| |
| |
| |
|
Page: 1 2
Comments:
<0> =
<1> .
<2> gug
<3> gug :)
<4> gug
<4> ct_sync as a daeon using ctnetlink...
<4> daemon
<4> I wonder if performance would suffer...
<4> or as an alternative, in kernel using ctnetlink
<4> so save the userspace roundtrips
<4> s/so/to/
<4> havn't had any coffee yet...
<3> Gandalf: actually i am hacking a daemon for testing purposes
<4> Octavian: great
<3> Gandalf: basically it does the same than ct_sync does, it uses multicast too
<4> I just wonder what the performance is going to be like, I rewrote an old testprogram from the old libctnetlink to libnetfilter_conntrack and it appears to be slower
<4> I remember testing the old testprogram on an dual pIII 600 and it managed to perform around 100k lookup/s per cpu in conntrack
<3> that's why i am doing it. i want to see how much performance suffers from that
<4> now I tested the libnetfilter_conntrack version on an pentium-m 1.6GHz and it also managed to perform around 100k lookups/s
<4> so there might be some things to optimize still
<3> I will take a look
<5> anyone else logging large amounts of packets using ulogd? I found 188 million "bad" packets in 2 days on a smallish network and it just killed the db server
<6> gug
<7> LaF0rge
<8> english / german
<1> english
<8> axo
<8> okay
<7> d'uh
<8> i need some help
<8> i have suse 9.2
<8> and a little nat / routing problem
<8> http://img117.imageshack.us/img117/256/net5yt.gif
<8> pc2 can not ping to pc5
<1> that's a pity
<1> can you ping from pc1 to pc5 ?
<8> yes
<1> can you ping pc1 from pc2 ?
<8> yes
<8> wait
<8> mom
<1> does pc1 have ip_forwarding enabled and does pc2 have a route for pc5 via pc1 ?
<8> yes i can ping !
<8> mom i will show you my routing table
<8> http://www.phpfi.com/110874
<8> ath0 is the w-lan interface
<1> thats on pc1 ?
<8> right
<1> ok
<1> what ip does pc2 have ?
<8> 192.168.7.77
<1> ok
<1> does pc1 have ip_forwarding enabled and does pc2 have a route for pc5 via pc1 ?
<8> target is it to bring internet from ipcop to pc5
<1> ah
<8> pc2 and pc1 are conectet to ipcop via a dlink-switch
<1> do you have ip_forwarding enabled on pc2 ?
<8> pc2 is a windows client
<8> so i does not need to forward anything
<8> i hope so
<8> (from pc2)
<1> you will need some kind of forwarding if you want to access the internet from pc5 through pc2
<8> the network doesnt goes through pc2
<1> oh
<1> damn
<8> pc2 is connectet via a switsh
<1> I meant pc1 of course
<8> :)
<1> pc1 needs to do forwarding for pc5
<8> yes
<8> how can i do this
<8> ?
<1> does pc1 have ip_forwarding enabled and does pc2 have a route for pc5 via pc1 ?
<1> damn
<1> wrong paste
<8> ^^
<1> /proc/sys/net/ipv4/conf/all/forwarding I believe
<1> its been a while
<8> yes forwarding is enabled
<8> its showing a "1"
<1> ok
<1> try iptables -nL FORWARD
<1> you are running suse on pc1 ?
<8> http://www.phpfi.com/110877
<8> yes iam running suse 9.2
<8> on pc2
<8> hhm pc1
<1> looks like you have the suse firewall running
<1> it can be a pain in the *ss
<8> yes its true
<1> I installed suse once. first thing I did was completely wreck their firewall
<8> ;)
<1> 2 weeks later I zeroed the partition it was on
<1> but this is no help to you
<8> i have an alternative firewall
<8> http://rocky.eld.leidenuniv.nl/
<8> i can also deactivate susefw and can activate this one
<1> I suggest you read the documentation on both
<1> and see where you can activate IP forwarding in them :)
<8> okay i will try this
<8> thanks for help Xteven
<8> =)
<1> np
<9> hello.. does anybody know about an ip_vs specific channel? thx
<9> well.. the question could go here ;)... do you know if it's possible feeding ip_vs after doing a -j REDIRECT to a Virtual_IP ?
<9> how ?
<9> hi again... have anyone answered my previous question ?
<1> nope
<9> thx :D
<1> I've never used ip_vs
<9> http://www.linuxvirtualserver.org/ -> it's quite cool
<1> yeah, I've heard of vserver
<9> basically it's a load-balancng connection tracking
<1> but I have no application for it
<1> ooooh
<1> lvs
<1> not vserver
<9> that's different..
<1> haven't used it either ;)
<9> no more frikis here?
<10> http://www.linuxvirtualserver.org/whatis.html single point of failure at the load balancer? or can you load balance them too?
<9> jhujhiti, you can have active-pasive balancers
<9> sessions info could be transmited ( syncd daemon )
<9> so, if the balancer hungs, no connections are broken ( well.. the new ones that couldn't been sent )
<4> parts of conntrack/NAT and lvs should probably be merged...
<9> jhujhiti, there exists a proof of concept to make an active-active balancer... but it's too unstable...alpha
<9> jhujhiti, I don't know anything similar for routing in netfilter
<9> jhujhiti, if you have a linux as router is a single point of failure...
<9> Gandalf_, as far I have seen in the code, it seems that ip_vs is finally "netfilterized"...
<9> but I have to recognize that I'm a lamer in ip_vs and netfilter source code
<4> yes it uses netfilter but it has it's own connection tracking etc...
<9> Gandalf_, I think the one from conntrack won't work
<9> because it has a lot of "fakes"...
<9> Gandalf_, take a look on the DR balancing mode.... and try to adapt to a "true" connection tracking
<9> DR = L2 redirection... ( it consists on receiving the pacakge to the VirtualIP... and copy it changing the Destination MAC... )
<4> kikov: sure, it won't work out of the box, but maybe one could figure out a way to generalize conntrack even more than what has been done with nf_conntrack
<4> I admit that I havn't looked at the lvs code in years
<9> Gandalf_, the problem is that the balancer can't see the connection when DR
<9> it just see the "incoming" packages... the "outcoming" packages go directly from real server to the client
<4> ok
<9> I just have a question I have written before.. maybe you could know..
<4> I have no idea how well lvs like regular NAT...
<9> Gandalf_, would it be possible that a packet DNATed to a Virtual IP ( well, it's a real IP for the balancer ,ie: eth0:1) could go into ip_vs ?
<9> and the last ;).. where can I fin a good packet journey diagram ?
<4> iirc, the ebtables page has one, I just can't seem to remember the url
<4> but lvs isn't included in any diagram that I know of
<9> I have seen one.. but I don't know how to fit it
<9> http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.filter_rules.html
<9> the firts graph
<9> as far I see, whenever I do the DNAT in the PREROUTING
Return to
#netfilter
or
Go to some related
logs:
#python
sarge greylist.pl perl die
how can i acces windows partition from ubuntu
#gentoo
mount already mounted or /mnt/gentoo busy
#osdev
#debian
#css
navicat mysql.proc doesn't exist
#linux
|
|
