Binding duplicity to dedicated IP/network interface
Locked
Binding duplicity to dedicated IP/network interface
 
|
Dear friends of duplicity, quick question I could not find a straight-forward answer to despite a longer search: Situation: * Have Server, runs duplicity for backup, uses trickle to keep upload at bay Complication: * Router is able to prioritize traffic - better than the static trickle solution - but can only differentiate on src/dst IP and port, but both are not suitable to identify duplicity traffic Idea for solution: * Get 2nd internal IP address for dedicated (virtual) interface * Bind duplicity to dedicated interface * Throttle traffic on router, discriminate by src IP .. but that hinges on binding duplicity to a dedicated IP. Any idea how to do that? Search revealed something about namespaces and the 'ip' command, but is there a more obvious solution available? Best, Willem _______________________________________________ Duplicity-talk mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/duplicity-talk |
Re: Binding duplicity to dedicated IP/network interface
|
|
On 16.04.2019 12:32, Jansen, Willem via Duplicity-talk wrote:
> Dear friends of duplicity, > > quick question I could not find a straight-forward answer to despite a longer search: > > Situation: > * Have Server, runs duplicity for backup, uses trickle to keep upload at bay > > Complication: > * Router is able to prioritize traffic - better than the static trickle solution - but can only differentiate on src/dst IP and port, but both are not suitable to identify duplicity traffic > > Idea for solution: > * Get 2nd internal IP address for dedicated (virtual) interface > * Bind duplicity to dedicated interface > * Throttle traffic on router, discriminate by src IP > > .. but that hinges on binding duplicity to a dedicated IP. Any idea how to do that? Search revealed something about namespaces and the 'ip' command, but is there a more obvious solution available? > hey Willem, how about this https://unix.stackexchange.com/questions/210982/bind-unix-program-to-specific-network-interface ? ..ede/duply.net _______________________________________________ Duplicity-talk mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/duplicity-talk |
Re: Binding duplicity to dedicated IP/network interface
|
|
Hi Willem,
See if you find this useful, I've just made it up from the links mentioned below and it's working here, I'm actually running different programs in this moment connecting to the Internet through two different ethernet ports (coincidence, I saw your post when also testing with my e-mail client). You'll have to replace enp2s0 with the interface you need (enp2s0, enp4s2, but I think it could also be eth0, eth1, tun0, tun1...) and the IP you want for that interface. If you need a dns, see below, just after the first else, echo "Remember: ..." +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... start of "netns_createNameSpaceFor_enp2s0_andLaunchCommand.sh" +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... #!/bin/bash set -e COMMAND="$1" if [ "$COMMAND" == "" ] then echo "Usage: $0 <command>" echo "e.g.: $0 vivaldi" echo "or: $0 firefox" else echo "Remember: you need /etc/netns/nameSpaceFor_enp2s0/resolv.conf with one or two lines nameserver <ip addrs of dns>" # https://superuser.com/questions/241178/how-to-use-different-network-interfaces-for-different-processes # https://unix.stackexchange.com/questions/210982/bind-unix-program-to-specific-network-interface #create netns echo "sudo -E ip netns add nameSpaceFor_enp2s0" sudo -E ip netns add nameSpaceFor_enp2s0 #link iface to netns echo "sudo -E ip link set enp2s0 netns nameSpaceFor_enp2s0" sudo -E ip link set enp2s0 netns nameSpaceFor_enp2s0 #set ip address in namespace echo "sudo -E ip netns exec nameSpaceFor_enp2s0 ifconfig enp2s0 192.168.12.5/24 up" sudo -E ip netns exec nameSpaceFor_enp2s0 ifconfig enp2s0 192.168.12.5/24 up #set loopback (may be needed by process run in this namespace) echo "sudo -E ip netns exec nameSpaceFor_enp2s0 ifconfig lo 127.0.0.1/8 up" sudo -E ip netns exec nameSpaceFor_enp2s0 ifconfig lo 127.0.0.1/8 up #set route in namespace echo "sudo -E ip netns exec nameSpaceFor_enp2s0 route add default gw 192.168.12.1" sudo -E ip netns exec nameSpaceFor_enp2s0 route add default gw 192.168.12.1 #force vivaldi to run inside namespace (using enp2s0 as outgoing interface and the route) echo "IP addr:" echo "sudo -E ip netns exec nameSpaceFor_enp2s0 sudo -E -u $USER /home/$USER/myScripts/myIP.sh" sudo -E ip netns exec nameSpaceFor_enp2s0 sudo -E -u $USER /home/$USER/myScripts/myIP.sh export GTK_IM_MODULE=xim # https://github.com/netblue30/firejail/issues/116 # https://github.com/netblue30/firejail/issues/410 echo "sudo -E ip netns exec nameSpaceFor_enp2s0 sudo -E -u $USER $COMMAND" sudo -E ip netns exec nameSpaceFor_enp2s0 sudo -E -u $USER $COMMAND read -n 1 -p "Going to delete nameSpaceFor_enp2s0 (sudo -E ip netns delete nameSpaceFor_enp2s0) - press any key to continue, ctrl-c to abort " sudo -E ip netns delete nameSpaceFor_enp2s0 fi ...+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- end of "netns_createNameSpaceFor_enp2s0_andLaunchCommand.sh" ...+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... start of "netns_inAlreadyCreatedNameSpaceFor_enp2s0_launchAnotherCommand.sh" +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... #!/bin/bash set -e COMMAND="$1" if [ "$COMMAND" == "" ] then echo "Usage: $0 <command>" echo "e.g.: $0 vivaldi" echo "or: $0 firefox" else export GTK_IM_MODULE=xim # https://github.com/netblue30/firejail/issues/116 # https://github.com/netblue30/firejail/issues/410 echo "sudo -E ip netns exec nameSpaceFor_enp2s0 sudo -E -u $USER $COMMAND" sudo -E ip netns exec nameSpaceFor_enp2s0 sudo -E -u $USER $COMMAND fi ...+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- end of "netns_inAlreadyCreatedNameSpaceFor_enp2s0_launchAnotherCommand.sh" ...+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... start of "myIP.sh" +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-... # echo "curl ipinfo.io/ip" curl ipinfo.io/ip # echo "curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//'" # curl -s checkip.dyndns.org | sed -e 's/.*Current IP Address: //' -e 's/<.*$//' # https://askubuntu.com/questions/95910/command-for-determining-my-public-ip # also see ~/myScripts/wait/wait4IPtoChange.sh ...+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- end of "myIP.sh" ...+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- On 16/4/19 07:40, edgar.soldin--- via Duplicity-talk wrote: > On 16.04.2019 12:32, Jansen, Willem via Duplicity-talk wrote: >> Dear friends of duplicity, >> >> quick question I could not find a straight-forward answer to despite a longer search: >> >> Situation: >> * Have Server, runs duplicity for backup, uses trickle to keep upload at bay >> >> Complication: >> * Router is able to prioritize traffic - better than the static trickle solution - but can only differentiate on src/dst IP and port, but both are not suitable to identify duplicity traffic >> >> Idea for solution: >> * Get 2nd internal IP address for dedicated (virtual) interface >> * Bind duplicity to dedicated interface >> * Throttle traffic on router, discriminate by src IP >> >> .. but that hinges on binding duplicity to a dedicated IP. Any idea how to do that? Search revealed something about namespaces and the 'ip' command, but is there a more obvious solution available? >> > hey Willem, > > how about this > https://unix.stackexchange.com/questions/210982/bind-unix-program-to-specific-network-interface > ? > > ..ede/duply.net > > > _______________________________________________ > Duplicity-talk mailing list > [hidden email] > https://lists.nongnu.org/mailman/listinfo/duplicity-talk > _______________________________________________ Duplicity-talk mailing list [hidden email] https://lists.nongnu.org/mailman/listinfo/duplicity-talk |
«
Return to duplicity-talk
|
1 view|%1 views
| Free forum by Nabble | Edit this page |