Hello everybody.
AFAIK ipsec policy aren't related to routing
tables: if there is an ipsec policy to deliver
traffic, for example, from 192.168.0.0/16 to
10.0.0.0/8, xfrm will eat the packets ignoring
the routing table.
Take a look:
# ip ru sh
0: from all lookup local
601:from 172.23.0.0
> Tablename: mangle hook: NF_IP_PRE_ROUTING
> target: MARK set 0x1 index 0
> Action 4 device ifb0 ifindex 10
> RTNETLINK answers: No such file or directory
> We have an error talking to the kernel
> I have act_mirred loaded, and I have
> act_ipt loaded. What gives?
Did you load the iptables mark
Tim Stoop wrote:
> Hi all,
>
> I'm trying to create a IPsec tunnel from a Debian Etch machine to a
> Cisco PIX. Part of my config is the following:
>
> add x.x.x.x x.x.x.x esp 34501 -m tunnel -E aes-ctr "abcdefghijklmnop";
>
> When I try to set this using setkey, it fails with the following
messag
Nagy Gabor Peter wrote:
> So I thought that I will create a virtual interface, and route all
> traffic from the Internet through this one. So incoming on Internet
> interface, outgoing on virtual interface, and from there incoming on
the
> firewall machine, or outgoing on the LAN or the DMZ interf
??? ?? wrote:
> search for "SAME" target:
I have already tried. See below.
> > > destination host? I have also modified SNAT
> > > with SAME, but no luck.
___
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailma
Luciano Ruete wrote:
> You need to use iptables CONNMARK to keep track of "wich conn" with
"wich
> ISP", see this[1] thread for reference and a nano HOWTO.
>
> [1]http://mailman.ds9a.nl/pipermail/lartc/2006q2/018964.html
Thanks for the hint, however the really setup is
a little different and AFA
Hello everybody.
I'm running linux 2.6.19 with nth match to
alternatively snat outgoing connections to
two different ip addresses for load balancing
between two adsl lines:
Here is:
$IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
multiport --dports 80,443 -m statistic --mode nth --every
> I've got a 2.6.18.3 kernel and I search which options I should
activate
> for IFB support
> Regards
Device Drivers --->
Network device support --->
[*] Network device support
Intermediate Functional Block support
Of course, it also depend on 'QoS and/or fair queueing'
under 'netwo
Hi everybody.
I would like to know how incoming ipsec packets (from
eth0 for example) interact with ifb device.
For example: I want to redirect all incoming packets
from eth0 to ifb0 for shaping. What happens to esp
and the relative clear packets? By default both are
seeing on the incoming device.
Hi everybody.
I would like to know how incoming ipsec packets (from
eth0 for example) interact with ifb device.
For example: I want to redirect all incoming packets
from eth0 to ifb0 for shaping. What happens to esp
and the relative clear packets? By default both are
seeing on the incoming device.
Hi everybody.
I'm receiving this error message:
Action 4 device ifb0 ifindex 7
when I issue this command:
tc filter add dev eth1 parent : protocol ip prio 1 u32 \
match u32 0 0 action mirred egress redirect dev ifb0
I'm using linux 2.6.19-rc6 with tc version ss061002
Hints?
_
Hello everybody.
I would like to enable QoS on the internal firewall NIC
(eth2) to prevent bandwidth saturation from ftp downloads
(for example). This is my firewall schema.
___ private network (100bit/s FD)
/
/ /\
Hello everybody.
I would like to do some kind of shaping inside an
ipsec tunnel implemented by Openswan and linux
2.6.18.x with xfrm (no KLIPS): for example, to
limit outbound smtp traffic inside the tunnel.
Question: where should I attach the qdisc to? Eth0?
I'm asking this, because tcpdump only s
Hello.
I have a pretty strange problem with routing and iptables mark.
My firewall has a classic 3 NIC config: one nic connected to the
ISP routers, one network for DMZ and the third network for my
private network. Here is the schema:
HUB
HDSL router+ADSL router
Hi.
I have a problem with iptables mark target.
I'm using iptables to mark packet in this manner:
iptables -t mangle -I OUTPUT --protocol tcp --dport 80 -j MARK --set-mark 1
This linux box has two different ip addresses on
two different subnet on the same ethernet NIC:
eth0: 1.1.1.254/24
eth0:
Hello everybody.
I'm playing with ipsec on linux 2.6.0-test9 + ipsec-tools-0.2.2
I have a question.
I would like to implement a simple esp-tunnel with ipcomp. I have
written this:
#!/usr/local/sbin/setkey -f
flush;
spdflush;
spdadd 10.1.2.0/24 10.1.1.0/24 any -P in ipsec
esp/tunnel/172.16.1.247-
16 matches
Mail list logo