search for: iif

Displaying 20 results from an estimated 116 matches for "iif".

Did you mean: if
2018 Jan 30
5
[Bug 1220] New: Reverse path filtering using "fib" needs better documentation
...ablo at netfilter.org Reporter: f30 at f30.me Reverse path filtering means dropping a packet if connections to its source IP wouldn't use the same interface the packet arrived on. The nftables wiki states [1] that this can be implemented like: nft add rule x prerouting fib saddr . iif oif eq 0 drop Slides by Florian Westphal [2] suggest to use: nft add rule ... fib saddr . oif oif = 0 drop But this fails with "Invalid argument" even when replacing "=" by "==" or "eq". `fib saddr . iif oif eq 0` achieves the desired goal (except for b...
2011 Nov 27
1
sqldf if iif
Dear all, I have problems with iif function using sqldf library. I counted abundance (Num) of different "SPECIES" in two moments (esf) saving the information in two Tables (esf50, esf100): esf50 SAMPLE SPECIES Num esf 1289 diso1 44 50 1289 diso2...
2009 Mar 15
2
Testing for Inequality à la "select case"
...e in Excel much tidier in my opinion (especially the range_aux part), element by element (cell by cell), with a VBA function as follows: Function MyRange(x as Double) as Double Select Case x Case Is <= 20000 MyRange = 0.65 * x Case Is <= 100000 RCJuiProfDet = IIf(0.40 * x < 14000, 14000, 0.4 * x) Case Is <= 250000 RCJuiProfDet = IIf(0.3 * x < 40000, 40000, 0.3 * x) Case Is <= 700000 RCJuiProfDet = IIf(0.25 * x < 75000, 75000, 0.25 * x) Case Is <= 1000000 RCJuiProfDet = IIf(0.2 * x < 175000, 1750...
2006 Feb 07
0
About two IFs with the same IP and the multipath
...y the HOWTO: one computer with two Internet connections. The problems come when I try to use the same IPs for both A and B. So A is 10.229.25.8 and B 10.229.25.8. I cannot do otherwise, I''m forced to use the same IPs. For the rules which select the sources I''ve tried to use the `iif'' option instead of the `from'' one. 32764: from all iif tunl1 lookup main 202 32765: from all iif tunl0 lookup main 201 These rules don''t work and this means that the packets choose a different gw each time and the TCP connections are killed. I''ve tried also...
2007 Feb 21
1
simple source policy routing not working
...-o wlan0 -t nat echo 200 Forw >> /etc/iproute2/rt_tables ip rule add from 172.30.230.230 table Forw ip route add 192.168.1.99 via 192.168.10.1 dev wlan0 table main ip route add 192.168.1.99 dev eth0 table Forw ip -statistics route flush cache ip route get 192.168.1.98 from 172.30.230.230 iif eth1 # 192.168.1.98 from 172.30.230.230 dev eth0 src 172.16.1.1 # cache <src-direct> mtu 1492 advmss 1452 fragtimeout 64 iif eth1 ip route get 192.168.1.99 from 172.30.230.230 iif eth1 # 192.168.1.99 from 172.30.230.230 dev eth0 src 172.16.1.1 # cache <src-direct> mtu...
2007 Feb 13
11
Routing problem (RTNETLINK answers: Invalid argument) on multiple internet link.
...is only used for traffic originating inside the network. The other (eth1, 192.168.1.2) is only used for a VPN, where all (udp) traffic originates from outside our network. I have created a second routing table for eth1, with its own default gateway, and selected it with ip rule from 192.168.1.2 iif lo lookup 4. All this works fine. My problem is that one of the udp ports is forwarded to another server using iptables: /sbin/iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.1.2 --dport 4902 -j DNAT --to 192.168.12.5:4902 using tcpdump on eth1, I can see that the incoming packets receiv...
2024 Jul 16
4
[Bug 1761] New: nft_fib checks only the main route table when iif is a slave of a master vrf interface
https://bugzilla.netfilter.org/show_bug.cgi?id=1761 Bug ID: 1761 Summary: nft_fib checks only the main route table when iif is a slave of a master vrf interface Product: nftables Version: 1.0.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pa...
2009 Aug 31
2
UPS::Nut PERL module is rewritten
...to rewrite UPS::Nut because it was not developed since 2002 and it was based a very old version of upsd speaking a totally outdated protocol. If some of you interested in it you can get from my debian repository. package name is libups-nut-perl. Add this to your APT sources: deb http://debian6.ki.iif.hu/ lenny contrib deb-src http://debian6.ki.iif.hu/ lenny contrib Or simply download http://debian6.ki.iif.hu/pool/contrib/libu/libups-nut-perl/libups-nut-perl_1.5_all.deb (Eeee... I forgot to say: it is accessible with IPv6 only. Sorry. Please do not complain about this.) Any (other) feedback is...
2017 Feb 03
4
[Bug 1117] New: Table ipv4-nat prerouting dnat doesn't accept dest IP:PORT
...ype nat hook prerouting priority -150; policy accept; } chain postrouting { type nat hook postrouting priority -150; policy accept; oifname "pub-aaaa" masquerade } } --------------- Now add a port forward: ------------------ # nft add rule ip nat prerouting iif pub-aaaa tcp dport 80 dnat 192.168.123.20:80 # no error # nft list table ip nat -nn -a table ip nat { chain prerouting { type nat hook prerouting priority -150; policy accept; iif "pub-aaaa" tcp dport 80 dnat to :80 # handle 4 } chain postrouting { typ...
2006 Apr 27
0
MULTIPATH: how to control chache expiration time?
...eth6 weight 1 root@server1:/backup/ftp# ip ro show cache | egrep ''eth4|eth5|eth6'' -B1 | tail -n20 201.216.128.100 from 192.168.90.5 via 192.168.3.1 dev eth6 src 192.168.90.1 -- 192.168.90.5 from 201.240.149.1 dev eth2 src 192.168.1.2 cache mtu 1500 advmss 1460 hoplimit 64 iif eth5 -- cache <src-direct> mtu 1500 advmss 1460 hoplimit 64 iif eth2 200.114.138.45 from 192.168.90.5 via 192.168.1.1 dev eth4 src 192.168.90.1 -- 192.168.90.5 from 200.74.39.52 dev eth2 src 192.168.1.2 cache mtu 1500 advmss 1460 hoplimit 64 iif eth5 71.80.214.141 from 192.168.90....
2002 Sep 10
3
RE: 4 nic advanced routing question update
ok i will do it in text: 66.92.114.46 eth0 209.141.2.194 eth1 192.168.119.101 eth2 192.168.120.101 eth3 What i have is a linux box RH7.3 which will eventually run Shorewall Firewall. On this box there is eth0 66.92.114.46 conneted to isp1 and eth1 209.141.2.194 connected to isp2 It also has eth2 192.168.119.101 and eth3 192.168.120.101 which will connect to a failover appliance which has 2 wan
2018 Jan 30
7
[Bug 1221] New: "fib" produces strange results with an IPv6 default route
...OS: Debian GNU/Linux Status: NEW Severity: major Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: f30 at f30.me I am trying to implement reverse path filtering using "fib" rules like `fib saddr . iif oif 0 drop`. I don't understand why exactly (see #1220), but this generally works for IPv4 and IPv6 without a default route. However, "fib" starts to behave strangely with a v6 default route. Assume a host with two interfaces, enp0s5 and enp0s6, and the following IP addresses: &gt...
2003 Jul 28
6
snooping - the crux of the problem
I have a computer with two interfaces, say with addresses 192.168.1.1 and 192.168.1.2. I want to set up routing such that when I ping 192.168.1.1 it goes out through 192.168.1.2 and not to the local interface. Is this possible - all my attempts so far have been unsuccessful? If so, pointers, etc. would be gratefully appreciated. Jim -- Jim Redman (505) 662 5156 x85
2003 Mar 01
5
Policy routing and strange packets traversing.
...proper gateway 22: from 1.1.1.30 lookup 1 22: from 2.2.2.66 lookup 2 ... # This rules are unnecessary I think but used for diagnostics gateways #by me. 30: from all to 1.1.1.29 lookup 1 30: from all to 2.2.2.65 lookup 2 #Balance tables distributes traffic from LAN. 70: from all iif eth1 lookup balance # ip r l ta 1 default via 1.1.1.29 dev eth2 # ip r l ta 2 default via 2.2.2.65 dev eth4 # ip r l ta balance default nexthop via 1.1.1.29 dev eth2 weight 2 nexthop via 2.2.2.65 dev eth4 weight 3 So. Everything works but I have observed some behaviour what I c...
2017 Mar 25
0
[Bug 1138] New: icmpv6 mld-listener-query not detcted
...0.4-1-default #1 SMP PREEMPT Sat Mar 18 12:29:57 UTC 2017 (e2ef894) x86_64 x86_64 x86_64 GNU/Linux just does not detect icmpv6 mld-listener-query packets. With following ruleset table inet filter { chain INPUT { type filter hook input priority 0; policy drop; iif "lo" accept ct state { related, established} accept ct state invalid counter packets 8 bytes 411 drop iif "ens192" icmpv6 type mld-listener-query counter packets 0 bytes 0 drop iif "ens192" icmpv6 type mld...
2004 Sep 30
2
2 DSL link, DNAT & SNAT
...hdsl & adsl for the 2 dsl lines, 0: from all lookup local 30: from all fwmark 3 lookup hdsl 38: from 192.168.254.10 lookup hdsl <<== NOTE this 40: from 217.58.51.160/27 lookup hdsl 41: from 81.121.243.248/30 lookup adsl 52: from all iif eth0 lookup adsl 53: from all iif eth2 lookup adsl 32766: from all lookup main 32767: from all lookup default + hdsl table has default gw to HDSL line + adsl table has default gw to ADSL line + DNAT & SNAT occurring from both dsl lines Chain PREROUTIN...
2020 Jan 15
4
[Bug 1397] New: What am I doing wrong!?
...W Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: tad1073 at gmail.com code snippet table inet nat { chain prerouting { type nat hook prerouting priority dstnat; policy accept; fib saddr . iif oif 0 counter drop fib saddr . iif oif "lo" counter accept fib saddr . iif oif "$inet_if" counter accept fib daddr . iif type { local, broadcast, multicast } counter accept ip daddr 10.0.0.11 tcp dport 80 dnat to 8080 ip daddr 10.0.0.11 ud...
2010 Dec 02
0
default route with two nexthops and MASQUERADE problem
...p eth2 32717: from 192.168.5.124 lookup eth1 32766: from all lookup main 32767: from all lookup default Q1: if I do pings from two PC in LAN: 5.137 and 5.147, to the same IP how can they go via different links (ping 195.60.x.x is run on both computers)? # ip r g 195.60.x.x from 192.168.5.137 iif eth0 195.60.169.6 from 192.168.5.137 via 192.168.1.1 dev eth1 src 192.168.5.1 cache <src-direct> mtu 1500 advmss 1460 hoplimit 128 iif eth0 # ip r g 195.60.x.x from 192.168.5.147 iif eth0 195.60.169.6 from 192.168.5.147 via 192.168.2.1 dev eth2 src 192.168.5.1 cache <src-direct> m...
2004 Aug 16
1
question re ip rules logic
...brd 10.10.10.255 scope global eth0 5: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0d:60:4e:33:d3 brd ff:ff:ff:ff:ff:ff inet 10.10.11.104/24 brd 10.10.11.255 scope global eth1 [root@c1b04a01 root]# When we try these commands: ip rule add iif eth0 prio 100 table 100 ip route add default via 10.10.10.1 dev eth0 table 100 ip rule add iif eth1 prio 200 table 200 ip route add default via 10.10.11.2 dev eth1 table 200 no packets are sent out of the interfaces. When we try the commands: ip rule add default prio 100 table 20 ip route add def...
2019 Oct 10
13
[Bug 1371] New: Concatenations Literal sets
...Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: tad1073 at gmail.com inet.nft:97:44-51: Error: syntax error, unexpected protocol iif $int_if0 ip6 saddr . ip6 daddr . ip6 protocol { $g6dns . $myip_v6 . tcp, $g6dns . $myip_v6 . udp } jump global_dns_in ^^^^^^^^ -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML...