LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-14-2010, 01:06 AM   #1
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Rep: Reputation: 15
Smile Virtual interface Routing


Hola,
I need to make some solution for my home network, i have a linux server which is:
Quote:
Linux Centos 5.5
So, what i need to do is to make a virtual interface for my clients which set its bandwidth up to 1Mb/s shared to them, but my real bandwidth is 2Mb/s.
Also, after that, i have two questions:
Quote:
1. How to set this rate limitation to that interface ???
2. How to edit this interface to let it work and route the client data to my ADSL router ???
I'm already generate the virtual interface using webmin managment tool, so i need to set its rate and route data.
Thanks in davance ...
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 07-14-2010, 04:22 PM   #2
tlowk
Member
 
Registered: Nov 2003
Location: Belgium
Distribution: Slackware
Posts: 151

Rep: Reputation: 23
# first make the virtual interface


vconfig add eth0 200

# assume modem has 192.167.200.1/24

ip a a 192.168.200.2/24 dev eth0.200
ip link set eth0.200 up

ip route del default
ip route add default via 192.168.200.1


# now the bandwith limitation on outgoing only
(so downloadspeed for the connected computer)

tc qdisc add dev eth0.200 handle 1:0 root dsmark indices 1 default_index 0
tc qdisc add dev eth0.200 handle 2:0 parent 1:0 tbf burst 1024 limit 20480 mtu 1514 rate 1024kbps

more info you'll find in LARTC (lartc.org/manpages)

correction: in the tc command you need to substitute the eth0.200 to the device where the other pc is connected not the one of the adsl router

Last edited by tlowk; 07-15-2010 at 05:22 PM.
 
2 members found this post helpful.
Old 07-14-2010, 09:32 PM   #3
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
cool, thanks my friend ...
I need to ask you about how to route my proxy server via DHCP ???
 
Old 07-15-2010, 02:57 AM   #4
tlowk
Member
 
Registered: Nov 2003
Location: Belgium
Distribution: Slackware
Posts: 151

Rep: Reputation: 23
I don't really understand your question. you like dhcp to configure your client to use a proxy? What do you like
to have as a result?
 
1 members found this post helpful.
Old 07-15-2010, 09:18 AM   #5
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
Question

Quote:
Originally Posted by tlowk View Post
I don't really understand your question. you like dhcp to configure your client to use a proxy? What do you like
to have as a result?
Thank you for replay, bit what i meed first is to configure the rate limiting ratio.
My solution is to make some rate limiting to use bandwidth of my network.
 
Old 07-19-2010, 02:03 AM   #6
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
Thabks for all, but really i need to know what is the bebefits for all of these commands:
Quote:
ip a a 192.168.200.2/24 dev eth0.200
ip link set eth0.200 up
and these two lines:
Quote:
ip route del default
ip route add default via 192.168.200.1
Here is the most important step, it is talk about BW, so i need a clear brief if you can:
Quote:
tc qdisc add dev eth0.200 handle 1:0 root dsmark indices 1 default_index 0
tc qdisc add dev eth0.200 handle 2:0 parent 1:0 tbf burst 1024 limit 20480 mtu 1514 rate 1024kbps
Thanks in advance ...
 
Old 07-19-2010, 02:34 AM   #7
tlowk
Member
 
Registered: Nov 2003
Location: Belgium
Distribution: Slackware
Posts: 151

Rep: Reputation: 23
the vconfig creates the vlan interface

ip a a (addr add) adds an ip address to that interface
ip link .. enables the interface (so it can be used)

if the adsl router is connected to that vlan is has to be
used in the default route so remove the existing one, and
add the adsl modem as a default gateway

The tc command is explained in the LARTC mentioned above, this
token bucket filter (TBF) is not very advanced and in most cases
you will probably prefer HTB combined with a way to select for
each computer after this one. I can't explain all details here
so I think you'll need to look for details into this LARTC guide.
 
1 members found this post helpful.
Old 07-19-2010, 07:20 AM   #8
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
cool, but really i'm very confused about my diagram, where my diagram is:
Virtual Interface: eth0:5
ip address: 10.10.10.1/24
Default GW: 196.xxx.xxx.xxx/30
Also, i need to ask about some GUI that can maanage these options in an ease fashion ???
so, really i'm confused, please help me ...

Last edited by abakhiet; 07-19-2010 at 11:36 AM. Reason: adding some details ...
 
Old 07-19-2010, 01:45 PM   #9
tlowk
Member
 
Registered: Nov 2003
Location: Belgium
Distribution: Slackware
Posts: 151

Rep: Reputation: 23
Virtual Interface: eth0:5
ip address: 10.10.10.1/24
Default GW: 196.xxx.xxx.xxx/30

the first is easy, this creates eth0.5
# vconfig add eth0 5

The default gateway would be the ipaddress of you adsl router, but here are some options:
1) home / small networks will probably have an external address (in your case in the range 196.xxx.xxx.xxx/30 ??) but maybe they have also on the inside network a private range and they handle the NAT (network address translation)
in this case you need to know this private address maybe it will be in this 10.10.10.0/24 range

2) bigger networks where you adsl router has a public IP and your network also has public IP's in this case 4 but that is a bit optimistic anyway
196.xxx.xxx.xxx/30
-> 32-30 means the last 2 bits are 'for you'

00 -> network
01 -> gateway (probably the adsl router)
10 -> your pc ( the only really usable)
11 -> broadcast of you /30 network

this means
your default route has to be the ip address 196.xxx.xxx.xxx with last 2 bits 01
the ip of your pc the one with the last bits 10

now the question is how is this router connected?
- to your eth0 ?
- to your eth0.5 ?

first case : eth0
# ip addr add 196.x.x.x01/30 dev eth0
# ip link set eth0 up

second case eth0.5
#vconfig add eth0 5
#ip addr add 196.x.x.x01/30 dev eth0.5
#ip link set eth0.5 up



My question is, why do you want to use VLAN's here? does you pc only has one network interface? does it have to integrate into something extisting?

since my rough guess that a network card will cost less than 10USD/EUR whatever and to your ADSL router you don't need the best at all, most cards will offer 100Mbit and that will be far more than the speed your ADSL can handle in the real world I think.

the TC commands you need to use on the other interface the the modem so eth0.5 or eth0. you limit the speed from your server to the client behind it. This will limit the download speed which is probably what you like to achieve.

Tell me if the explanation above is a bit understandable, I don't know about tools for this. I'd put it in some init script and let it start with the server.
 
1 members found this post helpful.
Old 07-20-2010, 02:00 PM   #10
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
I'm really sorry, I have some mis-understand to my issue
first, i need to protect my ADSL router by makeing some bridging between eth0 and eth0:5, and my ADSL router is connected to my eth0.
so my DHCP server is working in eth0:5 and give customers this range:
Quote:
IP: 10.10.10.xxx/24
mask: 255.255.255.0
GW: 10.10.10.1
DNS: 8.8.8.8, 8.8.4.4
i can make this issue, but i need to ask about how to make bridging between eth0 and eth0:5 to let my customers surf the web.
About your question that is:
Quote:
why do you want to use VLAN's here?
I need to make isolation and protect my buiseness network, which is VOIP network from being attacked from local network.
Thanks for you, waiting your help
 
Old 07-20-2010, 03:49 PM   #11
tlowk
Member
 
Registered: Nov 2003
Location: Belgium
Distribution: Slackware
Posts: 151

Rep: Reputation: 23
I'm sorry, but when you bridge eth0 and eth0.5 it will be like your 'customers' are connected to eth0. Since you can consider eth0.5 similar to eth5 but with the weird situation that it shares the same cable as eth0. If you bridge between eth0 and eth0.5 it would be like placing a switching hub (= network switch) between eth0 and this assumed eth5 so this will not give
any protection at all to you router.

BUT I think you just formulated in the wrong way.

My guess is that you want a network on eth0.5 with 10.10.10.0/24 that is NATed to your ADSL router.

+ ------------+
+--------------+ 196.x.x.x/30 | +---- 10.10.10.x/24 (eth0.5)
| ADSL router |--------------------+ ROUTING PC |
+--------------+ | +-----10.20.10.x/24
+-------------+

Is this a bit what you have in mind? I can imagine you have 2 networks that are
not supposed to see each other. but until now I only read here above
about the 196.x.x.x/30 public network and the 10.10.10.0/24 private network

What about the third network that I just invented as 10.20.10.x/24 ?


for this to work it is important to enable your kernel as router

# cat /proc/sys/net/ipv4/ip_forward
when this does return a 0 set it to 1
# echo 1 > /proc/sys/net/ipv4/ip_forward

then the next step would be to handle the NAT, with a postrouting rule,
like the one below.

iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE

Does this look to what you are looking for? I could probably refine the
firewall a bit for this. But I think we first need to agree on what the
desired situation is.

Last edited by tlowk; 07-20-2010 at 04:28 PM.
 
1 members found this post helpful.
Old 07-21-2010, 12:13 AM   #12
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
Talking

Thanks a lot for your efforts, but really i make some attachement for my network and what i need to do protecting my biz. network.
So i think you prefere to install a new NIC to my server, i will do it, but i need to make routing between two networks.
By the time, i'm don't using iptables, it is disabled on my server.
Thanks in advance
Attached Images
File Type: jpg Network.jpg (64.9 KB, 5 views)
 
Old 07-25-2010, 07:53 AM   #13
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
hola, to all
i make all of this, but i add some new real NIC, but no client can go for the internet, here is my client config:
Quote:
IP: 10.10.10.0/24
GW: 10.10.10.1/24
DNS: 8.8.8.8, 8.8.4.4
but no one can go for the web, also i have the default gateway my real ip address for my modem ADSL.
Thanks in advance ...
 
Old 07-25-2010, 08:07 AM   #14
tlowk
Member
 
Registered: Nov 2003
Location: Belgium
Distribution: Slackware
Posts: 151

Rep: Reputation: 23
to allow 'Server' to forward traffic between eth1 and eth0 and vice versa you'll need to make sure there is the 1 in /proc/sys/net/ipv4/ip_forward as I explained before.

Then with a program like wireshark or simply tcpdump you can see probably what is going on when you type on a machine in the customers network 'ping 8.8.8.8'

type on the server first:
tcpdump -i eth1 icmp

when you see the request arriving you know that part is ok (I expect it is like that)

Then you use
tcpdump -i eth0 icmp

here you will see the problem (is see 2 options)
1) maybe you don't see anything ( no 1 in ...ip_forward)
2) the origin of the request is 10.10.10.x (no NAT) and not 192.168.1.x ( same as Server)

Since you want to have NAT you'll need the iptables command to enable it, it also has to be enabled in the kernel but I think centos will have this enabled

when you have this command which you'll need anyway, you can clean the firewall and retry tcpdump if it showed no good results
iptables -t nat -F
iptables -F
iptables -t mangle -F
and check again with tcpdump
 
1 members found this post helpful.
Old 07-25-2010, 10:53 AM   #15
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
Really Thanks, but i need to say that all is fine and i need to ask you what happean if my iptables is disabled ??? as i do now ???
so, i will try and tell you the result
 
  


Reply

Tags
rate, routing, virtual


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Routing Traffic to a Virtual Network Interface medized Linux - Networking 4 05-21-2010 05:12 AM
Outgoing local trafic over virtual interface has not virtual ip address :-( tkmbe Linux - Networking 3 08-25-2009 09:03 PM
Create routing between virtual interface in linux attojung Linux - Networking 2 03-13-2009 02:06 PM
routing over virtual interface noir911 Linux - Server 1 02-23-2009 11:47 AM
virtual interface routing noir911 Linux - Server 11 10-22-2008 07:11 PM


All times are GMT -5. The time now is 08:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration