router with a locked-down web interface. :(
Spell Binder's description of how it'd work seems well enough, if I could be
sure I have identical (or nearly so) configurations in both DHCP servers. Not
sure I can do that, will have to fiddle with the router.
On a different note, been doing some research and apparently running an i686
kernel on a VIA C3 is a bad idea, as the VIA doesn't support a certain
i686-only instruction (cmov, whatever that does). I tried to compile a C3-only
kernel yesterday, took all afternoon, and in the end I couldn't ping the thing
so had to reboot into the generic kernel. Then I tried to provision a couple of
EC2 VMs to speed up a new compile, but then I couldn't SSH into those, the
connection would die as soon as I'd logged in.
Ah, the joys of geekery.
Subject: TCP windows in Linux
I've been having problems with sending large files to my mail server and web server for some time now.
I couldn't quite define the circumstances for failures but I managed to do it today.
It has to do with the TCP window in the servers.
If the connections are just right like a fairly fast upload speed then the server keeps increasing the window size until its bigger than the router at the server end can handle and it all falls down.
I had to add
net.ipv4.tcp_window_scaling = 0
and run sysctl -p
This prevents the TCP window growing dynamically and fixed my problems.
Thing is I'm not sure it was the best solution.
All transfer rates into and out of those servers now seem much faster and more stable but it just feels like the wrong thing to do somehow.
Anybody got anything to offer on this?
Subject: Re: TCP windows in Linux
Subject: Re: TCP windows in Linux
Well in my case its more like guess work.
I think I need a diagram explaining what each feature does.
Mon Mar 22 2010 00:29:08 EDT from IGnatius T Foobar @ Uncensored Subject: Re: TCP windows in LinuxTuning TCP suitably for the underlying network is an advanced, but legitimate, activity.
maybe lartc.org could be helpfull?
Only when the last tree has died, the last river has been poisoned, the last fish has been caught, will we realize that we can't eat money.
oh. wrong context.
When the last class C subnet was assigned, the last class B is used men will see that its time to move to ipv6.
ICANN said, it ran out of ipv4 address space.
My router is a PC with pfsense, which is a great FreeBSD based router package. I set up a PPTP VPN server on it for the purpose of, mainly, playing Starcraft with friends. Come to find out Starcraft uses UDP broadcast packets to find games which don't transfer over a VPN. I have been trying to set up an OpenVPN that uses TAP and what not and switches the networks instead of tunneling it or something like that and I just can't get the dang thing to work. I know that we VPN'ed Starcraft before but I believe it was between myself and two other people and all three of us had dd-wrt routers and the routers were switching the networks. It was also extremely unstable with the third person and adding a fourth killed it.
Now that I think about it though I think one of the clients was connecting with the VPN client built into Windows XP... so we had it working before!
If anyone knows how I can get this done please let me know! :)
Have you investigated L2TP as a solution?
I've not used it myself, but it will tunnel layer-2 packets, so it should work for your game. Plus, from the Wikipedia page, it looks like there's an implementation for FreeBSD.
I did not originally go with L2TP because pfsense doesn't include it, but I upgraded to the 2.0 beta which does and enabled it. It doesn't work and it's a known issue, which will hopefully be resolved soon so I can let you know how it goes.
I could of course build my own FreeBSD router setup but I just like the ease of use of pfsense much better than having to figure out this stuff myself, but I may jump into it.
Routing tables scare me.
port 22? isn't that what all those hackes use to do their evil? lets block that.
Nah! If you really want to be safe, you need to block ports 0 to 65,535.
Then how will peoplez access my stuffs?? **research. research.** :) remote servers are my friend.
Then the only people who could access your site would be people you've given protocol implementations to. :P
Actually I wrote I think I called it STUDP. or SPUDPyeah, that was it spud-p. stu protocol over udp.
the goal was to avoid the 3 way handshake on connections.
I got it to work and I got as far as writing something that could transfer files.
And I remember it beat FTP by 30something percent.
but I didn't have too much error recovery stuff so when udp dropped a packet, it rarely recovered.
Fun while it lasted.
Ironically, you were well on your way to developing a new P2P system.
You can do some really wild things with UDP. The biggest deal with using UDP for a P2P system is that it's pretty easy to persuade everyone's firewalls to accept packets from each other on the UDP port which is bound to the application. Skype/Kazaa do this quite well. Multiplayer games are also pretty good at it (as I discovered when I performed "due diligence" with a sniffer while my kids played Mario Kart Wii in global multiplayer mode).
I get the idea that UDP was the bastard stepchild of internet networking until popular systems like games and skype started relying on it.
He then said that the U in UDP might as well stand for "Unreliable" because there is no guaranteed delivery. However, even then, it was used for some smaller applications, where if you didn't like the answer you got (or if you didn't get an answer) you could just ask again. This was often an advantage in the days when many networks either had very narrow bandwidth or had enough round-trip latency that you really didn't want to wait for a TCP handshake.
Now that we have big fast networks, UDP is experiencing a bit of a renaissance thanks to the need for peer to peer communications in a largely NAT-enabled world. Perhaps in the future if IPv6 kills off the widespread deployment of NAT, the pendulum will swing the other way.
If anyone is interested in reading about how UDP hole punching works, here are a few good articles on the subject (well, one good article and one Wikipedophilia article)
http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAYQFjAA&url=http%3A%2F%2Fwww.h-online.com%2Fsec urity%2Ffeatures%2FHow-Skype-Co-get-round-firewalls-747197.html&ei=1ifLS-11xYCUB-SRwIUG&usg=AFQjCNFwAdfxUR7 0tilI3BZTQbOSzLnLXQ
(sorry ... that should be http://tinyurl.com/y54ocpo )
and ... http://en.wikipedia.org/wiki/UDP_hole_punching
It's interesting enough that I'd like to try implementing it ... I just don't have any use for the finished product.