Hello ML.
Any of you guys have any experience in shaping x2go traffic to separate file & printing sharing from normal session traffic?
Any way to identify both print & file tunnels from the rest of the ssh stream?
Thanks for a great product.
Kindly,
-- Helmer Teles
eM@il : helmer [DOT] teles Using Google great email services.
Web Page: http://hteles.wordpress.com
Am 05.04.2012 19:07, schrieb Helmer Teles:
Hello ML.
Any of you guys have any experience in shaping x2go traffic to separate file & printing sharing from normal session traffic?
Any way to identify both print & file tunnels from the rest of the ssh stream?
I'd say that depends on your usage scenario. If you're running VPN connections or dedicated lines between several WAN sites (I'm assuming there's no need for traffic shaping within a LAN), then nothing forces you to use x2go's built-in file and print sharing.
In my particular use case, printing is done by CUPS connecting directly to ports 515 and 9100:
Of course, if you're using x2go's SSH connection to avoid a full-blown VPN, that's not going to help you.
It *might* be possible to do throttling on the server side using some iptables magic, but I've never tried that.
-Stefan
Hi Stefan,
On Thursday 05 April 2012 19:54:09 Stefan Baur wrote:
Am 05.04.2012 19:07, schrieb Helmer Teles:
Hello ML.
Any of you guys have any experience in shaping x2go traffic to separate file & printing sharing from normal session traffic?
Any way to identify both print & file tunnels from the rest of the ssh stream?
I'd say that depends on your usage scenario. If you're running VPN connections or dedicated lines between several WAN sites (I'm assuming there's no need for traffic shaping within a LAN), then nothing forces you to use x2go's built-in file and print sharing.
In my particular use case, printing is done by CUPS connecting directly to ports 515 and 9100:
- 515 for LPD on *nix and Windows (yes, Windows has an LPD server as well) and older network-attached printers,
- 9100 for TCP/IP-socket-printing on newer network-attached printers.
Of course, if you're using x2go's SSH connection to avoid a full-blown VPN, that's not going to help you.
It *might* be possible to do throttling on the server side using some iptables magic, but I've never tried that.
-Stefan
I'm trying to evaluate how the traffic flows between x2go and my laptop within a 3g connection, maybe i'm seeing it bad, but it seems that when connected to a rdp server inside a x2gosession both the traffic when watching a youtube video and transfering a 16MB file arrive at the same port, in my case both connection when watched with iftop are receiving all traffic at my port 33349 and being transmitted at :44126 server port. Is this normal ?
I've watched both at the server and at my end.
Thanks for your reply
Am 05.04.2012 20:02, schrieb Helmer Teles:
I'm trying to evaluate how the traffic flows between x2go and my laptop within a 3g connection,
So you're using x2go only, without VPN or a dedicated line. That means there's no way the method I suggested is going to help you.
maybe i'm seeing it bad, but it seems that when connected to a rdp server inside a x2gosession both the traffic when watching a youtube video and transfering a 16MB file arrive at the same port, in my case both connection when watched with iftop are receiving all traffic at my port 33349 and being transmitted at :44126 server port. Is this normal ?
That is something that Heinz, Alex and Mike will probably be able to answer better than me, but my gut feeling says that's expected behavior. Like I said, the only way I could think of how you could throttle file and print traffic would be some iptables magic on the server, but you're on your own with that - I've never tried it.
Oh, and please do not CC me on list mail.
-Stefan
Hi Helmer, hi Stefan,
On Do 05 Apr 2012 20:10:22 CEST Stefan Baur wrote:
maybe i'm seeing it bad, but it seems that when connected to a rdp server inside a x2gosession both the traffic when watching a youtube video and transfering a 16MB file arrive at the same port, in my case both connection when watched with iftop are receiving all traffic at my port 33349 and being transmitted at :44126 server port. Is this normal ?
That is something that Heinz, Alex and Mike will probably be able to
answer better than me, but my gut feeling says that's expected
behavior.
The SSH connecting process does this... (c) stands for client
functionality, (s) stands for server functionality:
o set up a master connection (normal ssh login, so to say), from X2Go client (c) to X2Go server (s). o over this master connection: set up one port forwarding tunnel for nxproxy (c) -> x2goagent (s) connection (graphics port) o over this master connection: set up one reverse port forwarding tunnel for audio stream. Applications in the X2Go session (c) can contact the client-side audio daemon (s). o over this master connection: set up one reverse port forwarding tunnel for SSHFS file/folder sharing. from within the X2Go session you can mount (c) client-side folder resources (s) via SSHFS
All the above named traffic can be listened to if you eavesdrop on the
client/server port pair of the master SSH connection.
Hope that helps!
Greets, Mike
--
DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419
GnuPG Key ID 0xB588399B mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xf...
On Thu, 2012-04-05 at 18:07 +0100, Helmer Teles wrote:
Hello ML.
Any of you guys have any experience in shaping x2go traffic to separate file & printing sharing from normal session traffic?
Any way to identify both print & file tunnels from the rest of the ssh stream?
<snip> Hi, Helmer. I'll paste in what I sent to you privately as I'd love to see us restore the old functionality if possible:
We used to be able to distinguish interactive from bulk X2Go traffic when it was using OpenSSH. By default, SSH set the minimize-delay ToS bit (0x10)in the IP header for interactive traffic and minimize-cost (I think) (0x08) for bulk traffic. That seems to have gone away in the move to libssh instead of OpenSSH. I do hope they restore that differentiation so that we can shape the traffic differently.
On Thursday 05 April 2012 23:05:32 John A. Sullivan III wrote:
On Thu, 2012-04-05 at 18:07 +0100, Helmer Teles wrote:
Hello ML.
Any of you guys have any experience in shaping x2go traffic to separate file & printing sharing from normal session traffic?
Any way to identify both print & file tunnels from the rest of the ssh stream?
<snip> Hi, Helmer. I'll paste in what I sent to you privately as I'd love to see us restore the old functionality if possible:
We used to be able to distinguish interactive from bulk X2Go traffic when it was using OpenSSH. By default, SSH set the minimize-delay ToS bit (0x10)in the IP header for interactive traffic and minimize-cost (I think) (0x08) for bulk traffic. That seems to have gone away in the move to libssh instead of OpenSSH. I do hope they restore that differentiation so that we can shape the traffic differently.
Hello ML & John.
Thanks for the feedback. I will try to leverage the problem with http://www.mastershaper.org/index.php/MasterShaper
Hope it can help me get where i want.