[LARTC] 2 NICS - local services not shaping correctly

-p udp -m multiport --port 4569 -j RETURN Kind Regards William Bohannan ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] HTB - Setting up guaranteed minimum rate for a leaf

Regards William Bohannan ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

RE: [LARTC] 2 NICs Bridge + Router

link set eth0 up pre-up /sbin/ip link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor Sent

RE: [LARTC] 2 NICs Bridge + Router

up NAT ip addr add 10.10.1.254/24 dev br0 iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE route add -net -n 0.0.0.0 dev br0 #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward Please advise. Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [LARTC] 2 NICs Bridge + Router

link set eth1 up pre-up /usr/sbin/brctl addbr br0 pre-up /usr/sbin/brctl addif br0 eth0 pre-up /usr/sbin/brctl addif br0 eth1 Thanks again for all the help so far. Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant

RE: [LARTC] 2 NICs Bridge + Router (working debian)

! 192.168.2.0/24 -j MASQUERADE #enable forwarding echo 1 /proc/sys/net/ipv4/ip_forward route add default gw 193.xxx.xxx.126 Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor Sent: Monday, June 04, 2007 4:53 PM

RE: [LARTC] 2 NICs Bridge + Router

- Kind Regards William Bohannan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grant Taylor Sent: Monday, May 28, 2007 6:39 PM To: Mail List - Linux Advanced Routing and Traffic Control Subject: Re: [LARTC] 2 NICs

[LARTC] 2 NICs Bridge + Router

with errors. Kind Regards William Bohannan ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[LARTC] Brouting on two NICS + 1 virtual NIC

Currently have a bridge working, would now like to add a third virtual nic so the machine can do nat as well to local users, however after a crazy amount of ready cant seem to get my head around it. Please help. Have a working bridge below (etc/network/interfaces and eth0 is the internet side

[LARTC] TC on multiple nics

Happy New Year. Finally got my fw and tc rules down pat for the bridge, now interested in introducing a third nic to have nat on the box as well. Does anyone have a idea of a good place to start reading up on the subject, mainly interested in how to setup the flow direction to start with as to

RE: [LARTC] filter policy drop and allow transparent proxy

tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 PHYSDEV match --physdev-in eth0 --physdev-out eth1 Kind Regards William -Original Message- From: Jasbir Khehra [mailto:[EMAIL PROTECTED] Sent: 29 December 2006 08:40 To: lartc@mailman.ds9a.nl Cc: William Bohannan Subject

[LARTC] filter policy drop and allow transparent proxy

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input.

RE: [LARTC] filter policy drop and allow transparent proxy

:[EMAIL PROTECTED] Sent: 28 December 2006 18:37 To: William Bohannan Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] filter policy drop and allow transparent proxy William Bohannan wrote: Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent

RE: [LARTC] blocking traffic on the FORWARD chain using physdev

-Original Message- From: Oscar Mechanic [mailto:[EMAIL PROTECTED] Sent: 14 December 2006 12:41 To: William Bohannan Cc: lartc@mailman.ds9a.nl Subject: RE: [LARTC] blocking traffic on the FORWARD chain using physdev Are you sure you want to block ICMP how about PMTU ebtables -I FORWARD 1

RE: [LARTC] blocking traffic on the FORWARD chain using physdev

- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of William Bohannan Sent: 20 December 2006 16:33 To: [EMAIL PROTECTED] Cc: lartc@mailman.ds9a.nl Subject: RE: [LARTC] blocking traffic on the FORWARD chain using physdev Still can't seem to block on the FORWARD chain in one direction. I

[LARTC] blocking traffic on the FORWARD chain using physdev

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 --- BRIDGE --- eth0 # Block (eth0 --- eth1) -

RE: [LARTC] blocking traffic on the FORWARD chain using physdev

Message- From: Oscar Mechanic [mailto:[EMAIL PROTECTED] Sent: 14 December 2006 12:27 To: William Bohannan Cc: lartc@mailman.ds9a.nl Subject: Re: [LARTC] blocking traffic on the FORWARD chain using physdev Hi Physdev may no longer be supported soon something to do with hooks and how

[LARTC] classid, prio and position

Having a problem with classid and prio and position. Wondering if someone could help? Below I have pasted a part of my current rules, now it consists of one chain and two pipes. If they both use 60Kbit which one would get priority? Would it be the one with the better prio or the one with the

[LARTC] process id with firewall and tc

Not sure this is the correct place to post this but I am looking to have status of the firewall and traffic control (active, disabled, stopped etc) on a webpage controlled via something like pid as the machine has many things running on it, like firewall, traffic control, data collection

RE: [LARTC] process id with firewall and tc

Thanks Simon. That helps out heaps. Going to use what you said and use monit. Kind Regards William -Original Message- From: Simon Lodal [mailto:[EMAIL PROTECTED] Sent: 16 September 2006 14:17 To: lartc@mailman.ds9a.nl Cc: William Bohannan Subject: Re: [LARTC] process id

RE: [LARTC] smallest rate

So far the smallest rate I have been able to get is 1, why not use a firewall if you want 0? Kind Regards William -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kristiadi Himawan Sent: 15 August 2006 07:17 To: lartc@mailman.ds9a.nl Subject: [LARTC]

[LARTC] Accounting using ip addresses and ulogd

Hi use traffic shaping on my local lan and it keeps all drops packets by logging them to mysql via ulogd. Since there is windows and apple users on the network I would like to have their computer names instead of ip address to make for easy accounting. Does anyone know of a script or tool

RE: [LARTC] linux transparent bridge running squid and dansguardian

Thanks or the quick reply. Although I have had no success, I have been trying all day using both physdev and ebtables, neither of which I can get working :( Please help - below is what I am currently using. *** #!/bin/sh

[LARTC] linux transparent bridge running squid

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use

[LARTC] learning iptables

Hi I am currently learning iptables and would like to see the output of shorewall rules in iptables format, as I would like to make a script for the rules instead of using shorewall. Kind Regards William ___ LARTC mailing list

RE: [LARTC] iptables CLASSIFY vs fwmark?

Using fwmark would mean that packets have to pass two filter systems. First iptables, where the got marked and then the tc-filter ruleset where the mark needs to be matched again. And this is something I want to avoid because this means worse performance, so I was wondering if there is a possible

[LARTC] iptables time match mangle stage

Hi I am having problems trying to get a time match with iptables 1.3.5 and the latest pom it says time match only works in the prerouting stage but I really need to use the classify command which only works in the postrouting. Does any one have a patch for 2.6 kernel, latest pom and iptables

[LARTC] trying to get time control working

Hi I am currently trying to get time control working but come up with an error.. /sbin/iptables -t mangle -A ms-chain-eth0-1:11 -m time --datestart 2006:01:26:17:00:00 --datestop 2006:12:26:18:00:00 -j CLASSIFY --set-class 1:111 iptables: Unknown error 4294967295 iptables -m tos -help

[LARTC] trying to get time working - had error in first email

Hi I am currently trying to get time control working but come up with an error.. /sbin/iptables -t mangle -A ms-chain-eth0-1:11 -m time --datestart 2006:01:26:17:00:00 --datestop 2006:12:26:18:00:00 -j CLASSIFY --set-class 1:111 iptables: Unknown error 4294967295 iptables -m time -help

RE: [LARTC] Sip Traffic

Hi I am pretty much a newbie, I found with sip if I match ports 5060 and 1 - 2 it works I noticed on some phones the use 13000 - 14000 and others use 18000 - 19000. there is a new sip-contrack out although I haven't tried it yet. william -Original Message- From: [EMAIL

[LARTC] transparent bridge

Hi installed Debian with bridging enabled then I install squid. Squid work if I manually enter proxy setting in firefox. Then I ran the following to make it transparent: echo 1 /proc/sys/net/ipv4/ip_forward ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6