On Thu, 2003-03-13 at 08:50, Eric Leblond wrote:
> Le mer 12/03/2003 à 22:25, Abraham van der Merwe a écrit :
> I wrote a very little howto :
> http://home.regit.org/connmark.html
I just rewrite the mini-howto because I found a best way to do the
thing.
The code is now the following :
iptables -
Le lun 17/03/2003 à 21:30, Manuel Samper a écrit :
> Ethy H. Brito, on Monday, Mar 17 2003 at 21:17, wrote:
> > This restoring shouldn't it be done at PREROUTING chain instead of
> > POSTROUTING as pointed in you mini HOWTO or it makes no difference?
All depends if you use an ingress policy. If yo
Ethy H. Brito, on Monday, Mar 17 2003 at 21:17, wrote:
> On 15 Mar 2003 22:12:31 +0100
> Eric Leblond <[EMAIL PROTECTED]> wrote:
>
> > Le sam 15/03/2003 à 21:18, Manuel Samper a écrit :
> > > Eric Leblond, on Wednesday, Mar 12 2003 at 16:03, wrote:
> >
> > > so, why is needed the "--restore-mark/
On 15 Mar 2003 22:12:31 +0100
Eric Leblond <[EMAIL PROTECTED]> wrote:
> Le sam 15/03/2003 à 21:18, Manuel Samper a écrit :
> > Eric Leblond, on Wednesday, Mar 12 2003 at 16:03, wrote:
>
> > so, why is needed the "--restore-mark/--save-mark"?. I guess that
> > the tc filters (e.g. fwmark) can only
Le sam 15/03/2003 à 21:18, Manuel Samper a écrit :
> Eric Leblond, on Wednesday, Mar 12 2003 at 16:03, wrote:
> so, why is needed the "--restore-mark/--save-mark"?. I guess that the tc
> filters (e.g. fwmark) can only see/manage the packets marked by the mark
> module a not by connmark, it's corre
Le mer 12/03/2003 à 22:25, Abraham van der Merwe a écrit :
> For example,
> let's say I wanted to match h323 packets. How would I know what MARK value
> to use?
Because we let the conntrack do the job for us. it set the mark almost
by itself using information given by the module.
I wrote a very l
Hi Eric!
> > iptables -A FORWARD -s $net -m conntrack --proto ftp
> > iptables -A FORWARD -s $net -m conntrack --proto irc
> > iptables -A FORWARD -s $net -m conntrack --proto h323
>
> To do so you can use the conmarck module (from iptable pom) : the mark
> of the packet is given following the co
On 12 Mar 2003, Eric Leblond wrote:
> On Wed, 2003-03-12 at 15:18, Abraham van der Merwe wrote:
> > iptables -A FORWARD -s $net -m conntrack --proto ftp
> > iptables -A FORWARD -s $net -m conntrack --proto irc
> > iptables -A FORWARD -s $net -m conntrack --proto h323
>
> To do so you can use the
On Wed, 2003-03-12 at 15:18, Abraham van der Merwe wrote:
> iptables -A FORWARD -s $net -m conntrack --proto ftp
> iptables -A FORWARD -s $net -m conntrack --proto irc
> iptables -A FORWARD -s $net -m conntrack --proto h323
To do so you can use the conmarck module (from iptable pom) : the mark
of
Hi!
If I have the ftp connection tracking module compiled in, how do I match ftp
packets (I know ftp connections are tracked, but I want to match it to count
the traffic / shape it, etc)
You can obviously match active and passive ftp traffic as follows:
iptables -A FORWARD -s $net -p tcp --dport
10 matches
Mail list logo
