* [Cerowrt-devel] Turning off the probe blocker @ 2013-07-11 16:42 Richard A. Smith 2013-07-11 17:00 ` Dave Taht 0 siblings, 1 reply; 8+ messages in thread From: Richard A. Smith @ 2013-07-11 16:42 UTC (permalink / raw) To: cerowrt-devel How to I disable the probe blocker? I'm trying to do some port forwarding and every time I nmap my box trying to figure out if its working I get banned from ssh for 2 hours. -- Richard A. Smith <richard@laptop.org> One Laptop per Child ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Cerowrt-devel] Turning off the probe blocker 2013-07-11 16:42 [Cerowrt-devel] Turning off the probe blocker Richard A. Smith @ 2013-07-11 17:00 ` Dave Taht 2013-07-11 17:31 ` Richard A. Smith 0 siblings, 1 reply; 8+ messages in thread From: Dave Taht @ 2013-07-11 17:00 UTC (permalink / raw) To: Richard A. Smith; +Cc: cerowrt-devel On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org> wrote: > How to I disable the probe blocker? I'm trying to do some port forwarding > and every time I nmap my box trying to figure out if its working I get > banned from ssh for 2 hours. Heh. See the relevant telnet (and ftp, I think) entries in /etc/xinetd.d and change them to disable = yes. You can probably do this at a finer grained basis > > -- > Richard A. Smith <richard@laptop.org> > One Laptop per Child > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Cerowrt-devel] Turning off the probe blocker 2013-07-11 17:00 ` Dave Taht @ 2013-07-11 17:31 ` Richard A. Smith 2013-07-11 17:40 ` Dave Taht 0 siblings, 1 reply; 8+ messages in thread From: Richard A. Smith @ 2013-07-11 17:31 UTC (permalink / raw) To: Dave Taht; +Cc: cerowrt-devel On 07/11/2013 01:00 PM, Dave Taht wrote: > On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org> wrote: >> How to I disable the probe blocker? I'm trying to do some port forwarding >> and every time I nmap my box trying to figure out if its working I get >> banned from ssh for 2 hours. > > Heh. See the relevant telnet (and ftp, I think) entries in > /etc/xinetd.d and change them to disable = yes. You can probably do > this at a finer grained basis Thanks. I'll mess with that once I have local access again. -- Richard A. Smith <richard@laptop.org> One Laptop per Child ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Cerowrt-devel] Turning off the probe blocker 2013-07-11 17:31 ` Richard A. Smith @ 2013-07-11 17:40 ` Dave Taht 2013-07-11 18:27 ` Jim Gettys 0 siblings, 1 reply; 8+ messages in thread From: Dave Taht @ 2013-07-11 17:40 UTC (permalink / raw) To: Richard A. Smith; +Cc: cerowrt-devel I incidentally got smokeping up and running on a beaglebone black to monitor latencies better across the whole network at the yurtlab. For those of you with ipv6, it's currently globally reachable: http://monitor.lab.taht.net/cgi-bin/smokeping.cgi?target=Campground-5ghz-Radios There are numerous options (like traceroute, etc) to put into smokeping, which I'd like to add but haven't wrapped my head around. Can't get fastcgi to work with it on lighttpd, either. I have mrtg running on a pi, too, that I will move over to the blacks. Also have the nifty babelweb utility running on the pi - but the pi just doesn't have the oomph (nor does it has fq_codel) to do much more, so... I had really once hoped to make cerowrt "do everything", but the black + debian makes doing "everything" a lot easier when you can easily run perl and python... The monitor box is running over a minimum of 3 hops right now before running across the rest of the mesh network. ... just wish the beaglebone black had a case I could wallmount with screws rather than velcro... On Thu, Jul 11, 2013 at 10:31 AM, Richard A. Smith <richard@laptop.org> wrote: > On 07/11/2013 01:00 PM, Dave Taht wrote: >> >> On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org> >> wrote: >>> >>> How to I disable the probe blocker? I'm trying to do some port >>> forwarding >>> and every time I nmap my box trying to figure out if its working I get >>> banned from ssh for 2 hours. >> >> >> Heh. See the relevant telnet (and ftp, I think) entries in >> /etc/xinetd.d and change them to disable = yes. You can probably do >> this at a finer grained basis > > > Thanks. I'll mess with that once I have local access again. > > > -- > Richard A. Smith <richard@laptop.org> > One Laptop per Child -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Cerowrt-devel] Turning off the probe blocker 2013-07-11 17:40 ` Dave Taht @ 2013-07-11 18:27 ` Jim Gettys 2013-07-11 18:41 ` Dave Taht 0 siblings, 1 reply; 8+ messages in thread From: Jim Gettys @ 2013-07-11 18:27 UTC (permalink / raw) To: Dave Taht; +Cc: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 2578 bytes --] On Thu, Jul 11, 2013 at 1:40 PM, Dave Taht <dave.taht@gmail.com> wrote: > I incidentally got smokeping up and running on a beaglebone black to > monitor latencies better across the whole network at the yurtlab. For > those of you with ipv6, it's currently globally reachable: > > > http://monitor.lab.taht.net/cgi-bin/smokeping.cgi?target=Campground-5ghz-Radios > > There are numerous options (like traceroute, etc) to put into > smokeping, which I'd like to add but haven't wrapped my head around. > Can't get fastcgi to work with it on lighttpd, either. > > I have mrtg running on a pi, too, that I will move over to the blacks. > Also have the nifty babelweb utility running on the pi - but the pi > just doesn't have the oomph (nor does it has fq_codel) to do much > more, so... > > I had really once hoped to make cerowrt "do everything", but the black > + debian makes doing "everything" a lot easier when you can easily run > perl and python... > > The monitor box is running over a minimum of 3 hops right now before > running across the rest of the mesh network. > > ... just wish the beaglebone black had a case I could wallmount with > screws rather than velcro... > Very cool. What frequency is smoke ping probing at? This is tunable, you know. It's also possible to configure smokeping to report from multiple probing locations, and have the rollup on a central web site; I dunno if you had come across that in your adventures. Jim > > On Thu, Jul 11, 2013 at 10:31 AM, Richard A. Smith <richard@laptop.org> > wrote: > > On 07/11/2013 01:00 PM, Dave Taht wrote: > >> > >> On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org> > >> wrote: > >>> > >>> How to I disable the probe blocker? I'm trying to do some port > >>> forwarding > >>> and every time I nmap my box trying to figure out if its working I get > >>> banned from ssh for 2 hours. > >> > >> > >> Heh. See the relevant telnet (and ftp, I think) entries in > >> /etc/xinetd.d and change them to disable = yes. You can probably do > >> this at a finer grained basis > > > > > > Thanks. I'll mess with that once I have local access again. > > > > > > -- > > Richard A. Smith <richard@laptop.org> > > One Laptop per Child > > > > -- > Dave Täht > > Fixing bufferbloat with cerowrt: > http://www.teklibre.com/cerowrt/subscribe.html > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > [-- Attachment #2: Type: text/html, Size: 4333 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Cerowrt-devel] Turning off the probe blocker 2013-07-11 18:27 ` Jim Gettys @ 2013-07-11 18:41 ` Dave Taht 2013-07-11 19:46 ` Robert Bradley 0 siblings, 1 reply; 8+ messages in thread From: Dave Taht @ 2013-07-11 18:41 UTC (permalink / raw) To: Jim Gettys; +Cc: cerowrt-devel On Thu, Jul 11, 2013 at 11:27 AM, Jim Gettys <jg@freedesktop.org> wrote: > > > > On Thu, Jul 11, 2013 at 1:40 PM, Dave Taht <dave.taht@gmail.com> wrote: >> >> I incidentally got smokeping up and running on a beaglebone black to >> monitor latencies better across the whole network at the yurtlab. For >> those of you with ipv6, it's currently globally reachable: >> >> >> http://monitor.lab.taht.net/cgi-bin/smokeping.cgi?target=Campground-5ghz-Radios >> >> There are numerous options (like traceroute, etc) to put into >> smokeping, which I'd like to add but haven't wrapped my head around. >> Can't get fastcgi to work with it on lighttpd, either. >> >> I have mrtg running on a pi, too, that I will move over to the blacks. >> Also have the nifty babelweb utility running on the pi - but the pi >> just doesn't have the oomph (nor does it has fq_codel) to do much >> more, so... >> >> I had really once hoped to make cerowrt "do everything", but the black >> + debian makes doing "everything" a lot easier when you can easily run >> perl and python... >> >> The monitor box is running over a minimum of 3 hops right now before >> running across the rest of the mesh network. >> >> ... just wish the beaglebone black had a case I could wallmount with >> screws rather than velcro... > > > Very cool. Nice stats for an oft-loaded fq_codel based wifi mesh network with not a lot of fixes (besides disabling 802.11e at key points so far)! I have seen much, much, much, worse from most other meshes. > What frequency is smoke ping probing at? This is tunable, you know. The defaults, whatever they are. > It's also possible to configure smokeping to report from multiple probing > locations, and have the rollup on a central web site; I dunno if you had > come across that in your adventures. Intent is to deploy at 3 locations internally (at the middle of the mesh and two of the furthest end points), and to also be probing through the link from a box colocated with the gateway. Ran out of time to muck with it this week, was delighted with the dataset so far on a live network, would like to be able to compare mrtg and smokeping more directly however. > > Jim >> >> >> On Thu, Jul 11, 2013 at 10:31 AM, Richard A. Smith <richard@laptop.org> >> wrote: >> > On 07/11/2013 01:00 PM, Dave Taht wrote: >> >> >> >> On Thu, Jul 11, 2013 at 9:42 AM, Richard A. Smith <richard@laptop.org> >> >> wrote: >> >>> >> >>> How to I disable the probe blocker? I'm trying to do some port >> >>> forwarding >> >>> and every time I nmap my box trying to figure out if its working I get >> >>> banned from ssh for 2 hours. >> >> >> >> >> >> Heh. See the relevant telnet (and ftp, I think) entries in >> >> /etc/xinetd.d and change them to disable = yes. You can probably do >> >> this at a finer grained basis >> > >> > >> > Thanks. I'll mess with that once I have local access again. >> > >> > >> > -- >> > Richard A. Smith <richard@laptop.org> >> > One Laptop per Child >> >> >> >> -- >> Dave Täht >> >> Fixing bufferbloat with cerowrt: >> http://www.teklibre.com/cerowrt/subscribe.html >> _______________________________________________ >> Cerowrt-devel mailing list >> Cerowrt-devel@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cerowrt-devel > > -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Cerowrt-devel] Turning off the probe blocker 2013-07-11 18:41 ` Dave Taht @ 2013-07-11 19:46 ` Robert Bradley 2013-07-11 20:18 ` Dave Taht 0 siblings, 1 reply; 8+ messages in thread From: Robert Bradley @ 2013-07-11 19:46 UTC (permalink / raw) To: cerowrt-devel On 11/07/13 19:41, Dave Taht wrote: > Nice stats for an oft-loaded fq_codel based wifi mesh network with not > a lot of fixes (besides disabling 802.11e at key points so far)! > > I have seen much, much, much, worse from most other meshes. I noticed yesterday that disabling WMM/802.11e in CeroWRT limited me to 54 Mb/s. The reduced rates are probably not an issue for the mesh network, especially with 11g nodes present. Would it be better though to force the traffic into one queue (BE, presumably) and keep the higher data rates? -- Robert Bradley ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [Cerowrt-devel] Turning off the probe blocker 2013-07-11 19:46 ` Robert Bradley @ 2013-07-11 20:18 ` Dave Taht 0 siblings, 0 replies; 8+ messages in thread From: Dave Taht @ 2013-07-11 20:18 UTC (permalink / raw) To: Robert Bradley; +Cc: cerowrt-devel On Thu, Jul 11, 2013 at 12:46 PM, Robert Bradley <robert.bradley1@gmail.com> wrote: > On 11/07/13 19:41, Dave Taht wrote: >> >> Nice stats for an oft-loaded fq_codel based wifi mesh network with not >> a lot of fixes (besides disabling 802.11e at key points so far)! >> >> I have seen much, much, much, worse from most other meshes. > > > I noticed yesterday that disabling WMM/802.11e in CeroWRT limited me to 54 > Mb/s. Hmm. That shouldn't be the case... >The reduced rates are probably not an issue for the mesh network, > especially with 11g nodes present. Well, the mesh is all 5ghz presently. The 2Ghz nodes are dedicated to users (presently) and yes, 11g is everpresent... >Would it be better though to force the > traffic into one queue (BE, presumably) and keep the higher data rates? That's what I did. I just squashed the TOS/TCLASS values to BE at various chokepoints with iptables. It made an enormous difference, even when the main codepoints were BE and CS1. Maximizing for better aggregation and smartly managing the one queue worked tons better than keeping the diffserv markings "sane". In the long run, I think, I'm going to disable diffserv in the wifi driver itself and try to do something saner in a fq_codel derivative. Someday. A truly stupendous amount of traffic entering from the internet was (mis)marked CS1, so all traffic is squashed to BE there too, although on obviously torrent traffic the ingress rate limiter is doing the right thing.... at the netfiltter conference there was some discussion about doing "pairing" in conttrack between output flows (hopefully appropriately marked) and input flows (usually mismarked) in order to carry the intent around the internal net In fact, I just figured out why 172.20.142.10 was showing the latency spikes it was, it wasn't mashing its traffic, I'd forgot to make the masher be the default in the build. I am not huge on smashing the codepoint (I could explicitly set the packet priority field to 256 instead) #!/bin/sh ipt() { iptables $* ip6tables $* } #iptables doesn't support an inverted match #iptables -t mangle -A PREROUTING -m dscp ! --dscp-class BE -j DSCP --set-dscp 0 ipt -t mangle -N FIX_TOS ipt -t mangle -A FIX_TOS -m dscp --dscp-class BE -j ACCEPT ipt -t mangle -A FIX_TOS -j DSCP --set-dscp 0 ipt -t mangle -A POSTROUTING -o wlan0 -j FIX_TOS > > -- > Robert Bradley > > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel -- Dave Täht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2013-07-11 20:18 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-07-11 16:42 [Cerowrt-devel] Turning off the probe blocker Richard A. Smith 2013-07-11 17:00 ` Dave Taht 2013-07-11 17:31 ` Richard A. Smith 2013-07-11 17:40 ` Dave Taht 2013-07-11 18:27 ` Jim Gettys 2013-07-11 18:41 ` Dave Taht 2013-07-11 19:46 ` Robert Bradley 2013-07-11 20:18 ` Dave Taht
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox