[Chilli] Coova-Chilli Multi Tenanency Mode

Russell Mike radius.sir at gmail.com
Thu Feb 7 16:44:48 UTC 2013


On Thu, Feb 7, 2013 at 4:05 PM, Luis Ferreira <lferreira at cabocom.cv> wrote:

*Luic SAID***

Hello everyone,

>  1. It could be related to iptable locking, because I've got a bit of
success if I add "sleep 5" on /etc/init.d/chilli after starting each vlan.
It's not 100% win, but at least the success rate increased.

> **
>

*Mike SAID: *
I can agree to your point. But i do not use different script for starting
multiple instances (vlans) the same "/etc/init.d/chilli start" does starts
everything. But i have been advised to write a different script, then i
will add the wait between the "start" of each instance. The following line
in start script just check "chilli.conf" files and start everything.
*MULTI=$(ls
/usr/local/etc/chilli/*/chilli.conf 2>/dev/null)*


*Luic Asked: *

> 2. The iptables file located at v /usr/local/var/run/chilli.tun0.sh is it
> generated every time chilli boots? Is it executed on chilli process
> startup? Could that be the issue? Not giving enough time for the OS to
> write the file, and ask it to run the script? If it’s that, that would
> explain why is a sporadic problem happening on multi chilli, because is
> starting several chilli processes as fast as the machine is capable of.
>
*Mike SAID: *
>
> **Yes Luic, the file, the iptables rule under "/var/run/tun*.sh is
> created every time.  Because i have seen that when there is login page
> problem from a VLAN, i have verify that iptables file exists normal for
> that tunnel "/var/run/tun_problem_vlan.sh. Well, are you satisfied with the
> contents for the iptables file? do you think that i still need the iptable
> rule you advised earlier? in the above section of the communication?**
>
> ** **
>
> Atentamente,****
>
> ****
>
> Luis Ferreira****
>
> Director Técnico****
>
> Cabocom S.A.****
>
> ****
>
> ** **
>
> -----Mensagem original-----
> De: Petr Štetiar [mailto:ynezz at true.cz]
> Enviada: quinta-feira, 7 de Fevereiro de 2013 05:35
> Para: Robert White
> Cc: Luis Ferreira; chilli at coova.org
> Assunto: Re: [Chilli] Coova-Chilli Multi Tenanency Mode
>
> Robert White <rwhite at globalgossip.net> [2013-02-07 13:40:21]:
>
> * Ynezz SAID: *
>
> All rules from up.sh except the following seem to get created:****
>
>  ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
>
> ** And sometimes some other rules :)
>
> ** It seems to only ever happen in multi-instance environments so maybe
>
> it is something to do with iptables locking and not allowing the ****
>
> insertion of the rule while another instance is trying to do the same?
> I'm not sure.****
>
>

> Yes, maybe something like that, I didn't investigated it in the detail
> either.
>
> I've added simple locking into the coova-chilli init.d script and added
> wildcard system wide iptables rules like "-i tun+" and it improved a lot.*
> ***
>
> ** -- ynezz
>
*Mike Wrote: *

HI Yneez,

It is Fully functional UB 12.4LTS x86_64, suffering with this disease only.
It will help others as well, if your suggestion fixed the problem. Are you
willing to provide more information so that i can edit the script & give a
try? How the below is done you said

I've added simple locking into the coova-chilli init.d script and added
wildcard system wide iptables rules like "-i tun+" and it improved a lot.


Big Thanks 2 Everyone !!!!

Thanks RM --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130207/878041a5/attachment.html>


More information about the Chilli mailing list