks a lot....
 
Old 12-28-2002, 04:57 PM   #8
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Have you read this yet?
http://tldp.org/HOWTO/Bandwidth-Limi...WTO/index.html
 
Old 12-28-2002, 11:53 PM   #9
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
uh... I hate tldp... I never find anything...
 
Old 12-29-2002, 12:30 AM   #10
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
Peter, I appreciate a lot that link. It would have taken me over two weeks to find it... excuse my previous post.. but it is just true.

I thinkI can work it out now... I'll post here a step-by-step guide as soon as I'm done.

Thanks.

BTW: what ports does KAZAA use?? cause it would be a hard task to isolate them using the tcpdump... hehe... I'll try google... but I don't know what will come out.

Last edited by Ciccio; 12-29-2002 at 12:38 AM.
 
Old 12-29-2002, 07:25 AM   #11
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Kazaa starts by using tcp port 1214 but can re-establish p2p connections on other low number ports.

You may wish to limit by user or local_ip if there are a lot of connections. One trick I have used is to allow only 1 big pc external access, then the local users must talk internally to this p2p. When Kazaa starts, it creates a huge scanning storm looking for port 1214 in every possible ip range.

When I search Google, I just use keywords, eg "bandwidth control"
When I search tldp, I use this page first ..http://tldp.org/HOWTO/HOWTO-INDEX/howtos.html
then in the browser, the EDIT, Find in this Page, "Keyword" combination.
 
Old 12-29-2002, 11:12 AM   #12
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
So, how do I control the bandwidth in kazaa? I have a big PC... it works as router/firewall And I kind of don't understand what you are saying... If i understood correctly then kazaa uses port 1214... but can use lower number ports??? is that it?. If so... how do I limiti them?.

Another question... Is there a BIG site for IPTraf and SQUID??? like php.net or samba.org but for those utilities... because I need special bouilds or source code...

Thanks a lot.
 
Old 12-29-2002, 11:44 AM   #13
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
I have a windoze pc set up to be a kazaa p2p member.
It's the ONLY pc that can connect directly past the firewall, everyone else is dropped, so they are forced to talk to this pc to get their sharing to work.
If Kazaa starts with it's entire internet ip scan, (it can be made to look for single ip numbers) I drop these as well.
It's a BIG pc coz it will hold a huge amount of "files".
I now only have to control the traffic from this one internal pc now, kazaa is all it does.

Kazaa starts by using destination port 1214 but will use higher numbers later, making it hard to control if everyone is using it externally.

Practise your Google search for iptraf & squid !! Enjoy !!
 
Old 12-29-2002, 01:07 PM   #14
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
ok... but the problem is how to control the traffic... I use it on tow PCs so it shouldn't be that hard... First I want to limit the use of kazaa to 15KBps. the rest I don't care... we don't download mp3 or avi from http servers... (that is why we use kazaa).

Ok... I was reading that how to... and in the squid configuration file there are a few lines I don't know what they are for...

Code:
#To make our connection even faster, we put two lines similar
#to the ones below. They will point a parent proxy server our own Squid
#will use. Don't forget to change the server to the one that will
#be fastest for you!
#Measure pings, traceroutes and so on.
#Make sure that http and icp ports are correct.

#Uncomment lines beginning with "cache_peer" if necessary.
#This is the proxy you are going to use for all connections...
#cache_peer w3cache.icm.edu.pl parent 8080 3130 no-digest default

#...except for the connections to addresses and IPs beginning with "!".
#It's a good idea not to use a higher 
#cache_peer_domain w3cache.icm.edu.pl !.pl !7thguard.net !192.168.1.1

#This is useful when we want to use the Cache Manager.
#Copy cachemgr.cgi to cgi-bin of your www server.
#You can reach it then via a web browser typing
#the address http://your-web-server/cgi-bin/cachemgr.cgi
cache_mgr your@email
cachemgr_passwd secret_password all
Could you help me with this?

thanks.
 
Old 12-29-2002, 01:14 PM   #15
Ciccio
Member
 
Registered: Nov 2002
Location: Paraguay
Distribution: Mandrake 10
Posts: 573

Original Poster
Rep: Reputation: 30
BTW, iptraf seems to be broken... I've searched a few pages but it always lead to a broken link (the same one)

Besides... can it be done with tcpdump???
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I need to be on a network to use a router? habala Linux - Networking 6 01-26-2005 01:01 AM
Home network setup with network firewall/router Gates1026 Linux - Networking 4 01-17-2005 08:26 PM
Network speed problems on 15 user network to broadband wireless router AntWarrior Linux - Wireless Networking 2 12-02-2004 11:05 AM
Huge Huge Problem With Forums!!! The_Insomniac Linux - General 1 06-07-2004 08:15 AM
Fwall/Router Network Appliance vs. stock mdk9 Fwall/Router box jqpdev Linux - Networking 2 02-28-2003 07:19 AM


All times are GMT -5. The time now is 09:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration