Home / user-13821

Ben K.'s questions

Martin Hope
Ben K.
Asked: 2011-02-02 12:31:09 +0800 CST
  • 6

I'm adding some custom logging on local0 in syslog.

Writing these messages to a specific log is easy, in my syslog.conf I have

local0.* -/var/log/my.log

But how can I exclude local0 from all other logs? In my current setup, local0 messages also show up in /var/log/syslog since it's specified as

*.*;auth,authpriv.none -/var/log/syslog

Do I need to go through all the other default logs and add local0.none, or is there some kind of global exclude I can use?

logging syslog
Martin Hope
Ben K.
Asked: 2011-02-01 11:43:07 +0800 CST
  • 3

I have an ubuntu 10 machine I'm trying to set up with NAT.

eth0 is the WAN interface, that uses DHCP.

eth1, eth2, eth3 are LAN interfaces. They are connected to 192.168.0.50, .51, .52 respectively.

NAT through eth1 works great. On eth2/3, I get nothing -- "no route to host" on ping. Here's my iptables config. Is anything obviously wrong?

# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*nat
:PREROUTING ACCEPT [1799:327587]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [23:2190]
-A POSTROUTING -j MASQUERADE 
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*filter
:INPUT ACCEPT [3474:500657]
:FORWARD ACCEPT [24:1613]
:OUTPUT ACCEPT [857:128814]
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.0.50/32 -i eth1 -o eth0 -m conntrack --ctstate NEW -j ACCEPT 
-A FORWARD -s 192.168.0.51/32 -i eth2 -o eth0 -m conntrack --ctstate NEW -j ACCEPT 
-A FORWARD -s 192.168.0.52/32 -i eth3 -o eth0 -m conntrack --ctstate NEW -j ACCEPT 
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
# Generated by iptables-save v1.4.4 on Mon Jan 31 09:40:55 2011
*mangle
:PREROUTING ACCEPT [3890:612115]
:INPUT ACCEPT [3474:500657]
:FORWARD ACCEPT [220:45916]
:OUTPUT ACCEPT [857:128814]
:POSTROUTING ACCEPT [1140:186789]
-A PREROUTING -i eth1 -j MARK --set-xmark 0x3/0xffffffff 
-A PREROUTING -i eth2 -j MARK --set-xmark 0x4/0xffffffff 
-A PREROUTING -i eth3 -j MARK --set-xmark 0x5/0xffffffff 
COMMIT
# Completed on Mon Jan 31 09:40:55 2011
nat iptables
Martin Hope
Ben K.
Asked: 2011-01-30 10:28:40 +0800 CST
  • 0

I have an Ubuntu 10.04 machine with two ethernet interfaces: eth0 (WAN) eth1 (LAN)

I've configured NAT using these commands:

sudo iptables -A FORWARD -o eth0 -i eth1 -s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A POSTROUTING -t nat -j MASQUERADE

Now I'd like to add a packet mark to packets sourced from eth1 so that I can traffic-shape based on the mark. What iptables commands do I need to do this?

It seems like I need something along the lines of 

   sudo iptables -A FORWARD -i eth1 -t mangle -j MARK --set-mark 3

But I'm not sure. I want to make sure this mark persists past the nat so that I can inspect packets going out on eth0 with tc to do traffic shaping.

nat iptables
Martin Hope
Ben K.
Asked: 2011-01-28 20:03:46 +0800 CST
  • 4

I have an Ubuntu 10 box that I'm trying to set up as a bandwidth-shaping router.

The machine has one WAN interface, eth0 and two LAN interfaces, eth1 and eth2. NAT is configured using MASQUERADE as described at InternetConnectionSharing.

I'm mostly concerned with shaping outbound traffic from the LAN interfaces -- in the end, I'd like to end up with a hard 768Kbps limit per-LAN-interface (rather than a limit on eth0 pooled across all interfaces).

I installed HTB.init, and riffing on the examples, tried to set this up on eth1 by putting three files into /etc/sysconfig/htb:

/etc/sysconfig/htb/eth1

DEFAULT=30
R2Q=100

/etc/sysconfig/htb/eth1-2.root

RATE=768Kbps
BURST=15k

/etc/sysconfig/htb/eth1-2:30.dfl

RATE=768Kbps
CEIL=788Kbps
BURST=15k
LEAF=sfq

I can /etc/init.d/htb start and /etc/init.d/htb stats and see information that /seems/ to suggest it's working...but when I try pulling a large file via the WAN interface the shaping clearly isn't in effect.

Any suggestions? My guess is it has something to do with where the shaping falls in the NAT chain, but I really have no idea where to begin troubleshooting this.

---- Update:

Here's my /etc/init.d/htb list output, it seems to make sense -- the default rate for eth1 is 768Kbps?

### eth0: queueing disciplines

qdisc htb 1: root refcnt 2 r2q 100 default 30 direct_packets_stat 0
qdisc sfq 30: parent 1:30 limit 127p quantum 1514b perturb 10sec 

### eth0: traffic classes

class htb 1:2 root rate 768000bit ceil 768000bit burst 1599b cburst 1599b 
class htb 1:30 parent 1:2 leaf 30: prio 0 rate 6144Kbit ceil 6144Kbit burst 15Kb cburst 1598b 

### eth0: filtering rules

filter parent 1: protocol ip pref 100 u32 
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:30 
  match 00000000/00000000 at 12
  match 00000000/00000000 at 16

### eth1: queueing disciplines

qdisc htb 1: root refcnt 2 r2q 100 default 30 direct_packets_stat 0
qdisc sfq 30: parent 1:30 limit 127p quantum 1514b perturb 10sec 

### eth1: traffic classes

class htb 1:2 root rate 768000bit ceil 768000bit burst 1599b cburst 1599b 
class htb 1:30 parent 1:2 leaf 30: prio 0 rate 6144Kbit ceil 6144Kbit burst 15Kb cburst 1598b
tc htb bandwidth-control