Way to debug incoming connection?

Discussion in 'Server Operation' started by Romoku, Dec 17, 2010.

  1. Romoku

    Romoku New Member

    ALRIGHT, I figured out the solution in a timely manner.

    From: This dude.

    Basically one needs to use iproute2 in order to allow traffic shaping. It could probably be done with iptables, but I know nothing and you can have fun with that.

    <Generalization starts now>

    iproute2 contains tables which can be checked using iprules

    You will want separate tables for each device probably.

    Start by editing the /etc/iproute2/rt_tables

    #nano /etc/iproute2/rt_tables

    Now add two new tables to the bottom of the file, it looks roughly like this:

    #
    # reserved values
    #
    255 local
    254 main
    253 default
    0 unspec
    #
    # local
    #
    #
    #1 inr.ruhep

    now add:

    #
    # reserved values
    #
    255 local
    254 main
    253 default
    0 unspec
    #
    # local
    #
    #
    #1 inr.ruhep
    1 WAN1
    2 LAN1

    Now save and we have some tables.

    Next start is to actually ADD something to the tables. I will use an example yyy.yyy.yyy.yyy for wan and xxx.xxx.xxx.xxx for lan.
    For this part yyy.yyy.yyy.yyy and xxx.xxx.xxx.xxx should be the GATEWAY the interface is connected to. I do not know whether to create a new table for eth0:0 or vlan type setups. Will append later.

    from the terminal:

    #ip route add default via yyy.yyy.yyy.yyy dev eth0 tab 1
    #ip route add default via xxx.xxx.xxx.xxx dev eth1 tab 2

    Now check the tables.

    #ip route show table 1
    default via via yyy.yyy.yyy.yyy dev eth0

    #ip route show table 2
    default via xxx.xxx.xxx.xxx dev eth1

    Everything should be shiny and now we need RULES.
    yyy.yyy.yyy.yyy/ww and xxx.xxx.xxx.xxx/zz should be IP ADDRESSES while ww and zz are the subnet in CIDR notation and are assigned to the interfaces eth0 and eth1. e.g. 192.168.0.100/24
    tl;dr yyy.yyy.yyy.yyy/ww = 192.168.0.100/24 CIDR Notation yyy.yyy.yyy.yyy is the IP ADDRESS of the interface.

    type in the terminal:

    #ip rule add from yyy.yyy.yyy.yyy/ww tab 1 priority 500
    #ip rule add from xxx.xxx.xxx.xxx/zz tab 2 priority 600

    Another e.g. just to get the point across:
    #ip rule add from 192.168.0.100/24 tab 1 priority 500

    Now we check to make sure the rules are added:

    #ip rule show
    0: from all lookup local
    500: from yyy.yyy.yyy.yyy lookup wan1
    600: from xxx.xxx.xxx.xxx lookup lan1
    32766: from all lookup main
    32767: from all lookup 253

    We are almost done:

    #ip route flush cache

    Now we should be done. I have run into a problem. (nvm)The changes do not stay and I will figure out a way to keep the changes saved(/nvm).

    edit:

    Alright to make the changes permanent we must edit /etc/rc.d/rc.local

    #nano /etc/rc.d/rc.local

    Append

    ip route add default via yyy.yyy.yyy.yyy dev eth0 tab 1 #GATEWAY 1
    ip route add default via xxx.xxx.xxx.xxx dev eth1 tab 2 #GATEWAY 2
    ip rule add from yyy.yyy.yyy.yyy/ww tab 1 priority 500 #IP ADDRESS 1
    ip rule add from xxx.xxx.xxx.xxx/zz tab 2 priority 600 #IP ADDRESS 2


    To the BOTTOM of the file. We are done.

    In conclusion: This is why we cannot have nice things.

    tl;dr I know nothing.


    -Romoku
     
    Last edited: Dec 17, 2010
    Romoku, Dec 17, 2010
    #1

Share This Page