Hi, I am a newbie. :-( I am using the Eiger-Dynamic.bin image since I have not got a static ip from the ISP.
I followed the instruction step by step including adding the NIC module. I had to change the ip of eth1 in the network.conf. (I didn't change the ipchains) Since the current default gateway is 192.168.1.254, I gave the eth1 192.168.1.253. Eth0 seems be 192.168.1.113 after runing dhclient. Now I can ping both 1.253 and 1.113 but I can't ping the internet, the gateway 1.254 and any other IP in the LAN. The following message are generated by runing set of command required while looking for help. Hope you can help me to fix the common problem. Cheers, Liumei PS I am very sorry for the long and messy stuff. ***************************************************** messages ******** Oct 1 21:26:52 myrouter syslogd 1.3-3#31: restart. Oct 1 21:26:52 myrouter kernel: klogd 1.3-3#31, log source = /proc/kmsg started. Oct 1 21:26:52 myrouter kernel: Cannot find map file. Oct 1 21:26:52 myrouter kernel: Loaded 2 symbols from 11 modules. Oct 1 21:26:52 myrouter kernel: Linux version 2.2.16 (root@debian) (gcc version 2.7.2.3) #1 Sun Jun 11 11:33:38 CDT 2000 Oct 1 21:26:52 myrouter kernel: Detected 166196 kHz processor. Oct 1 21:26:52 myrouter kernel: Console: colour VGA+ 80x25 Oct 1 21:26:52 myrouter kernel: Calibrating delay loop... 331.78 BogoMIPS Oct 1 21:26:52 myrouter kernel: Memory: 46368k/49152k available (800k kernel code, 416k reserved, 780k data, 40k init) Oct 1 21:26:52 myrouter kernel: Dentry hash table entries: 8192 (order 4, 64k) Oct 1 21:26:52 myrouter kernel: Buffer cache hash table entries: 65536 (order 6, 256k) Oct 1 21:26:52 myrouter kernel: Page cache hash table entries: 16384 (order 4, 64k) Oct 1 21:26:52 myrouter kernel: CPU: Intel Pentium 75 - 200 stepping 0c Oct 1 21:26:52 myrouter kernel: Checking 386/387 coupling... OK, FPU using exception 16 error reporting. Oct 1 21:26:52 myrouter kernel: Checking 'hlt' instruction... OK. Oct 1 21:26:52 myrouter kernel: Intel Pentium with F0 0F bug - workaround enabled. Oct 1 21:26:52 myrouter kernel: POSIX conformance testing by UNIFIX Oct 1 21:26:52 myrouter kernel: PCI: PCI BIOS revision 2.10 entry at 0xf2074 Oct 1 21:26:52 myrouter kernel: PCI: Using configuration type 1 Oct 1 21:26:52 myrouter kernel: PCI: Probing PCI hardware Oct 1 21:26:52 myrouter kernel: Linux NET4.0 for Linux 2.2 Oct 1 21:26:52 myrouter kernel: Based upon Swansea University Computer Society NET3.039 Oct 1 21:26:52 myrouter kernel: NET4: Unix domain sockets 1.0 for Linux NET4.0. Oct 1 21:26:52 myrouter kernel: NET4: Linux TCP/IP 1.0 for NET4.0 Oct 1 21:26:52 myrouter kernel: IP Protocols: ICMP, UDP, TCP, IGMP Oct 1 21:26:52 myrouter kernel: TCP: Hash tables configured (ehash 65536 bhash 65536) Oct 1 21:26:52 myrouter kernel: Linux IP multicast router 0.06 plus PIM-SM Oct 1 21:26:52 myrouter kernel: Initializing RT netlink socket Oct 1 21:26:52 myrouter kernel: Starting kswapd v 1.5 Oct 1 21:26:52 myrouter kernel: Detected PS/2 Mouse Port. Oct 1 21:26:52 myrouter kernel: Serial driver version 4.27 with MANY_PORTS MULTIPORT SHARE_IRQ enabled Oct 1 21:26:52 myrouter kernel: ttyS00 at 0x03f8 (irq = 4) is a 16550A Oct 1 21:26:52 myrouter kernel: Software Watchdog Timer: 0.05, timer margin: 60 sec Oct 1 21:26:52 myrouter kernel: Real Time Clock Driver v1.09 Oct 1 21:26:52 myrouter kernel: RAM disk driver initialized: 16 RAM disks of 6144K size Oct 1 21:26:52 myrouter kernel: Floppy drive(s): fd0 is 1.44M Oct 1 21:26:52 myrouter kernel: FDC 0 is a National Semiconductor PC87306 Oct 1 21:26:52 myrouter kernel: NET4: Ethernet Bridge 007 for NET4.0 Oct 1 21:26:52 myrouter kernel: early initialization of device brg0 is deferred Oct 1 21:26:52 myrouter kernel: brg0: network interface for Ethernet Bridge 007/NET4.0 Oct 1 21:26:52 myrouter kernel: brg0: generated MAC address FE:FD:0A:4B:13:09 Oct 1 21:26:52 myrouter kernel: brg0: attached to bridge instance 0 Oct 1 21:26:52 myrouter kernel: RAMDISK: Compressed image found at block 0 Oct 1 21:26:52 myrouter kernel: RAMDISK: Uncompressing root archive: done. Oct 1 21:26:52 myrouter kernel: RAMDISK: Auto Filesystem - minix: 2048i 6144bk 68fdz(68) 1024zs 2147483647ms Oct 1 21:26:52 myrouter kernel: VFS: Mounted root (minix filesystem). Oct 1 21:26:52 myrouter kernel: RAMDISK: Extracting root archive: done. Oct 1 21:26:52 myrouter kernel: Freeing unused kernel memory: 40k freed Oct 1 21:26:52 myrouter kernel: rtl8139.c:v1.07 5/6/99 Donald Becker http://cesdis.gsfc.nasa.gov/linux/drivers/rtl8139.html Oct 1 21:26:52 myrouter kernel: eth0: RealTek RTL8139 Fast Ethernet at 0x1400, IRQ 11, 00:c0:df:25:e4:b6. Oct 1 21:26:52 myrouter kernel: eth1: RealTek RTL8139 Fast Ethernet at 0x1800, IRQ 11, 00:c0:df:25:e4:b0. Oct 1 21:26:57 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=50857 F=0x0000 T=128 (#9) Oct 1 21:26:57 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=50858 F=0x0000 T=128 (#9) Oct 1 21:27:41 myrouter kernel: martian source 0801a8c0 for 6401a8c0, dev eth0 Oct 1 21:27:41 myrouter kernel: ll header: ff ff ff ff ff ff 00 02 55 21 ec 87 08 06 Oct 1 21:27:54 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:28:23 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.100:138 192.168.1.255:138 L=229 S=0x00 I=19254 F=0x0000 T=128 (#9) Oct 1 21:28:40 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.109:138 192.168.1.255:138 L=250 S=0x00 I=39168 F=0x0000 T=128 (#9) Oct 1 21:29:59 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:30:11 myrouter kernel: martian source 0801a8c0 for fe01a8c0, dev eth0 Oct 1 21:30:11 myrouter kernel: ll header: ff ff ff ff ff ff 00 02 55 21 ec 87 08 06 Oct 1 21:31:34 myrouter kernel: martian source 0801a8c0 for 6401a8c0, dev eth0 Oct 1 21:31:34 myrouter kernel: ll header: ff ff ff ff ff ff 00 02 55 21 ec 87 08 06 Oct 1 21:31:34 myrouter kernel: martian source 6401a8c0 for fe01a8c0, dev eth0 Oct 1 21:31:34 myrouter kernel: ll header: ff ff ff ff ff ff 00 80 ad 8a 04 47 08 06 Oct 1 21:32:04 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:138 192.168.1.255:138 L=236 S=0x00 I=51150 F=0x0000 T=128 (#9) Oct 1 21:32:04 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:32:05 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51151 F=0x0000 T=128 (#9) Oct 1 21:32:05 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51152 F=0x0000 T=128 (#9) Oct 1 21:32:13 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51157 F=0x0000 T=128 (#9) Oct 1 21:32:13 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51158 F=0x0000 T=128 (#9) Oct 1 21:32:21 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51160 F=0x0000 T=128 (#9) Oct 1 21:32:21 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51161 F=0x0000 T=128 (#9) Oct 1 21:32:29 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51168 F=0x0000 T=128 (#9) Oct 1 21:32:29 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51169 F=0x0000 T=128 (#9) Oct 1 21:33:40 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.109:138 192.168.1.255:138 L=250 S=0x00 I=40960 F=0x0000 T=128 (#9) Oct 1 21:34:09 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:34:39 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:138 192.168.1.255:138 L=229 S=0x00 I=51255 F=0x0000 T=128 (#9) Oct 1 21:35:39 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.109:138 192.168.1.255:138 L=250 S=0x00 I=41984 F=0x0000 T=128 (#9) Oct 1 21:36:14 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:38:19 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:39:37 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51510 F=0x0000 T=128 (#9) Oct 1 21:39:37 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51511 F=0x0000 T=128 (#9) Oct 1 21:39:45 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51529 F=0x0000 T=128 (#9) Oct 1 21:39:45 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51530 F=0x0000 T=128 (#9) Oct 1 21:39:53 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51561 F=0x0000 T=128 (#9) Oct 1 21:39:53 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51562 F=0x0000 T=128 (#9) Oct 1 21:40:01 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=51630 F=0x0000 T=128 (#9) Oct 1 21:40:01 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=51631 F=0x0000 T=128 (#9) Oct 1 21:40:12 myrouter kernel: martian source 0801a8c0 for fe01a8c0, dev eth0 Oct 1 21:40:12 myrouter kernel: ll header: ff ff ff ff ff ff 00 02 55 21 ec 87 08 06 Oct 1 21:40:18 myrouter kernel: martian source 6401a8c0 for fe01a8c0, dev eth0 Oct 1 21:40:18 myrouter kernel: ll header: ff ff ff ff ff ff 00 80 ad 8a 04 47 08 06 Oct 1 21:40:23 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.100:138 192.168.1.255:138 L=229 S=0x00 I=19830 F=0x0000 T=128 (#9) Oct 1 21:40:24 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:40:38 myrouter kernel: martian source 0801a8c0 for 6401a8c0, dev eth0 Oct 1 21:40:38 myrouter kernel: ll header: ff ff ff ff ff ff 00 02 55 21 ec 87 08 06 Oct 1 21:42:29 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:42:41 myrouter kernel: martian source 0801a8c0 for 6401a8c0, dev eth0 Oct 1 21:42:41 myrouter kernel: ll header: ff ff ff ff ff ff 00 02 55 21 ec 87 08 06 Oct 1 21:44:34 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:46:39 myrouter kernel: Packet log: input DENY eth0 PROTO=2 192.168.1.254:65535 224.0.0.1:65535 L=28 S=0x00 I=0 F=0x0000 T=64 (#9) Oct 1 21:46:41 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:138 192.168.1.255:138 L=229 S=0x00 I=52063 F=0x0000 T=128 (#9) Oct 1 21:47:04 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:138 192.168.1.255:138 L=236 S=0x00 I=52081 F=0x0000 T=128 (#9) Oct 1 21:47:09 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=52082 F=0x0000 T=128 (#9) Oct 1 21:47:09 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=52083 F=0x0000 T=128 (#9) Oct 1 21:47:17 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=52084 F=0x0000 T=128 (#9) Oct 1 21:47:17 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=52085 F=0x0000 T=128 (#9) Oct 1 21:47:25 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=52086 F=0x0000 T=128 (#9) Oct 1 21:47:25 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=52087 F=0x0000 T=128 (#9) Oct 1 21:47:33 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:68 255.255.255.255:67 L=276 S=0x00 I=52088 F=0x0000 T=128 (#9) Oct 1 21:47:33 myrouter kernel: Packet log: input DENY eth0 PROTO=17 192.168.1.8:67 255.255.255.255:68 L=328 S=0x00 I=52089 F=0x0000 T=128 (#9) ****************************************************** address.txt *********** 1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope global lo 2: brg0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop link/ether fe:fd:0a:4b:13:09 brd ff:ff:ff:ff:ff:ff 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:c0:df:25:e4:b6 brd ff:ff:ff:ff:ff:ff inet 192.168.1.113/24 brd 192.168.1.255 scope global eth0 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:c0:df:25:e4:b0 brd ff:ff:ff:ff:ff:ff inet 192.168.1.253/24 brd 192.168.1.255 scope global eth1 ******************************************************* route.txt ********* 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.253 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.113 default via 192.168.1.254 dev eth1 ******************************************************* filter.txt ********** Chain input (policy DENY: 2 packets, 656 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 13 -> * 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 14 -> * 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a 46 10520 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.1.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.1.113 0.0.0.0/0 n/a 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 127.0.0.0/8 n/a 0 0 REJECT all ----l- 0xFF 0x00 eth0 0.0.0.0/0 192.168.1.0/24 n/a 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 22 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 25 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 113 0 0 ACCEPT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 0 0 REJECT udp ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 161:162 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 53 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 123 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 68 0 0 DENY udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 67 0 0 ACCEPT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 1024:65535 0 0 ACCEPT icmp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> * 0 0 ACCEPT ospf ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> 161:162 0 0 REJECT udp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 161:162 -> * 15 1980 ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain forward (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 DENY icmp ----l- 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 5 -> * 0 0 MASQ all ------ 0xFF 0x00 eth0 192.168.1.0/24 0.0.0.0/0 n/a 0 0 DENY all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain output (policy DENY: 0 packets, 0 bytes): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 30 3240 fairq all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 255.255.255.255 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 127.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 224.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 10.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 172.16.0.0/12 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.168.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 0.0.0.0/8 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 128.0.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 191.255.0.0/16 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 192.0.0.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 223.255.255.0/24 0.0.0.0/0 n/a 0 0 DENY all ----l- 0xFF 0x00 eth0 240.0.0.0/4 0.0.0.0/0 n/a 0 0 DENY all ------ 0xFF 0x00 eth0 192.168.1.0/24 0.0.0.0/0 n/a 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 137 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 135 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138:139 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 * -> 138 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:138 -> * 0 0 REJECT udp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 137:139 -> * 0 0 REJECT tcp ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 135 -> * 30 3240 ACCEPT all ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 n/a Chain fairq (1 references): pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports 0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a 0 0 RETURN ospf ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 n/a 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 520 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 520 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 179 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 179 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53 0 0 RETURN tcp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> * 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 * -> 53 0 0 RETURN udp ------ 0xFF 0x00 * 0x1 0.0.0.0/0 0.0.0.0/0 53 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 23 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 23 -> * 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 * -> 22 0 0 RETURN tcp ------ 0xFF 0x00 * 0x2 0.0.0.0/0 0.0.0.0/0 22 -> * ******************************************************* ipmasqadm mfw -nL ***************** fwmark rediraddr rport pcnt pref ******************************************************* ipmasqadm portfw -nl ******************** prot localaddr rediraddr lport rport pcnt pref ******************************************************* autofw.txt ********** Type Prot Low High Vis Hid Where Last CPto CPrt Timer Flags ******************************************************* network.conf ************ ############################################################################### # Brief instructions for this file ############################################################################### # # VERBOSE=(YES/NO) Default: Yes # Be verbose about settings. # # MAX_LOOP=(int) Default: 10 # Maximum number of incrementable entries to search for. # IE: If you create a DNS7=, and MAX_LOOP=7, it will not be reached. # (DNS0 - DNS7 == 8 entires) # Setting this value too high will decrease the speed of the configuation # system. # # IPFWDING_KERNEL=(YES/NO/FILTER_ON) Default: NO # Enable IP forwarding in the kernel. FILTER_ON means forwarding will # only happen when IP filtering rules are loaded # # IPALWAYSDEFRAG_KERNEL=(YES/NO) Default: NO # Enable IP Global defragmentation in the kernel. # # **WARNING** - If this was turned on everywhere in a network of routers, # it can result in TCP connections failing and TCP connection resets. # # ONLY turn this on if the box is a firewall or the single point of # entry for a network, or an endpoint for port forwarding or a load # balancer for a WWW server farm. DO NOT turn this on if the box is a # conventional router as it breaks the TCP/IP RFCes. This option is # needed when using IP NAT, IP masquerading, IP autofw, IP portfw, # transperent proxying or other kernel operations that intercept a # packet flow and redirect it. # # It is a usful tool when using a packet filtering router to protect # directly attached ethernet networks of servers as it stops fragment # attacks on the servers in behind the router. Another use is packet # filtering router to protect dial-in Internet users on NASes # (Portmasters, TC racks etc) from various SMB and fragment attacks # and to redirect all WWW connections into a WWW proxy-caching server. # # CONFIG_HOSTNAME=(YES/NO) Default: NO # Create /etc/hostname file using HOSTNAME entry. # Any current hostname file will be **OVERWRITTEN** # # CONFIG_HOSTSFILE=(YES/NO) Default: NO # Create /etc/hosts file using HOSTSx entries. # Any current hosts file will be **OVERWRITTEN** # # CONFIG_DNS=(YES/NO) Default: NO # Create /etc/resolv.conf file using DOMAINS and DNSx entries. # Any current resolv.conf file will be **OVERWRITTEN** # # IF_LIST Default: "$IF_AUTO" # A space seperated list of interfaces that can be ACTIVE on this machine # This controls which interfaces can be brought up and down manually. # # IF_AUTO Default: "eth0" # A space seperated list of interfaces that get started on boot. Tunneling # interfaces like CIPE should be after the raw interfaces they depend on. # The interfaces are started in the order they occur on the list, and are # shutdown in the reverse order of IF_LIST. # # IPFILTER_SWITCH=(none|router|firewall) Default: "none" # Selects the basic IP filtering/firewalling setup of the router. "None" # is used for a straight through router, "router" for a filtering router with # IP spoof protection and Martian protection and "firewall" for a basic IP # masquerading/NAT firewall. The basic filter types are provided in # /etc/ipfilter.conf. If you want more than what is provided read the man # pages for ipchains or ipfwadm and BE CAREFUL when you edit this! # ############################################################################### # General Settings ############################################################################### VERBOSE=YES MAX_LOOP=10 IPFWDING_KERNEL=FILTER_ON IPALWAYSDEFRAG_KERNEL=YES CONFIG_HOSTNAME=YES CONFIG_HOSTSFILE=YES CONFIG_DNS=NO ############################################################################### # Interfaces ############################################################################### # Start pppd PPP interfaces first as pppd's use of DNS can delay startup. # # Interfaces to start on boot go here - ie "ppp0 eth0" IF_AUTO="eth1" # List of all configured interfaces, manual start and boot start IF_LIST="$IF_AUTO" # Accept ICMP Redirects on ALL interfaces, also depends on /proc # per interface IP forwarding flag. - YES/NO ALLIF_ACCEPT_REDIRECTS=NO # Need these both for interfaces run by daemons - ie PPP, CIPE, some # WAN interfaces # IP spoofing protection by default for interfaces - YES/NO DEF_IP_SPOOF=YES # Kernel logging of spoofed packets by default for interfaces - YES/NO DEF_IP_KRNL_LOGMARTIANS=YES # Bridge Setup - Global stuff # # Enable bridging - YES/NO BRG_SWITCH=NO # Exempt ethernet protocol types - type "brcfg list" to find out allowed # values BRG_EXEMPT_PROTOS="" eth0_IPADDR=0.0.0.0 eth0_MASKLEN=0 eth0_BROADCAST=0.0.0.0 # Use this to set the default route if required - ONLY one to be set. # routed or gated could be used to set this so only use if not running these. eth0_DEFAULT_GW=192.168.1.254 # Secondary IP addresses/networks on same wire - add them here #eth0_IP_EXTRA_ADDRS="192.168.1.193 192.168.2.1/24" # IP spoofing protection on this interface - YES/NO eth0_IP_SPOOF=YES # Kernel logging of spoofed packets on this interface - YES/NO eth0_IP_KRNL_LOGMARTIANS=YES # This setting affects the processing of ICMP redirects. Setting it to NO # makes this more secure. Don't turn this off if you have two IP # networks/subnets on the same media - YES/NO eth0_IP_SHARED_MEDIA=NO # Bridge this interface - YES/NO eth0_BRIDGE=NO # Proxy-arp from this interface, no other config required to turn on proxy ARP! # - YES/NO eth0_PROXY_ARP=NO # Simple QoS/fair queueing support # Turn on Stochastic Fair Queueing - useful on busy DDS links - YES/NO eth0_FAIRQ=NO # Ethernet Transmit Queue Length # eth0_TXQLEN=100 # Complex QoS - Enable all of these + above to turn it on #eth0_BNDWIDTH=10Mbit # Device bandwidth #eth0_HNDL=2 # Queue Handle - must be unique #eth0_IABURST=100 # Interactive Burst #eth0_IARATE=1Mbit # Interactive Rate #eth0_PXMTU=1514 # Physical MTU - includes Link Layer header eth1_IPADDR=192.168.1.253 eth1_MASKLEN=24 eth1_BROADCAST=192.168.1.255 eth1_IP_SPOOF=YES eth1_IP_KRNL_LOGMARTIANS=YES eth1_IP_SHARED_MEDIA=NO eth1_BRIDGE=NO eth1_PROXY_ARP=NO eth1_FAIRQ=NO # Sangoma FR example #fr498_IPADDR=10.0.10.1 #fr498_PTPADDR=10.0.10.2 #fr498_IP_SPOOF=YES #fr498_IP_KRNL_LOGMARTIANS=YES # Simple QoS support #fr498_FAIRQ=YES #fr498_TXQLEN=50 # Complex FR QoS - Enable ALL of these + above to turn it on #fr498_FRBURST=960Kbit # FR Burst capacity (a rate) #fr498_BULKRATE=320Kbit # Usually you set this to the CIR #fr498_BULKBURST=50 # Number of packets that can burst in bulk class #fr498_BNDWIDTH=1920Kbit # The bandwidth of the interface #fr498_IABURST=512 # No of Interactive Burst packets #fr498_IARATE=640Kbit # Burst capicity bandwith between # BURST and CIR #fr498_HNDL=2 # The queue handle - must be unique Dialup PPP is 1000+ #fr498_PXMTU=1508 # The Physical MTU of the interface (data + MAC header) # PPP interface stuff - these apply to all ASYNC ppp interfaces, options # same as ethernet above. ppp_BNDWIDTH=30Kbit ppp_FAIRQ=YES ppp_TXQLEN=30 ppp_IABURST=20 ppp_IARATE=10Kbit ppp_PXMTU=1500 ############################################################################### # IP Filter setup - can pull in settings from above ############################################################################### # Set up the basic type of filtering. Can be one of (none|router|firewall) # You must load the ip_masq_* modules to enable full IP masquerading, and # ip_masq_portfw if you want to forward external ports pop-3, mtp, www # to internal machines below. IPFILTER_SWITCH=firewall # This set of variables is used with both sets of filters SNMP_BLOCK=YES # Block all SNMP (YES/NO) # List of IP Nos used for SNMP management SNMP_MANAGER_IPS="" # Fair Queuing support # List of Mark values MRK_CRIT=1 # Critical traffic, routing, DNS MRK_IA=2 # Interactive traffic - telnet, ssh, IRC # List of traffic types and maps to mark values # Setting this variable turns on the # fairq chain CLS_FAIRQ="${MRK_CRIT}_89_0/0 ${MRK_CRIT}_udp_0/0_route ${MRK_CRIT}_tcp_0/0_bgp ${MRK_CRIT}_tcp_0/0_domain ${MRK_CRIT}_udp_0/0_domain ${MRK_IA}_tcp_0/0_telnet ${MRK_IA}_tcp_0/0_ssh" # This set of variables is used with the basic routing filter setup # This set of variables is used with a basic IP masquerading firewall setup #Notation - IP addresses/masklen # # NOTE: Do NOT turn on the DMZ network or ANY external port masquerading/ # port forwarding when EXTERN_DYNADDR is on because some security # leaks will result. You may also want to limit the external open # ports to domain (UDP) for DNS. Anyhow, these features are not that # usable unless you have a static external address # EXTERN_IF="eth0" # External Interface # # Start of changes by Charles Steinkuehler for DHCP # # Added for DHCP support # Setting this to YES causes the script to read EXTERN_IP directly from # the interface EXTERN_DHCP=YES # - YES/NO # The interface to configure via dhcp IF_DHCP=$EXTERN_IF # If YES, your firewall filters use 0/0 for your IP address, instead of your # actual IP address. Set this to NO for typical ethernet setups, even if you # are using DHCP # External Address dynamically assigned EXTERN_DYNADDR=NO # - YES/NO # -- OR -- EXTERN_IP=0.0.0.0 # External Interface IP number # If external interface is DHCP, read the IP address # This should probably be moved to the init.d network script, but it seemed # I put it here for now, as it is more obvious what it is doing, in case it # messes something else up. if [ "$EXTERN_DHCP" = "YES" ] || \ [ "$EXTERN_DHCP" = "Yes" ] || \ [ "$EXTERN_DHCP" = "yes" ]; then # This computes the IP address of $EXTERN_IF # Grep extracts just the line(s) with IP address information from the output # of ip addr. The first sed gets rid of all but the first line (in case # there are several IP addresses for some reason), and next sed extracts # just the IP address in dot quad notation. EXTERN_IP=`ip addr list label $EXTERN_IF | \ grep inet | \ sed '1!d' | \ sed 's/^[^.0-9]*\([.0-9]*\).*$/\1/'` # Debugging - Remove if you like # echo Extern IP: $EXTERN_IP # If the external address is not configured, use a bogus address for the # external interface to prevent a bunch of (harmless) errors that spit out # when the IPCHAINS script is called. if [ x$EXTERN_IP = x ]; then EXTERN_IP=192.168.254.254 fi fi # UDP Services open to outside world # - srcip/mask_dstport # NOTE: bootpc port is used for dhcp client EXTERN_UDP_PORTS="0/0_domain 0/0_ntp 0/0_bootpc" # # End of changes made by Charles Steinkuehler for dhcp support # # TCP services open to outside world # - srcip/mask_dstport EXTERN_TCP_PORTS="0/0_ssh 0/0_smtp" # Internal interface INTERN_IF="eth1" # Internal Interface INTERN_NET=192.168.1.0/24 # Internal network (to be masqueraded) INTERN_IP=192.168.1.253 # IP number of Internal Interface # (to allow forwarding to external IP) MASQ_SWITCH=YES # Masquerade internal network to outside # world - YES/NO # These services are not masqueraded from inside to outside. proto_destnet_port # Allows the firewall to be trusted for ssh access to routers... # Override for below #NOMASQ_DEST_BYPASS="tcp_10.0.0.1_ssh" # services not to be masqueraded #NOMASQ_DEST="tcp_0/0_ssh" # Uncomment following for internal services. # The following is an example of what should be put here. # Tuples are as follows: # <protocol>_<extern-ip>_<extern-port>_<intern-ip>_<intern-port> #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp" # These lines use the primary external IP address...if you need to port-forward # an aliased IP address, use the INTERN_SERVERS setting above #INTERN_FTP_SERVER=192.168.1.1 # Internal FTP server to make available #INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available #EXTERN_SSH_PORT=24 # External port to use for internal SSH access ############################################################################### # Interface activation/deactivation functions # Here so that special interface commands can be called and daemons started # # Arps can be set up here, network/host routes and so forth. # # This appears to be a little messy but is needed to achieve maximum # functionality and flexibility. # ############################################################################### if_up () { local ADDR # sort out a few things to make life easier - here so that you # can see what is done and so that you can add anything if needed eval local IPADDR=\${"$1"_IPADDR:-""} # I am also a good genius eval local MASKLEN=\${"$1"_MASKLEN:-""} eval local BROADCAST=\${"$1"_BROADCAST:-""} eval local PTPADDR=\${"$1"_PTPADDR:-""} eval local DEFAULT_GW=\${"$1"_DEFAULT_GW:-""} eval local IP_EXTRA_ADDRS=\${"$1"_IP_EXTRA_ADDRS:-""} eval local FAIRQ=\${"$1"_FAIRQ:-""} eval local TXQLEN=\${"$1"_TXQLEN:-""} eval local IP_SPOOF=\${"$1"_IP_SPOOF:-""} eval local IP_KRNL_LOGMARTIANS=\${"$1"_IP_KRNL_LOGMARTIANS:-""} eval local IP_SHARED_MEDIA=\${"$1"_IP_SHARED_MEDIA:-""} eval local BRIDGE=\${"$1"_BRIDGE:-""} eval local PROXY_ARP=\${"$1"_PROXY_ARP:-""} if [ -n "$BROADCAST" ] ; then IFCFG_BROADCAST="broadcast $BROADCAST" fi # Do dee global bridge stuff brg_global # Set default interface flags here - used for PPP and WAN interfaces if_setproc default rp_filter $DEF_IP_SPOOF if_setproc default log_martians $DEF_IP_KRNL_LOGMARTIANS if_setproc all accept_redirects $ALLIF_ACCEPT_REDIRECTS # Set up each interface case $1 in ppp0) pppd call provider ;; fr*) wanconfig card wanpipe1 dev $1 start ip addr add $IPADDR peer $PTPADDR dev $1 ip link set $1 up # Fair queuing - this can be selected for any interface ip_frQoS $1 ;; *) # default interface startup brg_iface $1 up $BRIDGE [ -n "$IPADDR" ] \ && ip addr add $IPADDR/$MASKLEN $IFCFG_BROADCAST dev $1 for ADDR in $IP_EXTRA_ADDRS; do ip addr add $ADDR dev $1 done ip link set $1 up # Fair queuing - this can be selected for any interface ip_QoS $1 ;; esac # Do universal interface config items here # Default route support [ -n "$DEFAULT_GW" ] \ && ip route replace default nexthop via $DEFAULT_GW dev $1 # Set the TX Queue Length [ -n "$TXQLEN" ] \ && ip link set $1 txqlen $TXQLEN # Spoof protection if_setproc $1 rp_filter $IP_SPOOF # Kernel logging of martians on this interface if_setproc $1 log_martians $IP_KRNL_LOGMARTIANS # Shared Media stuff if_setproc $1 shared_media $IP_SHARED_MEDIA # Proxy ARP support if_setproc $1 proxy_arp $PROXY_ARP return 0 } if_down () { # Do Dee global bridge stuff brg_global case $1 in ppp*) [ -f /var/run/$1.pid ] && qt kill `cat /var/run/$1.pid` sleep 5 # Wait for pppd to die ;; fr*) qt ip link set $1 down qt ip addr flush dev $1 qt wanconfig card wanpipe1 dev $1 stop ;; *) # default action brg_iface $1 down ip link set $1 down # This also kills any routes qt ip addr flush dev $1 ;; esac # Clean up any QoS/fair queuing stuff ip_QoSclear $1 true } #END if_down ############################################################################### # Hostname Requires: CONFIG_HOSTNAME=YES ############################################################################### HOSTNAME=myrouter ############################################################################### # Hosts file (Static domainname entires) Requires: CONFIG_HOSTSFILE=YES ############################################################################### # IP FQDN hostname alias1 alias2.. HOSTS0="$eth0_IPADDR $HOSTNAME.private.network $HOSTNAME mr rtr" #HOSTS1="192.168.1.22 host2.private.network host2 h2" ############################################################################### # Domain Search Order and Name Servers Requires: CONFIG_DNS=YES ############################################################################### DOMAINS="private.network" DNS0=0.0.0.0 DNS1=0.0.0.0 ############################################################################### # QoS/Fariqueing functions ############################################################################### ip_QoSclear () { [ -x /sbin/tc ] \ && qt tc qdisc del dev $1 root return 0 } ip_frQoS () { # Set some vaiables eval local FAIRQ=\${"$1"_FAIRQ:-""} eval local BULKRATE=\${"$1"_BULKRATE:-""} eval local BULKBURST=\${"$1"_BULKBURST:-""} eval local FRBURST=\${"$1"_FRBURST:-""} eval local HNDL=\${"$1"_HNDL:-""} eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""} eval local IARATE=\${"$1"_IARATE:-""} eval local IABURST=\${"$1"_IABURST:-""} eval local PXMTU=\${"$1"_PXMTU:-""} if [ ! -x /sbin/tc ]; then return 1 fi if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ] then return 1 fi if [ -z "$BULKRATE" -o -z "$FRBURST" -o -z "$HNDL" -o -z "$PXMTU" \ -o -z "$BNDWIDTH" -o -z "$IARATE" -o -z "$IABURST" \ -o -z "$BULKBURST" ]; then tc qdisc replace dev $1 root sfq return 0 fi # Attach CBQ to device tc qdisc add dev $1 root handle $HNDL: cbq \ bandwidth $BNDWIDTH avpkt 1000 # Set up classes # Bulk class tc class add dev $1 parent $HNDL:0 classid :1 \ est 1sec 8sec cbq bandwidth $BNDWIDTH \ rate $BULKRATE allot $PXMTU bounded weight 1 prio 6 \ avpkt 1000 maxburst $BULKBURST \ split $HNDL:0 defmap ff7f tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15 # Interactive Class tc class add dev $1 parent $HNDL:0 classid :2 \ est 2sec 16sec cbq bandwidth $BNDWIDTH \ rate $IARATE allot $PXMTU bounded weight 1 prio 6 \ avpkt 1000 maxburst $IABURST \ split $HNDL:0 defmap 80 tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15 # Priority class tc class add dev $1 parent $HNDL:0 classid :3 \ est 1sec 8sec cbq bandwidth $BNDWIDTH \ rate $FRBURST allot $PXMTU bounded weight 1 prio 1 \ avpkt 1000 maxburst 21 tc qdisc add dev $1 parent $HNDL:3 pfifo # Add filters tc filter add dev $1 parent $HNDL:0 protocol ip \ priority 50 handle $MRK_CRIT fw classid $HNDL:3 tc filter add dev $1 parent $HNDL:0 protocol ip \ priority 60 handle $MRK_IA fw classid $HNDL:2 return 0 } ip_QoS () { # Set some vaiables eval local HNDL=\${"$1"_HNDL:-""} eval local FAIRQ=\${"$1"_FAIRQ:-""} if [ -z "$FAIRQ" -a -n "$2" ]; then local FAIRQ=$2 fi eval local BNDWIDTH=\${"$1"_BNDWIDTH:-""} if [ -z "$BNDWIDTH" -a -n "$3" ]; then local BNDWIDTH=$3 fi eval local PXMTU=\${"$1"_PXMTU:-""} if [ -z "$PXMTU" -a -n "$4" ]; then local PXMTU=$4 fi eval local IARATE=\${"$1"_IARATE:-""} if [ -z "$IARATE" -a -n "$5" ]; then local IARATE=$5 fi eval local IABURST=\${"$1"_IABURST:-""} if [ -z "$IABURST" -a -n "$6" ]; then local IABURST=$6 fi if [ ! -x /sbin/tc ]; then return 1 fi if [ "$FAIRQ" != "YES" -a "$FAIRQ" != "Yes" -a "$FAIRQ" != "yes" ] then return 1 fi if [ -z "$BNDWIDTH" -o -z "$IABURST" -o -z "$IARATE" -o -z "$HNDL" \ -o -z "$PXMTU" ]; then tc qdisc replace dev $1 root sfq return 0 fi # Attach CBQ to device tc qdisc add dev $1 root handle $HNDL: cbq \ bandwidth $BNDWIDTH \ avpkt 1000 # Set up classes # Bulk class tc class add dev $1 parent $HNDL:0 classid :1 est 1sec 8sec \ cbq bandwidth $BNDWIDTH rate $BNDWIDTH \ allot $PXMTU avpkt 1000 bounded weight 1 prio 6 \ split $HNDL:0 defmap ff7f tc qdisc add dev $1 parent $HNDL:1 sfq perturb 15 # Interactive class tc class add dev $1 parent $HNDL:0 classid :2 est 2sec 16sec \ cbq bandwidth $BNDWIDTH rate $IARATE maxburst $IABURST \ allot $PXMTU avpkt 1000 bounded isolated weight 1 \ prio 2 split $HNDL:0 defmap 80 tc qdisc add dev $1 parent $HNDL:2 sfq perturb 15 # Priority class tc class add dev $1 parent $HNDL:0 classid :3 est 1sec 8sec \ cbq bandwidth $BNDWIDTH rate $BNDWIDTH \ allot $PXMTU avpkt 1000 bounded weight 1 prio 1 tc qdisc add dev $1 parent $HNDL:3 pfifo # Add filters tc filter add dev $1 parent $HNDL:0 protocol ip \ priority 50 handle $MRK_CRIT fw classid $HNDL:3 tc filter add dev $1 parent $HNDL:0 protocol ip \ priority 60 handle $MRK_IA fw classid $HNDL:2 \ return 0 } ############################################################################### # End ############################################################################### __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: DEDICATED SERVERS only $89! Linux or FreeBSD, FREE setup, FAST network. Get your own server today at http://www.ServePath.com/indexfm.htm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
