Showing posts with label Other. Show all posts
Showing posts with label Other. Show all posts

Tuesday, February 21, 2012

Apache LDAP Authentication

This is how to authenticate Microsoft Windows Active Directory users with Apache:

vi /etc/httpd/conf/httpd.conf

Make sure the following 3 lines are NOT hashed out:

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so

Wherever your web directory is, still in /etc/httpd/conf/httpd.conf: 
<Directory "/var/www/html">

Options Indexes FollowSymLinks
Order deny,allow
Deny from All
AuthName "AD Username Password please"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPUrl "ldap://your_dc_fqdn:389/OU=SOME_OU,DC=yourdomain,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "CN=your_AD_user,CN=Users,DC=yourdomain,DC=com"
AuthLDAPBindPassword your_AD_user_password
Require valid-user
Satisfy any

</Directory>
vi /etc/openldap/ldap.conf

Hash everything out and add the following line:

REFERRALS off

Restart Apache
/etc/init.d/httpd restart

Now if you go to your web server's root with your browser, you will be prompted for a username and password. If you do have a valid Active Directory user account, you will be authenticated against AD.
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Tuesday, February 21, 2012

Sunday, February 19, 2012

Asterisk - Registered Useragent Audit

Here is a quick script I put together to get a list of all phones currently registered to our Asterisk box: 
#!/bin/bash

for i in `asterisk -rx "sip show peers" | grep -av Unspecified | grep -a "/" | grep -a "^[0-9]" | cut -f 1 -d '/'`
do
user=`asterisk -rx "sip show peer $i" | grep -a "Useragent"`
echo $i = $user |awk '{ print $1","$5 }'
done
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Sunday, February 19, 2012

Saturday, February 18, 2012

"On-the-Fly" Read-Write Compressed Filesystem

I recently had a problem where "SARG" (SQUID Proxy reporting tool) completely chew up all root filesystem space as reports was generated daily and stored under /var/www/html/sarg. Quick solution... I thought this can also come in handy for future reference... "On-the-Fly read-write compressed filesystem"

I did this on CentOS 5.5:

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

yum -y install squashfs-tools fuse-unionfs

mv /var/www/html/sarg /root/sarg-old
mkdir /var/www/html/sarg

mksquashfs /root/sarg-old /.sarg-compressed.sqfs -check_data

mkdir -p /var/squashed/{ro,rw}

Add the following to /etc/fstab:
/.sarg-compressed.sqfs  /var/squashed/ro  squashfs  loop,ro  0 0
unionfs#/var/squashed/rw=rw:/var/squashed/ro=ro /var/www/html/sarg fuse default_permissions,allow_other,use_ino,nonempty,suid,cow 0 0

mount -all

touch /var/www/html/sarg/test
rm -rf /var/www/html/sarg-old

Check that your new fuse filesystem is mounted:

df -h

By doing this, all files writen to /var/www/html/sarg is actually being written "inside" /.sarg-compressed.sqfs (The compressed filesystem) Files like text or html in this instance are compressed at a massive ratio.
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Saturday, February 18, 2012

Saturday, November 13, 2010

10GB free Online Storage - DROPBOX!!

I know this is probably old news, well couple years already, but I've started using this now and it works very well and solid across multiple Operating Systems, iPhones, iPods exec...

To register, follow the following link: Dropbox Registration

Sync

Dropbox allows you to sync your files online and across your computers automatically.
  • Up to 10GB of online storage for free, with up to 100GB available to paying customers.
  • Sync files of any size or type.
  • Sync Windows, Mac, and Linux computers.
  • Automatically syncs when new files or
    changes are detected.

File Sharing

Sharing files is simple. It takes only a few clicks.
  • Shared folders allow several people to collaborate on the same files.
  • See other people's changes instantly.
  • Use your "Public" folder to link directly to files.
  • Control who has access to your shared folders. Kick people out and remove the shared files from their computers in the process.
  • Automatically create shareable online photo galleries out of regular folders.

Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Saturday, November 13, 2010

Saturday, May 1, 2010

Linksys WRT54GL, DD-WRT persistant PPPOE

A script I've put together to make my DSL PPPOE dialup persistant. First open the DD-WRT web interface, set WAN to PPPOE and configure a dummy username and password. Then go to Administration, Commands and paste the following script. Change your DSL username and password and save it, Startup Script.
#!/bin/sh
PATH=/usr/sbin:/sbin:/usr/bin:$PATH

#ISP
USER=myispusername
PASS=myisppassword
#OTHER SETTINGS
INTRFACE=nic-vlan1
TIMEOUT=120

setdefaultroute () {
echo ...applying default route
route del default
route del default
route del default
route add default ppp0
}

connect () {
gpio disable 3; sleep 1
pppd plugin /usr/lib/rp-pppoe.so $INTRFACE noipdefault noauth nodefaultroute noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp nomppe nomppc usepeerdns user $1 password $2 default-asyncmap mtu 1492 mru 1492 persist lcp-echo-interval 60 lcp-echo-failure 10 maxfail 0 unit $3
gpio enable 3; sleep 1
}

connlinkppp () {
while true
  do
    if [ `ip link show dev ppp0 |grep ppp0 |awk '{ print $2 }'` == "ppp0:" ]
      then
        echo ...ppp link is up
        break
      else
        echo ...waiting for ppp to connect
        gpio disable 3; sleep 1
        gpio enable 3; sleep 1
    fi
done
}

echo Starting link checking procedure... Please wait...
sleep 40

while true
  do
    if [ `ip link show dev ppp0 |grep ppp0 |awk '{ print $2 }'` == "ppp0:" ]
      then
         echo ...ppp link is up
      else
         connect $USER $PASS 0
         connlinkppp
         sleep 10
         setdefaultroute
    fi 

    if [ `ip link show dev ppp1 |grep ppp1 |awk '{ print $2 }'` == "ppp1:" ]
      then
         echo ...Resetting all ppp connections
         killall redial
         killall pppd
      else
         echo all ppp connections seems good
    fi
   echo returning to main loop...
   sleep $TIMEOUT
done
Reboot the router!
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Saturday, May 01, 2010

Friday, April 16, 2010

Howto post code snippets on your Blog

In your Blogger HTML template, insert the style/javascript code between the following two lines:
<div class='post-header-line-1'/>
</div>
Code:
<style type="text/css">
pre.source-code {
  font-family: Andale Mono, Lucida Console, Monaco, fixed, monospace;
  color: #ffffff;
  background-color: #000;
  font-size: 12px;
  border: 1px dashed #999999;
  line-height: 14px;
  padding: 5px;
  overflow: auto;
  width: 100%
}
p.warning {
  color: #000000;
  background-color: #FFB6C1;
  font-size: 12px;
  border: 3px double #333333;
  line-height: 14px;
  padding: 5px;
  overflow: auto;
  width: 100%
}
</style>
<script language="JavaScript">
<!--
var Color= new Array();
Color[1] = "ff";
Color[2] = "ee";
Color[3] = "dd";
Color[4] = "cc";
Color[5] = "bb";
Color[6] = "aa";
Color[7] = "99";

function fadeIn(where) {
  if (where >= 1) {
      document.getElementById('fade').style.backgroundColor = "#ffff" + Color[where];
    if (where > 1) {
      where -= 1;
      setTimeout("fadeIn("+where+")", 200);
    } else {
      where -= 1;
      setTimeout("fadeIn("+where+")", 200);
      document.getElementById('fade').style.backgroundColor = "transparent";
    }
  }
}

function format() {
    var strIn = document.getElementById("textin").value;
    var strOut = null;
    if ( document.getElementById("embedstyle").checked ) {
        strOut = "<pre style=\"font-family: Andale Mono, Lucida Console, Monaco, fixed, monospace; color: #000000; background-color: #eee;font-size: 12px;border: 1px dashed #999999;line-height: 14px;padding: 5px; overflow: auto; width: 100%\"><code>";
        hideElement("style");
    } else {
        strOut = "<pre class=\"source-code\"><code>";
        showElement("style");
    }
    var strOut25 = null;
    var line = 1;
    var strTab;
    var hasVerticalPipe = false;
    var j;
   
    if ( document.getElementById("tab4").checked ) {
    strTab = "    ";
    } else if ( document.getElementById("tab2").checked ) {
    strTab = "  ";
    } else {
        strTab = "        ";
    }

    for ( i = 0; i < strIn.length; i++ ) {
        var code = strIn.charCodeAt(i);
        switch( code ) {
            case 9: // tab
                strOut += strTab;
        break;
            case 10:  // line-feed
            case 13: 
                strOut += "\n";
                line += 1;
                if ( line == 26 ) {
                    strOut25 = strOut + "[only the first 25 lines shown in this example]\n\n";
                }
                j = i + 1;
                if ( code == 13 && j < strIn.length && strIn.charCodeAt(j) == 10 ) {
                    i++;
                }
                break;
            case 34:
                strOut += "&quot;";
                break;
            case 38:
                strOut += "&amp;";
                break;
            case 60:
                strOut += "<";
                break;
            case 62:
                strOut += ">";
                break;
            case 124: // vertical pipe (blogger modifies this)
                strOut += "&#124;";
                hasVerticalPipe = true;
                break;
            default:
                if ( code >= 32 && code <= 127 ) {
                    strOut += strIn.charAt(i);
                } else {
                    strOut += "&#" + code + ";";
                }
                break;
        } // switch
    } // for
    strOut += "\n</code></pre>
";
    var textoutelement = document.getElementById("textout")
    textoutelement.value = strOut;
    textoutelement.focus();
    textoutelement.select();

    if ( hasVerticalPipe ) {
        showElement( "vert-pipe-warning" );
    } else {
        hideElement( "vert-pipe-warning" );
    }

    var resultselement = document.getElementById("results");
    if ( strOut25 != null ) {
        resultselement.innerHTML = strOut25;
    } else {
        resultselement.innerHTML = strOut;
    }

    fadeIn(7);
}

function onloadEvent() {
    var textinelement = document.getElementById("textin");
    textinelement.focus();
    textinelement.select();
}

function showElement(strId) {
    var ref = document.getElementById(strId);
    if ( ref.style) { ref = ref.style; }
    ref.display = '';
}

function hideElement(strId) {
    var ref = document.getElementById(strId);
    if ( ref.style) { ref = ref.style; }
    ref.display = 'none';
}
//-->
</script>
Save your template. Now you should be able to post code wrapped in a neat scrollable frame with the following START TAG:
<code><pre class="source-code"><code>
and the following END TAG:
</code></pre>
You still need to convert the "funny" HTML characters before posting. This can be done here: http://web.forret.com/tools/html.asp
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Friday, April 16, 2010

Saturday, April 10, 2010

Handy GSM codes

@ = Send/OK button on your mobile phone

TO DIVERT CALLS
ACTION CODE
Deactivate call diverts ##002#@
Deactivate all conditional diverts ##004#@
Activate all conditional diverts **004*DestinationNumber#@

DIVERT ALL CALLS
Action Hash Codes
Deactivate automatically divert all calls to Destination Number ##21#@
Deactivate automatically divert all calls to Destination Number #21#@
Set and Activate divert all calls to **21*DestinationNumber#@
Activate divert all calls *21#@
Status of automatically divert all calls to Destination Number *#21#@

CALL NOT ANSWERED
ACTION CODE
Activate and Set call diversion when not answered **61*DestinationNumber#@
Deactivate and turn off call divert when not answered ##61#
Deactivate call divert #61#@
Activate call diversion *61#@

DIVERT FOR ALL CALLS
ACTION CODE
Set and Activate divert all calls to **21*DestinationNumber#@
Activate divert all calls *21#@
Deactivate divert all calls #21#@
Status of automatically divert all calls to Destination Number *#21#@

DIVERTS WHEN PHONE IS UNREACHABLE
ACTION CODE
Activate call divert when not reachable **62*DestinationNumber#@
Activate call divert *62#@
Deactivate and turn off call divert if unreachable ##62#@
Deactivate call divert #62#@
Status of call divert if not reachable *#62#@

DIVERTS WHEN PHONE IS BUSY
ACTION CODE
Activate call divert when busy (engaged on another call) **67*DestinationNumber#@
Activate call divert when busy *67#@
Deactivate call divert when busy ##67#@
Deactivate call divert when busy #67#@
Status of call divert when busy *#67#@

BARRING ALL OUTGOING CALLS
ACTION CODE
Change password for call barring **03*330*oldPW*newPW*newPW#@
Activate barring for all outgoing calls **33*PW#@
Deactivate barring for all out going calls #33*PW#@
Status barring for all out going calls *#33#@

BARRING ALL CALLS
ACTION CODE
Activate barring for all calls **330*PW#@
Deactivate barring for all calls #330*PW#@
Status baring for all calls *#330*PW#@

BARRING ALL OUTGOING INTERNATIONAL CALLS
ACTION CODE
Activate barring for all outgoing international calls **331*PW#@
Deactivate barring for all outgoing international calls #331*PW#@
Status barring all outgoing international calls *#331#@

BARRING ALL OUTGOING CALLS
ACTION CODE
Activate barring all outgoing calls **333*PW#@
Deactivate barring all outgoing calls #333*PW#@
Status barring all outgoing calls *#333#@

BARRING ALL INCOMING CALLS
ACTION CODE
Activate barring all incoming calls **35*PW#@ or **353*PW#@
Deactivate barring all incoming calls #35*PW#@ or **353*PW#@
Status barring all incoming calls *#35#@ or *#353#@

BARRING ALL INCOMING CALLS IF ROAMING
ACTION CODE
Activate barring all incoming calls if abroad **351*PW#@
Deactivate barring all incoming calls if abroad #351*PW#@
Status barring all incoming calls if abroad *#351#@

CALL WAITING
ACTION CODE
Activate call waiting *43#@
Deactivate call waiting #43##@
Status call waiting *#43#@

RINGS UNTIL ANSWERED BY YOUR VOICEMAIL
If your mobile's voicemail number is, for example:
+27-79-131-123-4567
....and you want your phone to divert to your voicemail after say 20 seconds, then type:
**61*+27791311234567**20#

The time can be up to 30 seconds (network default)
ACTION CODE
Set number of rings **61*YourVoiceMailNumber**N#@
Cancel previous Setting entered ##61#@
N =Ring Time (up to 30 seconds)

SEND/PREVENT YOUR PHONE NUMBER BEING SENT TO ANOTHER PHONE NUMBER
ACTION CODE
Disable your phone number being sent #30#DestinationNumber@
Enable your phone number being sent *30#DestinationNumner@
Status of your phone number being sent *#30#

SEND/PREVENT INCOMING PHONE NUMBERS BEING SEEN ON YOUR PHONE
ACTION CODE
Disable incoming number being shown on your phone *77#
Enable incoming number being shown on your phone #77#@
Status of whether calling parties number is shown on your phone *#77#@

CHANGING PIN CODES
ACTION CODE
Change PIN 1 **04*PINOLD*PINNEW*NEWPIN1#@

UNBLOCKING PHONE USING A PUK NUMBER
ACTION CODE
Unblock PIN 1 **05*PUK*newPIN1*newPIN1#@

DISPLAY IMEI NUMBER
Display IMEI Number *#06#

Reference: http://www.cellular.co.za/gsm_hash_code.htm
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Saturday, April 10, 2010

Thursday, March 25, 2010

iPhone 1st Gen MMS, Tethering, Blutooth and Push notifications enabled

If you still have and old 1st gen iPhone and want to enable MMS, tethering, Bluetooth and push notifications, do the following. Note that this is for the 3.1.3 iPhone firmware ONLY! I have done it and it all works. At the time I was on the South African Vodacom network.

MMS, Bluetooth, Tethering:
Download from http://www.mediafire.com/?ezwzmjkzzmz
The md5sum of the archive is 275d31f84aedee9f949f1d9f46f46725
Read the "readme" on how to install!

Get some unique push certs and install. This guy charge $5.99 for a set and can be paid with Paypal:
http://www.pushfix.info/purchase
Once again, read the "readme" for the howto.
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Thursday, March 25, 2010

Wednesday, March 24, 2010

Interesting read... Traffic Conditioning scripts: Low Latency, Fast Up & Downloads

Maintain low latency for interactive traffic at all times:
This means that downloading or uploading files should not disturb SSH or even telnet. These are the most important things, even 200ms latency is sluggish to work over. Allow 'surfing' at reasonable speeds while up or downloading.

Even though http is 'bulk' traffic, other traffic should not drown it out too much. Make sure uploads don't harm downloads, and the other way around. This is a much observed phenomenon where outgress traffic simply destroys download speed.

It turns out that all this is possible, at the cost of a tiny bit of bandwidth. The reason that uploads, downloads and ssh hurt each other is the presence of large queues in many domestic access devices like cable or DSL modems.

The next section explains in depth what causes the delays, and how we can fix them. You can safely skip it and head straight for the script if you don't care how the magic is performed.

Why it doesn't work well by default:
ISPs know that they are benchmarked solely on how fast people can download. Besides available bandwidth, download speed is influenced heavily by packet loss, which seriously hampers TCP/IP performance. Large queues can help prevent packet loss, and speed up downloads. So ISPs configure large queues.

These large queues however damage interactivity. A keystroke must first travel the upstream queue, which may be seconds (!) long and go to your remote host. It is then displayed, which leads to a packet coming back, which must then traverse the downstream queue, located at your ISP, before it appears on your screen.

This HOWTO teaches you how to mangle and process the queue in many ways, but sadly, not all queues are accessible to us. The queue over at the ISP is completely off-limits, whereas the upstream queue probably lives inside your cable modem or DSL device. You may or may not be able to configure it. Most probably not.

So, what next? As we can't control either of those queues, they must be eliminated, and moved to your Linux router. Luckily this is possible.

Limit upload speed
By limiting our upload speed to slightly less than the truly available rate, no queues are built up in our modem. The queue is now moved to Linux.

Limit download speed
This is slightly trickier as we can't really influence how fast the internet ships us data. We can however drop packets that are coming in too fast, which causes TCP/IP to slow down to just the rate we want. Because we don't want to drop traffic unnecessarily, we configure a 'burst' size we allow at higher speed.

Now, once we have done this, we have eliminated the downstream queue totally (except for short bursts), and gain the ability to manage the upstream queue with all the power Linux offers.

What remains to be done is to make sure interactive traffic jumps to the front of the upstream queue. To make sure that uploads don't hurt downloads, we also move ACK packets to the front of the queue. This is what normally causes the huge slowdown observed when generating bulk traffic both ways. The Acknowledgements for downstream traffic must compete with upstream traffic, and get delayed in the process.

If we do all this we get the following measurements using an excellent ADSL connection from xs4all in the Netherlands:

Baseline latency:
round-trip min/avg/max = 14.4/17.1/21.7 ms

Without traffic conditioner, while downloading:
round-trip min/avg/max = 560.9/573.6/586.4 ms

Without traffic conditioner, while uploading:
round-trip min/avg/max = 2041.4/2332.1/2427.6 ms

With conditioner, during 220kbit/s upload:
round-trip min/avg/max = 15.7/51.8/79.9 ms

With conditioner, during 850kbit/s download:
round-trip min/avg/max = 20.4/46.9/74.0 ms

When uploading, downloads proceed at ~80% of the available speed. Uploads
at around 90%. Latency then jumps to 850 ms, still figuring out why.

What you can expect from this script depends a lot on your actual uplink speed. When uploading at full speed, there will always be a single packet ahead of your keystroke. That is the lower limit to the latency you can achieve - divide your MTU by your upstream speed to calculate. Typical values will be somewhat higher than that. Lower your MTU for better effects!

Next, two versions of this script, one with Devik's excellent HTB, the other with CBQ which is in each Linux kernel, unlike HTB. Both are tested and work well.

The actual script (CBQ)
Works on all kernels. Within the CBQ qdisc we place two Stochastic Fairness Queues that make sure that multiple bulk streams don't drown each other out.

Downstream traffic is policed using a tc filter containing a Token Bucket Filter.

You might improve on this script by adding 'bounded' to the line that starts with 'tc class add .. classid 1:20'. If you lowered your MTU, also lower the allot & avpkt numbers!
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
# 
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=800
UPLINK=220
DEV=ppp0

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root    2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

###### uplink

# install root CBQ

tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 10mbit 

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
# main class

tc class add dev $DEV parent 1: classid 1:1 cbq rate ${UPLINK}kbit \
allot 1500 prio 5 bounded isolated 

# high prio class 1:10:

tc class add dev $DEV parent 1:1 classid 1:10 cbq rate ${UPLINK}kbit \
   allot 1600 prio 1 avpkt 1000

# bulk and default class 1:20 - gets slightly less traffic, 
#  and a lower priority:

tc class add dev $DEV parent 1:1 classid 1:20 cbq rate $[9*$UPLINK/10]kbit \
   allot 1600 prio 2 avpkt 1000

# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# start filters
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we 
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 \
    match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:

tc filter add dev $DEV parent 1: protocol ip prio 12 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:10

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

tc filter add dev $DEV parent 1: protocol ip prio 13 u32 \
   match ip dst 0.0.0.0/0 flowid 1:20

########## downlink #############
# slow downloads down to somewhat less than the real speed  to prevent 
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
   0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
If you want this script to be run by ppp on connect, copy it to /etc/ppp/ip-up.d.

If the last two lines give an error, update your tc tool to a newer version!
15.8.3. The actual script (HTB)

The following script achieves all goals using the wonderful HTB queue. Well worth patching your kernel for!
#!/bin/bash
# The Ultimate Setup For Your Internet Connection At Home
# 
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits
DOWNLINK=800
UPLINK=220
DEV=ppp0

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root    2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

###### uplink

# install root HTB, point default traffic to 1:20:

tc qdisc add dev $DEV root handle 1: htb default 20

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k

# high prio class 1:10:

tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
   burst 6k prio 1

# bulk & default class 1:20 - gets slightly less traffic, 
# and a lower priority:

tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
   burst 6k prio 2

# both get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we 
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
    match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:10

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20


########## downlink #############
# slow downloads down to somewhat less than the real speed  to prevent 
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
   0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
If you want this script to be run by ppp on connect, copy it to /etc/ppp/ip-up.d.

If the last two lines give an error, update your tc tool to a newer version!

Article copied from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Wednesday, March 24, 2010

Sunday, March 21, 2010

Impressive indeed...

26 Billion pixels! The world's largest image! Visit Paris like never before!
http://www.paris-26-gigapixels.com/
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Sunday, March 21, 2010

Linksys WRT-54GL 1.1, Traffic splitting between 2 ISPs, Traffic accounting

This was done for data least cost routing, in South Africa, due to much cheaper "Local" bandwidth.

NOTE: You will need to have the following SD mod installed on your router:
http://www.hendlsofen.de/WRT54GL/eng/WRT54GL_SDMod.html

Firmware used, eko branch:
http://www.dd-wrt.com/dd-wrtv2/downloads/others/eko/V24_TNG/svn13491-snow/NEWD/dd-wrt.v24-13491_NEWD_std.bin

MMC/SD Card Support must be enabled on the router’s web interface:
GPIO pins select – Manual
GPIO pins DI:2  D0:4  CLK:3  CS:7

Install BWLOG:
SSH to your router
cd /mmc/jffs/scripts
wget http://www.krikkit.net/download/wrtbwlog_cust_exp.tgz

tar -zxvf wrtbwlog_cust_exp.tgz
Page will be accessible by going to http://your_router_ip:8000

On the router’s web interface,
Administration --> Commands --> Startup
Startup script:
#!/bin/sh
PATH=/usr/sbin:/sbin:/usr/bin:$PATH

umount /jffs
mount --bind /mmc/jffs /jffs

killall redial
killall pppd

#INTERNATIONAL
INTLUSER=isp1_username
INTLPASS=isp1_password
#LOCAL
LOCALUSER=isp2_username
LOCALPASS=isp2_password
#OTHER SETTINGS
INTRFACE=nic-vlan1
SAIXSMTP=196.43.2.142
ROUTESERVER=196.38.40.110
INTL=ppp0
LOCL=ppp1
TIMEOUT=120

setintlroutes () {
echo ...setting International routes
route add -host $ROUTESERVER $INTL
route add -host $SAIXSMTP $INTL
}

setdefaultroute () {
echo ...applying default route
route del default
route del default
route del default
route add default $INTL
}

getloclroutes () {
echo Downloading Local routes...
sleep 5
wget -T 15 "http://developers.locality.co.za/routes.txt" -O /tmp/routes.dat
sleep 7

if [ ! -f /tmp/routes.dat ]
  then
    echo ...restoring backup routes.txt file
    cp /mmc/jffs/scripts/routes.dat.bak /tmp/routes.dat
    sleep 7
fi
}

backuploclroutes () {
echo ...backing up existing routes.txt file
cp /tmp/routes.dat /mmc/jffs/scripts/routes.dat.bak
rm -rf /tmp/routes.dat
}

setloclroutes () {
echo ...setting Local routes 
for IP in `cat /tmp/routes.dat`
  do
    gpio enable 7
    route add -net $IP $LOCL
    gpio disable 7
  done
}

connect () {
gpio disable 3; sleep 1
pppd plugin /usr/lib/rp-pppoe.so $INTRFACE noipdefault noauth nodefaultroute noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp nomppe nomppc usepeerdns user $1 password $2 default-asyncmap mtu 1492 mru 1492 persist lcp-echo-interval 60 lcp-echo-failure 10 maxfail 0 unit $3
gpio enable 3; sleep 1
}

connlinkintl () {
while true
  do
    if [ `ip link show dev ppp0 |grep ppp0 |awk '{ print $2 }'` == "ppp0:" ]
      then
        echo ...International ppp link is up
        break
      else
        echo ...waiting for International to connect
        gpio disable 3; sleep 1
        gpio enable 3; sleep 1
    fi
done
}

connlinklocl () {
while true
  do
     if [ `ip link show dev ppp1 |grep ppp1 |awk '{ print $2 }'` == "ppp1:" ]
       then
         echo ...Local ppp link is up
         break
       else
         echo ...waiting for Local to connect
         gpio disable 3; sleep 1
         gpio enable 3; sleep 1
     fi
done
}

sleep 20
cd /mmc/jffs/scripts/bwlog/
./start.sh &

echo Starting up Traffic Splitting... Please wait...
sleep 40

while true
  do
    if [ `ip link show dev ppp0 |grep ppp0 |awk '{ print $2 }'` == "ppp0:" ]
      then
         echo ...International ppp link is up
      else
         connect $INTLUSER $INTLPASS 0
         connlinkintl
         sleep 10
         setintlroutes
         setdefaultroute
    fi 
    if [ `ip link show dev ppp1 |grep ppp1 |awk '{ print $2 }'` == "ppp1:" ]
      then
         echo ...Local ppp link is up
      else 
         connect $LOCALUSER $LOCALPASS 1  
         connlinklocl
         sleep 10
         setdefaultroute
         getloclroutes
         setloclroutes
         backuploclroutes
         setdefaultroute
    fi
    if [ `ip link show dev ppp2 |grep ppp2 |awk '{ print $2 }'` == "ppp2:" ]
      then
         echo ...Resetting all ppp connections
         killall redial
         killall pppd
      else
         echo all ppp connections seems good
    fi
   echo returning to main loop...
   sleep $TIMEOUT
done
Click “Save Startup”

Firewall script:
#!/bin/sh
PATH=/usr/sbin:/sbin:/usr/bin:$PATH

iptables -t nat -I POSTROUTING -o ppp+ -j MASQUERADE
Click “Save Firewall”

Reboot your router
Facebook Twitter Delicious Favourites | Share
Posted by Unknown at Sunday, March 21, 2010
Subscribe to: Posts (Atom)