[Chilli] Coova-Chilli Multi Tenanency Mode

Russell Mike radius.sir at gmail.com
Sun Feb 10 13:09:07 UTC 2013


Mike SAID:

Mike SAID:

Dear David B. Thank you very much for the directions for correct procedure.
so much valuable information to know. I will do this and update the status
when done.

Thanks RM ----



David Bird SAID:

To serialize the iptables, you can edit the up.sh/down.sh scripts to
> wrap all the commands inside something like:
>
>
> (
> flock -s 200
>
> # ... commands executed under lock ...
>
> ) 200>/tmp/.chilli-flock
>
> David Bird
>

>


> > Luic SAID
> >
> >
> > Hello everyone,
> >
> >  1. It could be related to iptable locking, because I've got a bit of
> > success if I add "sleep 5" on /etc/init.d/chilli after starting each
> > vlan. It's not 100% win, but at least the success rate increased.
> >
> >
> >
> > Mike SAID:
> > I can agree to your point. But i do not use different script for
> > starting multiple instances (vlans) the same "/etc/init.d/chilli
> > start" does starts everything. But i have been advised to write a
> > different script, then i will add the wait between the "start" of each
> > instance. The following line in start script just check "chilli.conf"
> > files and start everything.  MULTI= $(ls
> /usr/local/etc/chilli/*/chilli.conf 2>/dev/null)
> >
> >
> >
> >
> > Luic Asked:
> >         2. The iptables file located at
> >         v /usr/local/var/run/chilli.tun0.sh is it generated every time
> >         chilli boots? Is it executed on chilli process startup? Could
> >         that be the issue? Not giving enough time for the OS to write
> >         the file, and ask it to run the script? If it’s that, that
> >         would explain why is a sporadic problem happening on multi
> >         chilli, because is starting several chilli processes as fast
> >         as the machine is capable of.
> >
> >
> >         Mike SAID:
> >
> >         Yes Luic, the file, the iptables rule under "/var/run/tun*.sh
> >         is created every time.  Because i have seen that when there is
> >         login page problem from a VLAN, i have verify that iptables
> >         file exists normal for that tunnel
> >         "/var/run/tun_problem_vlan.sh. Well, are you satisfied with
> >         the contents for the iptables file? do you think that i still
> >         need the iptable rule you advised earlier? in the above
> >         section of the communication?
> >
> >
>
>
> >          Ynezz SAID:
> >
> >         All rules from up.sh except the following seem to get created:
> >
> >          ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
> >
> >
> >          And sometimes some other rules :)
> >
> >          It seems to only ever happen in multi-instance environments
> >         so maybe
> >
> >         it is something to do with iptables locking and not allowing
> >         the
> >
> >         insertion of the rule while another instance is trying to do
> >         the same?  I'm not sure.
> >
> >
> >         Yes, maybe something like that, I didn't investigated it in
> >         the detail either.
> >
> >         I've added simple locking into the coova-chilli init.d script
> >         and added wildcard system wide iptables rules like "-i tun+"
> >         and it improved a lot.
> >
> >          -- ynezz
> >
> >
> > Mike Wrote:
> >
> >
> > HI Yneez,
> >
> >
> > It is Fully functional UB 12.4LTS x86_64, suffering with this disease
> > only. It will help others as well, if your suggestion fixed the
> > problem. Are you willing to provide more information so that i can
> > edit the script & give a try? How the below is done you said
> >
> >
> > I've added simple locking into the coova-chilli init.d script and
> > added wildcard system wide iptables rules like "-i tun+" and it
> > improved a lot.
> >
> >
> >
> >
> >
> > Big Thanks 2 Everyone !!!!
> >
> >
> > Thanks RM --
> >
> >
> >
> >
> > _______________________________________________
> > Chilli mailing list
> > Chilli at coova.org
> > http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
> --
> --
> David Bird
> http://www.linkedin.com/in/dwbird
> https://twitter.com/wlanmac
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20130210/939f757f/attachment.html>


More information about the Chilli mailing list