ajl37

Forum Replies Created

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • in reply to: LDAP recovering problem/backup&recovery SOLVED #47957
    ajl37
    Member

    @hippieshaker

    Thanks for the fix, worked for me as well on Beta12. I don’t actually use LDAP so doesn’t seem to have affected my set up at all.

    Thanks
    Andew

    in reply to: Zeroshell max sessions in bridge/shaping 100Mb/s circuit #46014
    ajl37
    Member

    yuda,

    Would that work for mine as well?
    Could you explain what each line does.

    Andrew

    in reply to: Zeroshell max sessions in bridge/shaping 100Mb/s circuit #46012
    ajl37
    Member

    David,

    I can’t say that I have done any tweaking on a large network. Looking at my stats I see a lot of errors on both cards but on received packets rather than your transmit packets.

    We use ZS for QOS and Firewall, about 1000 machines.

    ETH00     Link encap:Ethernet  HWaddr 00:E0:4C:39:36:49
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:560824604 errors:8076071 dropped:17782884 overruns:6917175 frame:0
    TX packets:1229397936 errors:0 dropped:0 overruns:3 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1024487352 (977.0 Mb) TX bytes:3243459230 (3093.2 Mb)
    Interrupt:11 Base address:0x6000

    ETH01 Link encap:Ethernet HWaddr 00:40:95:32:79:08
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1251810639 errors:1435058 dropped:3024120 overruns:568181 frame:0
    TX packets:547844187 errors:0 dropped:0 overruns:3 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:3533012722 (3369.3 Mb) TX bytes:983584740 (938.0 Mb)
    Interrupt:5 Base address:0x8000

    lspci ouput


    root@zeroshell root> lspci
    00:00.0 Host bridge: Intel Corporation 82845 845 [Brookdale] Chipset Host Bridge (rev 04)
    00:01.0 PCI bridge: Intel Corporation 82845 845 [Brookdale] Chipset AGP Bridge (rev 04)
    00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev 05)
    00:1f.0 ISA bridge: Intel Corporation 82801BA ISA Bridge (LPC) (rev 05)
    00:1f.1 IDE interface: Intel Corporation 82801BA IDE U100 Controller (rev 05)
    00:1f.2 USB Controller: Intel Corporation 82801BA/BAM USB Controller #1 (rev 05)
    00:1f.4 USB Controller: Intel Corporation 82801BA/BAM USB Controller #1 (rev 05)
    00:1f.5 Multimedia audio controller: Intel Corporation 82801BA/BAM AC'97 Audio Controller (rev 05)
    01:00.0 VGA compatible controller: nVidia Corporation NV5M64 [RIVA TNT2 Model 64/Model 64 Pro] (rev 15)
    02:0c.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
    02:0d.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)

    resources


    top - 09:50:31 up 60 days, 21:07, 1 user, load average: 0.00, 0.00, 0.00
    Tasks: 68 total, 2 running, 66 sleeping, 0 stopped, 0 zombie
    Cpu(s): 0.0% user, 0.0% system, 0.0% nice, 100.0% idle, 0.0% IO-wait
    Mem: 256168k total, 219676k used, 36492k free, 51024k buffers
    Swap: 0k total, 0k used, 0k free, 114808k cached

    Andrew

    in reply to: Firewall #46009
    ajl37
    Member

    Depending on your setup (Bridge or routing) you can set the default policy to drop and then setup your rules to allow ports 80 and 21. Are you talking about incoming ports or outgoing?

    Andrew

    in reply to: Possible to specify inbound and outbound bandwith in qos? #45967
    ajl37
    Member

    I think 🙂 (I run a bridged symetrical 100M line) that if you set the global bandwith of eth2 to 768kps it should be fine. You can keep the global bandwidth of the eth0 & 1 cards at 100, but when you set your bandwidth for each QoS class you can set them as you need them

    I guess you don’t need to worry about the incoming bandwidth in total as you could set the source & destination in the classifier. Set a class for traffic coming to/from any of your internal ranges to unlimited or even a guaranteed amount, anything coming into your internal networks could be limited. Just a thought.

    You may also this useful, rather than my ramblings:
    http://vonage.nmhoy.net/qos.html

    Andrew

    in reply to: linksys access point #45961
    ajl37
    Member

    Hi,

    Could you be a little more detailed with your question? What device are to trying to flash?

    Andrew

    in reply to: Possible to specify inbound and outbound bandwith in qos? #45965
    ajl37
    Member

    Assumption:
    You have ZS installed with 2 network cards, one connected to your cable modem, the other to your internal network. You also have the two cards either bridged or you are routing NAT’ed addresses from the local side.

    My undestanding of QoS is that you can only QoS the outgoing traffic of a card. Therefore to do Qos on the upload you need to change the settings on the card connected to the router. Do do Qos on the download speed you change the settings of the card attached to the local side of your network.

    This of course gives you the added advantage that the cable modem is no longer the bottle neck.

    If my assumptions are incorrect let me know.

    Thanks
    Andrew

    in reply to: Static IP problems #45942
    ajl37
    Member

    @fulvio wrote:

    You should not create static entries that are in the dynamic range.

    Ah, my apologies, I misunderstood. I was trying to use the static section as a way of excluding addresses from the dynamic range.

    Thanks
    Andrew

    in reply to: My L7-filtering is not working in bridge mode #45907
    ajl37
    Member

    I had not been running the L7 filters for the P2P protocols, I have had some luck with other L7 filters, see below:

    Chain FORWARD (policy ACCEPT 2160M packets, 1330G bytes)
    pkts bytes target prot opt in out source destination
    606K 332M CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
    3869 778K ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
    355 84740 MARK all — * * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.8.2 –kazaa –gnu –edk –dc –bit MARK set 0xc
    602K 331M CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
    4 373 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto xunlei MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto thecircle MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto tesla MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto soulseek MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto soribada MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto poco MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto openft MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto napster MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto mute MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto kugoo MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto imesh MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto hotline MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto goboogy MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto freenet MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto audiogalaxy MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ares MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto applejuice MARK set 0xc
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto 100bao MARK set 0xc
    18640 3540K MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto skypetoskype MARK set 0x12
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto quicktime MARK set 0x10
    0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http-rtsp MARK set 0x10
    34949 36M MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto httpvideo MARK set 0x10
    3699 575K MARK all — * * xxx.xxx.216.58 0.0.0.0/0 MARK set 0x1b
    5286 6717K MARK all — * * 0.0.0.0/0 xxx.xxx.216.58 MARK set 0x1b
    9060 5339K MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 MARK set 0x16
    9358 7802K MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 MARK set 0x16
    22058 2517K MARK tcp — * * 0.0.0.0/0 xxx.xxx.8.1 tcp dpt:8080 MARK set 0x14
    37459 47M MARK tcp — * * xxx.xxx.8.1 0.0.0.0/0 tcp spt:8080 MARK set 0x14
    117K 151M MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 MARK set 0x15
    71103 8280K MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 MARK set 0x15
    3018 203K MARK udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 MARK set 0x17
    2918 687K MARK udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 MARK set 0x17

    I do have some traffic picked up with Xunlei, but not others. It may be just that the filters need updating.

    I have had other strange issues with the Skype-to-phone L7 filter which seems to block (or slow up a lot) certain ICMP packets, pings from a machine work fine, but fping doesn’t and neither does “Peer Monitor”. L7 filters should be used cautiously.

    Fulvio: Any chance of a feature to automatically update the L7 filetrs? I notice that the option exists but is not functioning, yet?

    I think it can be done manually, although maybe not using the CD boot version?

    Andrew

    in reply to: Feature Requests & Timescales? #45936
    ajl37
    Member

    @fulvio wrote:

    You will be able to use 4 IP ranges in the next release of Zeroshell. The range exclution it is a bit more complicate and I am not sure if I can implement it in the 1.0.beta8 release.

    Thats fine, the exclusions are not extremely important, I can work round them for now.

    @fulvio wrote:

    The web proxy with Clam AV antivirus could be available in the 1.0.beta9 release in January.

    That would be fantastic. I don’t know how Proxy’s generally work if they do not have a locally copy of the requested file, but my requirement would be for the page to be collected from the remote site using the clients details (IP & Mac) rather than the Proxy’s. I believe this can be done using ebtables.

    Thanks
    Andrew

    in reply to: Help: QoS managing crash at entry nº 60 #45786
    ajl37
    Member

    When I originally started deleting rules 61 – 63, I saw the same results as you, rule 60 duplicated itself to 61-63. By deleting them all and then saving I managed to clear the entire QoS rules list. I then entered my 60 most important.

    Its very true that the interface does not allow for easy creation of a large number of rules. It is certainly something I would like to see improved at some point, as I am currently using it to manage about 1000 clients (works very well).

    Andrew

    in reply to: Help: QoS managing crash at entry nº 60 #45784
    ajl37
    Member

    Hi,
    I appear to have gotton around this problem.
    I stopped QoS on my two cards (bridged) disabled the QoS rules.
    Deleted them one at a time (which took a while) then saved (after deleting all 63 rules), re-enabled and added QoS back on the adapters. I now just need to add my rules back in, keeping it under 60 🙂

    I am currently using 1.0beta6, upgrading to beta7 tomorrow.

    Thanks
    Andrew

Viewing 12 posts - 1 through 12 (of 12 total)