any option for "chillispot" or other hotspot management system?

I dont see a built-in hotspot management system for clarkconnect, guess you need to install it manually.


Is it possible to route transparent squid traffics binded on a virtual IP to another gateway? or better, route transparent squid traffics to another gateway without virtual IP (so I spend less time with the configurations). If yes then I'm gonna hook my new box to the "real" world tomorrow

This post has been edited by strace: Nov 2 2006, 03:46 AM

Mikrotik can do that as well but you have to buy the license

just curious , is there anyway for computer to be a modem ?

since computer can be a router , I am wondering can it be modem too ?? HAHAHA I know is a stupid question , forgive my noob-ness

buy an internal modem?

lol , I was thinking any chance those 56k internal modem can convert it into ADSL modem Lame question anyway

Nope you can't do that but there is a ADSL modem PCI adapter. There is no guarentee if kernel can detect teh devices or not

most interested to know more about load balancing options,
hv any links to point to for reference, 3 NIC, 2 broadband links?

Sorry, i'm pretty outdated with current software trends for router. What is the relations between virtual IP and squid ? Do you mean:


For a) it's quite obvious, you'll need to set router as gateway for squid proxy.
In b) case, you'll need NAT.
For Linux with iptables, see:
http://tldp.org/HOWTO/TransparentProxy-6.html#ss6.2

Mind you that load sharing for internet is not perfect. The correct implementation requires you to install load-balancer at the both side, and not CPE side only. Eg:

This way, you'll be guaranteed to get bandwidth of WAN1 + WAN2. But, if you install the load-balancer for CPE side only, most likely you'll never get the speed of WAN1+WAN2. (An analogy is single-core vs dual-core CPU, you'll not get 4GHz CPU if you get 2GHz dual-core). Also there is a few problems you'll need to cater with.(And yes, things can become really ugly...static routes, alternative routes, Dead Gateway Detection, NAT, etc)
http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS

PS: Ugh, it's hard to draw ascii in here

*Router & squid are from the same machine.

I need to bind squid with a virtual IP then route add virtualip gw wan2 ethx so that squid will use WAN2 connection, correct?

what antivirus u all use by ipcop ?

wah.. i don't understand all this multi-wan load balancing stuff. so i leave that to the pro ones

wilson88: i use ClamAv. for ipcop there's a plugin - copfilter that comes with clamav. but i never succeed on detecting virus at router level maybe my configuration is wrong

just curious , what happen if the router found the virus ? and how u know the router found the virus ? I doubt it will have pop up like normal antivirus does

forgive me , too much n00b question

First, let's redraw the diagram:

To simplified, what you want is to route based on tcp port number. I'm not sure what OS you're using but it can be done as follow (in Linux iptables lingo):

1 - use NAT to redirect tcp destination port(dport) 80 to 3128(squid port). You'll also need MASQ/DNAT here for return packet...
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

2 - use packet mangle, set all traffic with tcp dport 80 to some MARK value(let say 2).
iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK --set-mark 2

3 - use iproute2 to route all traffic marked with 2 to pass through WAN2
echo 202 www.out >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table www.out
ip route add default via WAN2_IP_ADDR dev wan2 table www.out
ip route flush cache

Well, quite interesting setup you have there.. I'm not sure if my instruction work or not(as i never test that) but i think it will. You may need to change/play around it to test. Feedbacks are welcomed. After all, i'm still n00bish in this kind of things

EDITED:-- after some re-read i think my packet mangling section is wrong... We should mark packet output from squid not incoming. So, the question is how to mark packet outputted from squid ?...

EDITED:-- Some answers:
http://lists.netfilter.org/pipermail/netfi...ril/060108.html
http://www.squid-cache.org/mail-archive/sq...00505/0698.html

This post has been edited by mokona_modoki: Nov 3 2006, 12:00 AM

well, it would auto-discard/auto-delete/auto-quarantine - based on your settings and it will send an alert via email to you (based on the copfilter implementation). and rest assured, there will be no pop up

This post has been edited by angeldothack: Nov 2 2006, 11:34 PM

Great!! will try it in my free time and let you all noe.. really interested in this..it's like an eye opener..

Actually, i wouldn't count on that. It wud be best for it to hav more than 64mb of rams. Try stroll around in out garage thread, u might find some rm30 64mb ram.

If u are a heavy bt user and u wan to add additional addon for it. More rams are needed.
Source: http://www.wallfire.org/misc/netfilter_conntrack_perf.txt

If u still insist to do so, u can write your own script to decrease numbers of connections allowed and decrease it timeout time. Just add in your rc.local under /etc/rc.d.

the script you'll need will be at here
http://forum.lowyat.net/index.php?showtopic=185279


If you wanna try, u can install in a virtual pc using vmware workstation. Anyway, just try it 1st, see anything goes wrong. If thrs a problem u can try,
LEAF Project, Coyote Linux, FREESCO or fdgw. They require very little resources, it can be booted up from 1.44mb floppy disk wif 8mb of rams.


Anyway, i just install teamspeak server into my linux box. =D. Now my router is truly a gaming router. lol. For those who doesnt know wat teamspeak is, teamspeak a piece audio conferencing software just like skype, the beauty of it? less memory and bandwidth usage. It only transfer data when it detects a signal(your voice). Teamspeak is extremely popular among Wow players. So far so good, i might add another tutorial on it when im free. =D

This post has been edited by syyang85: Nov 3 2006, 03:35 AM

Just some general knowledge
This diagram should describe how Linux route packet. Should be useful if you want to play with iptables, traffic control, shaping etc...

http://l7-filter.sourceforge.net/PacketFlow.png

syyang85: will try it when i got a hold on my old pc.. The problem is the old pc is in my home town!! I'll go back only by this month end.. Maybe this weekend will try on vmware 1st.. Anyway thank for the info..


BTW, is it possible to wifi with this DIY router? Maybe something like this,



or something like that??
(or maybe the 2nd NIC in the DIY router is the wifi adapter,which means DIY router + wifi adapter is in 1 box)

I'm noob in this networking stuff?? But I'm very interested in networking my home...

actually i m interested to set up a kind of failover dual-wan setup as traffics r mainly HTTP, POP3/SMTP, IM n once in while VPN/RDC/VNC to desktops at customer sites. the main concern is, HTTP as our job deals with web-based developments. double the speed is not quite an issue as current 1mbps HTTP connection will b more than enough to cater the clients. Only thing is the current router modem seems to die off when number of clients increase.

thanks for clarifying the issue!
will try to set up a terminal when i get the access to a free desktop unit.