onday, July 12, 2004 6:53 PM
> To: Mike
> Cc: [EMAIL PROTECTED]
> Subject: Re: [LARTC] Layer 7 netfilter not working
>
> > You may be marking on the ingress interface. Locally generated
packets
> > do not go through that NIC and therefore do not get marked. You
would
>
You may be marking on the ingress interface. Locally generated packets
do not go through that NIC and therefore do not get marked. You would
have to mark them on the INPUT chain of your egress interface.
Mike Fetherston
Thats the line in my iptables-skript:
$IPTABLES -t mangle -A POSTROUTING -m l
On Monday 12 July 2004 13:46, Mike wrote:
> You may be marking on the ingress interface. Locally generated packets
> do not go through that NIC and therefore do not get marked. You would
> have to mark them on the INPUT chain of your egress interface.
Keeping in mind that INPUT doesn't see both
So my question: Why do the layer7 rules only work with connections
over the router but not from the router itself?
Look at your script and look at which interface you are shaping on.
Most likely you are shaping on the interface which talks to the lan. So
the stuff destined for the local mach
> Sent: Monday, July 12, 2004 12:24 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [LARTC] Layer 7 netfilter not working
>
> heya!
> first thanks to all for your help. shaping is working now (not 100%
but
> working).
> This is why I didn't notice that it already worked:
> M
heya!
first thanks to all for your help. shaping is working now (not 100% but
working).
This is why I didn't notice that it already worked:
My settings where all correct, BUT when I establish for example a FTP
connection from the router itself, it is somehow not shaped, however a
connection over
Everyone,
Don't you mark on the inbound interface and shape on the outbound
interface?
Mike Fetherston
> -Original Message-
> From: FB [mailto:[EMAIL PROTECTED]
> Sent: Friday, July 09, 2004 1:11 PM
> To: [EMAIL PROTECTED]
> Subject: [LARTC] Layer 7 netfilter no
`man iptables`
"REJECT
This is used to send back an error packet in response to the matched packet:
otherwise it is equivalent to DROP so it is a terminating TARGET, ending rule
traversal. This target is only valid in the INPUT, FORWARD and OUTPUT
chains, and userdefined chains which are only
On Friday 09 July 2004 16:51, Ed Wildgoose wrote:
> Can you REJECT in the mangle table?
>
It seems not.
rebecca:~# iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j
REJECT
iptables: Invalid argument
rebecca:~# iptables -A INPUT -m layer7 --l7proto http -j REJECT
rebecca:~# iptables
Jason Boxman wrote:
On Friday 09 July 2004 14:58, FB wrote:
Doesn't change anything :-(
BTW, when I use the setting from the NETFILTER HOWTO page:
iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j MARK
--set-mark 1
and change it (as written in the howto under "blocking") to:
iptable
On Friday 09 July 2004 14:58, FB wrote:
> Doesn't change anything :-(
> BTW, when I use the setting from the NETFILTER HOWTO page:
>
> iptables -t mangle -A POSTROUTING -m layer7 --l7proto http -j MARK
> --set-mark 1
>
> and change it (as written in the howto under "blocking") to:
> iptables -t ma
Jason Boxman wrote:
That's not necessary. You might be creating more work for yourself. I just
recycled the Debian iptables package, which is still 1.2.9 I believe. You'll
need to patch it and create the appropriate dot file for the build to
succeed, but after that I just rebuild the package
On Friday 09 July 2004 13:10, FB wrote:
> Hello there!
>
> I am trying to get traffic shaping working on my Linux router (debian
> woody 3r02) and for some things I wanted to use the layer 7 packet
> classifier, but I can't get it to work.
> Here is what I did:
>
> -downloaded the patches from http
Hello there!
I am trying to get traffic shaping working on my Linux router (debian
woody 3r02) and for some things I wanted to use the layer 7 packet
classifier, but I can't get it to work.
Here is what I did:
-downloaded the patches from http://l7-filter.sourceforge.net
-downloaded the kernel 2
14 matches
Mail list logo
