4 3

[alpine-devel] Knock Missing ??

Harry Lachanas
Details
Message ID
<4E8743A7.9050607@freemail.gr>
Sender timestamp
1317487527
DKIM signature
missing
Download raw message
Greet's
Is knock simply missing or just being replaced by xyz package ???

If replaced could someone mention the new package ??

NCopa: If missing  will you be kind enough to  provide it  ???

NCopa: I am building another FW box with 2-3 ISP providers ..
So I am about to test and stress your pingu code
what is the status of pingu ??

Thank's in advance

Harry






---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20111003203525.2db35d52@alpinelinux.org>
In-Reply-To
<4E8743A7.9050607@freemail.gr> (view parent)
Sender timestamp
1317666925
DKIM signature
missing
Download raw message
On Sat, 01 Oct 2011 19:45:27 +0300
Harry Lachanas <grharry@freemail.gr> wrote:

> Greet's
> Is knock simply missing or just being replaced by xyz package ???

Seems like knock was added to testing in 2009 but nobody provided any
feedback on it so it was never moved to main. Also it seems like it is
Mike Mason that has claimed the maintainership but I haven't heard from
him for a long time. Last commit by mmason appears to be May 2010...
 
> If replaced could someone mention the new package ??
> 
> NCopa: If missing  will you be kind enough to  provide it  ???

Do you think you could test it from edge/testing and confirm that it
works? Then I'll move it to main.

> NCopa: I am building another FW box with 2-3 ISP providers ..
> So I am about to test and stress your pingu code
> what is the status of pingu ??

I have new pingu working. It does dynamic policy routing, can ping
hosts and enable/disable gateways based on number of ping responses
(failover) and execute custom actions too when a host goes up/down. It
can also do simple "load-balancing"

I also have a very simple pinguctl that can display the status of the
ping hosts and a lua module for the pingu client.

I still need to make it possible to make the ISP up/down decision based
on multiple ping hosts  and I still havent figured out how to make
shorewall DNAT play nice with pingu. I think it needs to do connmark or
something to mark connections so the DNATed connection goes out same
interface it came from (the NAT happens post-route)

I think I'll do a 1.0-rc1 release or something in the nearest days. I'm
not sure if should try squeeze in the multi ping host feature before
the 1.0 release or not.

I can build a static binary for you that you can test with if you want.

> Thank's in advance
> 
> Harry
>  
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Harry Lachanas ( via Freemail )
Details
Message ID
<4E8AAD2E.10907@gmail.com>
In-Reply-To
<20111003203525.2db35d52@alpinelinux.org> (view parent)
Sender timestamp
1317711150
DKIM signature
missing
Download raw message
> Do you think you could test it from edge/testing and confirm that it
> works? Then I'll move it to main.
I've been using it for quite a while ( 2-3 years ) with no probs in 
previous versions of alpine
Also I did a test compile for alp 2.2.3 and it seems to work ok.

> I have new pingu working. It does dynamic policy routing, can ping
> hosts and enable/disable gateways based on number of ping responses
> (failover) and execute custom actions too when a host goes up/down. It
> can also do simple "load-balancing"
>
> I also have a very simple pinguctl that can display the status of the
> ping hosts and a lua module for the pingu client.
>
> I still need to make it possible to make the ISP up/down decision based
> on multiple ping hosts  and I still havent figured out how to make
> shorewall DNAT play nice with pingu. I think it needs to do connmark or
What exactly do you mean "play with DNAT ... " I might be able to help u 
with that.
> something to mark connections so the DNATed connection goes out same
> interface it came from (the NAT happens post-route)
>
> I think I'll do a 1.0-rc1 release or something in the nearest days. I'm
> not sure if should try squeeze in the multi ping host feature before
> the 1.0 release or not.
>
> I can build a static binary for you that you can test with if you want.
Please do ...
I will also have a good look at the source ..

Harry
Harry Lachanas
Details
Message ID
<4E8AAE21.3050002@freemail.gr>
In-Reply-To
<20111003203525.2db35d52@alpinelinux.org> (view parent)
Sender timestamp
1317711393
DKIM signature
missing
Download raw message
> Do you think you could test it from edge/testing and confirm that it
> works? Then I'll move it to main.
>
I've been using it with prev alpine releases with no probs
I also did a quick compile for v.2.2.3 and it seems to work ok.

> I have new pingu working. It does dynamic policy routing, can ping
> hosts and enable/disable gateways based on number of ping responses
> (failover) and execute custom actions too when a host goes up/down. It
> can also do simple "load-balancing"
>
> I also have a very simple pinguctl that can display the status of the
> ping hosts and a lua module for the pingu client.
>
> I still need to make it possible to make the ISP up/down decision based
> on multiple ping hosts  and I still havent figured out how to make
> shorewall DNAT play nice with pingu. I think it needs to do connmark or
What exactly do you mean by " ... shorewall DNAT play nice with pingu 
.... "??
> something to mark connections so the DNATed connection goes out same
> interface it came from (the NAT happens post-route)
>
> I think I'll do a 1.0-rc1 release or something in the nearest days. I'm
> not sure if should try squeeze in the multi ping host feature before
> the 1.0 release or not.
>
> I can build a static binary for you that you can test with if you want.
>

Please do
I 'll also have a good look at the source ...
Thanks
Harry



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Natanael Copa
Details
Message ID
<20111005135216.35230bff@ncopa-desktop.nor.wtbts.net>
In-Reply-To
<4E8AAE21.3050002@freemail.gr> (view parent)
Sender timestamp
1317815536
DKIM signature
missing
Download raw message
On Tue, 04 Oct 2011 09:56:33 +0300
Harry Lachanas <grharry@freemail.gr> wrote:
 
> > Do you think you could test it from edge/testing and confirm that it
> > works? Then I'll move it to main.
> >
> I've been using it with prev alpine releases with no probs
> I also did a quick compile for v.2.2.3 and it seems to work ok.

I have moved it to main and it will be available for alpine-2.3

> > I have new pingu working. It does dynamic policy routing, can ping
> > hosts and enable/disable gateways based on number of ping responses
> > (failover) and execute custom actions too when a host goes up/down.
> > It can also do simple "load-balancing"
> >
> > I also have a very simple pinguctl that can display the status of
> > the ping hosts and a lua module for the pingu client.
> >
> > I still need to make it possible to make the ISP up/down decision
> > based on multiple ping hosts  and I still havent figured out how to
> > make shorewall DNAT play nice with pingu. I think it needs to do
> > connmark or
> What exactly do you mean by " ... shorewall DNAT play nice with pingu 
> .... "??

What i did here, I have 2 ISPs, one cheap with lots of bandwitdh (lets
call it ISP A) and one slower with a static ip block which we call ISP
B. I put my mail server on the slower, static ip range (isp B) and set
up DNAT on the alpine firewall using shorewall.

Pingu will do policy routing, so when source address is in the static
ip range it will route via isp B. Otherwise ISP A will be used as
default isp. ISP B also servers as a failover in case ISP A goes down.

This works when using shorewall DNAT and shorewall providers feature.
It does not work otherwise. I think what happens is, DNAT to a rfc1918
address (10.x.y.z), the mailserver responds with source address
10.x.y.z and the reponse traffic goes out via ISP A instead of ISP B
because the NAT happens postroute - after the routing desicion was made.

I think what shorewall do to solve this is use conntrack packet
marking (the "track" option in shorewall "providers" file). I have not
figured out how to do it without, but I think it might be possible with
tcrules.

> > something to mark connections so the DNATed connection goes out same
> > interface it came from (the NAT happens post-route)
> >
> > I think I'll do a 1.0-rc1 release or something in the nearest days.
> > I'm not sure if should try squeeze in the multi ping host feature
> > before the 1.0 release or not.
> >
> > I can build a static binary for you that you can test with if you
> > want.
> >
> 
> Please do

I put it here:
http://ncdev.alpinelinux.org/~ncopa/pingu/

> I 'll also have a good look at the source ...

http://git.alpinelinux.org/cgit/pingu/tree/

> Thanks
> Harry

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---