Tags: iptables

01/11/12

  11:24:00 pm, by The Dreamer   , 1720 words  
Categories: Stuff, Software, Networking, Cox HSI

I almost needed to buy a new router...

Link: http://smile.amazon.com/gp/product/B0028ACYEK/ref=as_li_ss_tl?ie=UTF8&tag=la34thdr34chs-20&linkCode=as2&camp=1789&creative=390957&creativeASIN=B0028ACYEK

...and I've been eyeballing the WZR-HP-G300NH (not only 300Mbps N instead of 150MBps N, but also gigabit ports...also 64MB of RAM and 32MB of Flash ... up from 32MB & 4MB. Not clear on performance difference between Atheros 7240 and 9130...hopefully something).

Because while the current WHR-HP-GN is a step up from my WRT54GS...the QoS still impacts my throughput by a significant amount. Though not enough to turn off QoS in the meantime.

There have bunch a new builds of dd-wrt last month, but no 2012 releases yet. Big thing seems to be 3.x kernels. But, I tried one of the releases...and it was significantly slower with QOS than the last summer release (Build 17201), which has been doing adequate for me. Seems to get laggy over time, so back to rebooting my routers weekly...which can be annoying, because it takes a long time to become responsive again...and connections get dropped sometimes, especially if its long enough to trigger a new IP. So, I reverted back to 17201, which many other people seem to feel is the current best release. Not sure what functionality future builds are shooting to acquire. I think what I have does almost everything I want. I just want it to be less of a bottle neck when doing QoS.

IE: with the WRT54GS, ~5.5MBps down was the best I could get. And, when I started, I only had 6Mbps down service. But, Cox has been upping the speed on upstream and downstream over time. And, its supposed to be like 20MBps and up to 2Mbps up now. But with QoS on....~5.5Mbps was all I continued see, so I dismissed such claims from Cox.

I'm sure all the college students in the area are don't much to things. At least my DSL is more consistent. Though its only 6Mbps/768kbps, the maximum service tier for DSL here. Apparently, certain units in unit B can get U-Verse...but not all of them and I'm in unit A, so no go. Probably means they're on the box next to Chase Manhattan apartments to the south..rather than the box near CAUMC across the intersection.

I had made my own customization to QoS rules on the WRT54GS, and I had largely developed updated equivalents for the WHR-HP-GN's....the only thing missing is 'connbytes' feature in iptables. The kernel supports connbytes, but the provided iptables command does not. The behavior had changes since Iast used requiring the '--connbytes-dir' and '--connbytes-mode' paramers, but soon figured out that the iptables command had been built standalone, and without the feature.

Pages: 1· 2· 3

09/05/10

  12:06:00 pm, by The Dreamer   , 493 words  
Categories: Software, Computer, Networking, Cox HSI, AT&T DSL, Broadband

doing the transparent proxy thing

In the morning, I will open like 50 tabs in firefox...for the sites I check out every morning. And, going through my caching proxy helps. But, there are things that I can't get to using the proxy, so I will toggle off the use of proxy in firefox.

But, then I don't remember to switch it back on later....

Additionally, there are devices on my home network that I think could benefit from going through squid, but they don't offer easy ways to make that go.

So, the answer was to investigate transparent proxy. Which I finally got around to doing this weekend.

I added two new ports to my squid.conf

http_port coxtport transparent
http_port dsltport transparent

went with new ports for transparent separate from the existing ones, and two so that one squid cache handling either gateway....

I did a lot of googling around to figure out the iptables to add to my Sveasoft Alchemy running WRT54GS routers.

This is what I've settled on (for cox gateway):

iptables -t nat -A PREROUTING -i br0 -s ! box.lhaven.homeip.net -p tcp --dport 80 -j DNAT \
     --to box.lhaven.homeip.net:coxtport
iptables -t nat -A POSTROUTING -o br0 -s lhaven.homeip.net/24 -d box.lhaven.homeip.net -j SNAT \
     --to coxgateway
iptables -A FORWARD -s lhaven.homeip.net/24 -d box.lhaven.homeip.net -i br0 -o br0 -m state \
     --state NEW,ESTABLISHED,RELATED -p tcp --dport coxtport -j ACCEPT
iptables -A FORWARD -d lhaven.homeip.net/24 -s box.lhaven.homeip.net -i br0 -o br0 -m state \
     --state ESTABLISHED,RELATED -p tcp --sport coxtport -j ACCEPT

Full story »

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 1 month 25 days 17 hours 49 minutes and 16 seconds until the end of time.
And, it has been 4 years 11 months 1 day 20 hours 13 minutes and 40 seconds since The Doctor saved us all from the end of the World!

Search

November 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 1
This seal is issued to lawrencechen.net by StopTheHacker Inc.
blog soft

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime