Limit total bandwidth on Linux
Want to limit the total bandwidth available to a Linux server, and don’t want to do it at the switch or router? Here’s how!
Spamhaus DROP list
The Spamhaus DROP list (Don’t Route or Peer) is still awaiting it’s BGP feed for network providers. So in the meantime, I’ve knocked up a little PHP script that downloads the DROP list from Spamhaus and spits out either a list of IPtables rules or a Cisco access control list.
View Source: http://www.potato-people.com/code/misctools/spamhausdrop.phps
Download: http://www.potato-people.com/code/misctools/spamhausdrop.tar.gz
Pet Hate: MTR
MTR, also known as Matt’s Trace Route, is an enahanced traceroute utility which after making the initial run continues to rerun the traceroute and calculate hop-specific packet loss and latencies.
Unfortunately, virtually everytime someone calls me and mentions “packet loss” and “MTR” in the same breath, it’s because they do not understand the output.
North East Coast of Northern Ireland
Dunluce Castle, Inner Courtyard
Further musings on measuring bandwidth
A few further thoughts on things that people forget to take into account when attempting to measure bandwidth:
- When measuring bandwidth, attempt to use a site or tool that is close to your ISP. If you’re in the UK and you try to test your connection using a site hosted in the US it’s never going to give you a decent idea of your speed. I recommend Speedtest.net, as it’s a single tool that can test to a multitude of different locations and will give you a much better idea of exactly how your line is performing.
- Remember to allow around 10% for overheads. An 8Mb ADSL line will top out at 7.2Mbps. This is due to overheads for the ADSL line itself: a certain amount of bandwidth is required to manage your packets that will not be visible on any web-based bandwidth test.
- Any download requires a certain amount of packets to be sent in the opposite direction. Usually these are acknowledgement packets to assure the server you are downloading from that everything is being received okay (or not, as the case may be). Again, that magic 10% figure is the one to watch out for. A 1Mbps download will roughly need a 100Kbps upload. If you are using up all your upload bandwidth, your download bandwidth will be poor.
Dealing with DMCA notices in the UK
As I work in a ISP, I (unfortunately) have to deal with the abuse mailbox. And unfortuantely, these means responding to DMCA notices from US companies. How do you deal with a copyright infringement happening on your network, but when the holder is in the US and trying to apply US law?
DISCLAIMER: I am not a solicitor.
Measuring bandwidth
An issue that comes up for me at work time and time again is customers misunderstanding how bandwidth is measured.
Reservoir
In my spare time, I’m working on a tool for photographers for managing photo collections. I was unable to find one that matched my requirements in the open source world, and frankly didn’t like the look of a lot of the commercial ones. Plus, making it web based means I can access my photos from anywhere in the world.
Click through for a demo video of the progress so far…
ZyXEL 660R Half-Bridge Mode
A common problem with ADSL in the UK is that most connections are still using PPPoA. This means that if you want a computer to have a public IP address on one of these connections, you need to either have a block of IP addresses routed by your ISP to your router (at extra) cost, or you use a USB modem. There’s no real option for those folks that want to connect something like a SonicWall or any other firewall device directly to the line.
Making your webserver a little bit more secure.
The most common attack vector on Linux web servers, is to get something uploaded onto the server that can then be executed. Most of these automated attacks try to put their payload into /tmp, which is universally writable by any user, and then execute it.
But what if they couldn’t execute it?