-p udp -m multiport
--port 4569 -j RETURN
Kind Regards
William Bohannan
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Regards
William Bohannan
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
link set eth0 up
pre-up /sbin/ip link set eth1 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth0
pre-up /usr/sbin/brctl addif br0 eth1
Kind Regards
William Bohannan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor
Sent
up NAT
ip addr add 10.10.1.254/24 dev br0
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
route add -net -n 0.0.0.0 dev br0
#enable forwarding
echo 1 /proc/sys/net/ipv4/ip_forward
Please advise.
Kind Regards
William Bohannan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
link set eth1 up
pre-up /usr/sbin/brctl addbr br0
pre-up /usr/sbin/brctl addif br0 eth0
pre-up /usr/sbin/brctl addif br0 eth1
Thanks again for all the help so far.
Kind Regards
William Bohannan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grant
! 192.168.2.0/24 -j MASQUERADE
#enable forwarding
echo 1 /proc/sys/net/ipv4/ip_forward
route add default gw 193.xxx.xxx.126
Kind Regards
William Bohannan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor
Sent: Monday, June 04, 2007 4:53 PM
-
Kind Regards
William Bohannan
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor
Sent: Monday, May 28, 2007 6:39 PM
To: Mail List - Linux Advanced Routing and Traffic Control
Subject: Re: [LARTC] 2 NICs
with errors.
Kind Regards
William Bohannan
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Currently have a bridge working, would now like to add a third virtual
nic so the machine can do nat as well to local users, however after a
crazy amount of ready cant seem to get my head around it. Please help.
Have a working bridge below (etc/network/interfaces and eth0 is the
internet side
Happy New Year.
Finally got my fw and tc rules down pat for the bridge, now interested
in introducing a third nic to have nat on the box as well. Does anyone
have a idea of a good place to start reading up on the subject, mainly
interested in how to setup the flow direction to start with as to
tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8080 PHYSDEV match --physdev-in eth0
--physdev-out eth1
Kind Regards
William
-Original Message-
From: Jasbir Khehra [mailto:[EMAIL PROTECTED]
Sent: 29 December 2006 08:40
To: lartc@mailman.ds9a.nl
Cc: William Bohannan
Subject
Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent proxy works great? It seems a
bit strange as from reading several articles on it I thought the
following occurs.
1st line - if it doest match it gets dropped on the local filter input.
:[EMAIL PROTECTED]
Sent: 28 December 2006 18:37
To: William Bohannan
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] filter policy drop and allow transparent proxy
William Bohannan wrote:
Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent
-Original Message-
From: Oscar Mechanic [mailto:[EMAIL PROTECTED]
Sent: 14 December 2006 12:41
To: William Bohannan
Cc: lartc@mailman.ds9a.nl
Subject: RE: [LARTC] blocking traffic on the FORWARD chain using physdev
Are you sure you want to block ICMP how about PMTU
ebtables -I FORWARD 1
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of William Bohannan
Sent: 20 December 2006 16:33
To: [EMAIL PROTECTED]
Cc: lartc@mailman.ds9a.nl
Subject: RE: [LARTC] blocking traffic on the FORWARD chain using physdev
Still can't seem to block on the FORWARD chain in one direction. I
Currently using physdev on a bridge to try and isolate certain paths
across and to the bridge. It all works except when trying to stop the
flow in one direction on the FORWARD chain?? Can someone please help??
Below is the testing done so far.
eth1 --- BRIDGE --- eth0
# Block (eth0 --- eth1) -
Message-
From: Oscar Mechanic [mailto:[EMAIL PROTECTED]
Sent: 14 December 2006 12:27
To: William Bohannan
Cc: lartc@mailman.ds9a.nl
Subject: Re: [LARTC] blocking traffic on the FORWARD chain using physdev
Hi
Physdev may no longer be supported soon something to do with hooks
and how
Having a problem with classid and prio and position. Wondering if
someone could help? Below I have pasted a part of my current rules, now
it consists of one chain and two pipes. If they both use 60Kbit which
one would get priority? Would it be the one with the better prio or the
one with the
Not sure this is the correct place to post this but I am
looking to have status of the firewall and traffic control (active, disabled,
stopped etc) on a webpage controlled via something like pid as the machine has
many things running on it, like firewall, traffic control, data collection
Thanks Simon. That helps out heaps. Going to use what you said and use
monit.
Kind Regards
William
-Original Message-
From: Simon Lodal [mailto:[EMAIL PROTECTED]
Sent: 16 September 2006 14:17
To: lartc@mailman.ds9a.nl
Cc: William Bohannan
Subject: Re: [LARTC] process id
So far the smallest rate I have been able to get is 1, why not use a
firewall if you want 0?
Kind Regards
William
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kristiadi Himawan
Sent: 15 August 2006 07:17
To: lartc@mailman.ds9a.nl
Subject: [LARTC]
Hi use traffic shaping on my local lan and it keeps all
drops packets by logging them to mysql via ulogd. Since there is windows and
apple users on the network I would like to have their computer names
instead of ip address to make for easy accounting. Does anyone know of a
script or tool
Thanks or the quick reply. Although I have had no success, I have been
trying all day using both physdev and ebtables, neither of which I can get
working :( Please help - below is what I am currently using.
***
#!/bin/sh
Hi I have been using Shorewall for a while now and find it very useful and easy
to configure, I am learning iptables and having trouble getting the bridge to
successfully work with squid, although I get it working with Shorewall straight
away? Does anyone know the rules to successfully use
Hi
I am currently learning iptables and would like to
see the output of shorewall rules in iptables format, as I would like to make a
script for the rules instead of using shorewall.
Kind Regards
William
___
LARTC mailing list
Using fwmark would mean that packets have to pass two filter systems. First
iptables, where the got marked and then the tc-filter ruleset where the mark
needs to be matched again. And this is something I want to avoid because
this means worse performance, so I was wondering if there is a possible
Hi I am having problems trying to get a time match with iptables 1.3.5 and
the latest pom it says time match only works in the prerouting stage but I
really need to use the classify command which only works in the postrouting.
Does any one have a patch for 2.6 kernel, latest pom and iptables
Hi
I am currently trying to get time control working but come up with an
error..
/sbin/iptables -t mangle -A ms-chain-eth0-1:11 -m time --datestart
2006:01:26:17:00:00 --datestop 2006:12:26:18:00:00 -j CLASSIFY --set-class
1:111
iptables: Unknown error 4294967295
iptables -m tos -help
Hi
I am currently trying to get time control working but come up with an
error..
/sbin/iptables -t mangle -A ms-chain-eth0-1:11 -m time --datestart
2006:01:26:17:00:00 --datestop 2006:12:26:18:00:00 -j CLASSIFY --set-class
1:111
iptables: Unknown error 4294967295
iptables -m time -help
Hi I am pretty much a newbie, I found with sip if I match ports 5060 and
1 - 2 it works I noticed on some phones the use 13000 - 14000 and
others use 18000 - 19000. there is a new sip-contrack out although I
haven't tried it yet.
william
-Original Message-
From: [EMAIL
Hi installed Debian with bridging enabled then I install
squid.
Squid work if I manually enter proxy setting in firefox.
Then I ran the following to make it transparent:
echo 1
/proc/sys/net/ipv4/ip_forward
ebtables -t broute -A
BROUTING -p IPv4 --ip-protocol 6
31 matches
Mail list logo