-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings,
: I have tried using iptraf for my NAT firewall to analyse the IP
: traffic. Basically I am faced with this difficulty of related the
: source IP to the outgoing interface to the internet, so I am
: wondering if anyone has a suggesti
From: "Salim S I" <[EMAIL PROTECTED]>
> A different approach is to use iptables counters in FORWARD chain (-s
> $CLIENT_IP -i eth0 -o ! eth0). That would require a rule for each user.
>
>
Well sort of theoretically possible but bad in pratice. If I have 300
internal users, I will have to crea
A different approach is to use iptables counters in FORWARD chain (-s
$CLIENT_IP -i eth0 -o ! eth0). That would require a rule for each user.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ming-Ching Tiew
Sent: Wednesday, September 05, 2007 11:09 AM
To:
I have tried using iptraf for my NAT firewall to analyse the IP traffic.
Basically I am faced with this difficulty of related the source IP
to the outgoing interface to the internet, so I am wondering if
anyone has a suggestion for a different ways to do it, or a suggestion
for a better tool.
Det
Here is my natting script
--
IPTABLES=/sbin/iptables
echo 1 > /proc/sys/net/ipv4/ip_forward
$IPTABLES -F
$IPTABLES -t nat -F
/sbin/modprobe ip_nat_ftp
INTERNAL_NETWORK="192.168.3.0/24"
$IPTABLES -t nat -A POSTROUTING -s $INTERNAL_NETWORK -o eth2 -j
MASQUERADE
$IPTABLES -t nat
Hi all,
I am now testing on a simplest scenario. I have an ip 192.168.3.5 on
intranet. I want to route it through ISP1. All other traffic will go through
ISP2 which is default gateway on machine so I dont need to add any rule for
that. I have executed following commands
echo 150 ISP1 >>
Martin A. Brown wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good morning,
: I ran "tc filter" on the command line, but received no output in
: return. I read the man page and it leads me to believe that it's
: not meant for viewing the filters.
Depends, but yes, the "tc filter"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Good morning,
: By classifier I think you mean:
: iptables -t mangle -A POSTROUTING -o ${IFext} -p tcp --dport 1:1 -j
: CLASSIFY --set-class 1:100
Exactly.
: And having looked at that, I see part of my problem. --dport should be
: --spo
Martin A. Brown wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Greetings again,
: So you are saying I have to not only do traffic shaping, but also
: traffic policing on my internal device? Or do I have to do
: traffic shaping on both devices and no traffic policing? In other
: wor