Displaying 20 results from an estimated 116 matches for "iif".
Did you mean:
if
2018 Jan 30
5
[Bug 1220] New: Reverse path filtering using "fib" needs better documentation
...ablo at netfilter.org
Reporter: f30 at f30.me
Reverse path filtering means dropping a packet if connections to its source IP
wouldn't use the same interface the packet arrived on. The nftables wiki states
[1] that this can be implemented like:
nft add rule x prerouting fib saddr . iif oif eq 0 drop
Slides by Florian Westphal [2] suggest to use:
nft add rule ... fib saddr . oif oif = 0 drop
But this fails with "Invalid argument" even when replacing "=" by "==" or "eq".
`fib saddr . iif oif eq 0` achieves the desired goal (except for b...
2011 Nov 27
1
sqldf if iif
Dear all,
I have problems with iif function using sqldf library.
I counted abundance (Num) of different "SPECIES" in two moments (esf) saving
the information in two Tables (esf50, esf100):
esf50
SAMPLE SPECIES Num esf
1289 diso1 44 50
1289 diso2...
2009 Mar 15
2
Testing for Inequality à la "select case"
...e in Excel much tidier in my opinion (especially the
range_aux part), element by element (cell by cell),
with a VBA function as follows:
Function MyRange(x as Double) as Double
Select Case x
Case Is <= 20000
MyRange = 0.65 * x
Case Is <= 100000
RCJuiProfDet = IIf(0.40 * x < 14000, 14000, 0.4 * x)
Case Is <= 250000
RCJuiProfDet = IIf(0.3 * x < 40000, 40000, 0.3 * x)
Case Is <= 700000
RCJuiProfDet = IIf(0.25 * x < 75000, 75000, 0.25 * x)
Case Is <= 1000000
RCJuiProfDet = IIf(0.2 * x < 175000, 1750...
2006 Feb 07
0
About two IFs with the same IP and the multipath
...y the HOWTO: one computer with two
Internet connections.
The problems come when I try to use the same IPs for both A and B.
So A is 10.229.25.8 and B 10.229.25.8.
I cannot do otherwise, I''m forced to use the same IPs.
For the rules which select the sources I''ve tried to use the `iif'' option
instead of the `from'' one.
32764: from all iif tunl1 lookup main 202
32765: from all iif tunl0 lookup main 201
These rules don''t work and this means that the packets choose a different gw
each time and the TCP connections are killed.
I''ve tried also...
2007 Feb 21
1
simple source policy routing not working
...-o wlan0 -t nat
echo 200 Forw >> /etc/iproute2/rt_tables
ip rule add from 172.30.230.230 table Forw
ip route add 192.168.1.99 via 192.168.10.1 dev wlan0 table main
ip route add 192.168.1.99 dev eth0 table Forw
ip -statistics route flush cache
ip route get 192.168.1.98 from 172.30.230.230 iif eth1
# 192.168.1.98 from 172.30.230.230 dev eth0 src 172.16.1.1
# cache <src-direct> mtu 1492 advmss 1452 fragtimeout 64 iif eth1
ip route get 192.168.1.99 from 172.30.230.230 iif eth1
# 192.168.1.99 from 172.30.230.230 dev eth0 src 172.16.1.1
# cache <src-direct> mtu...
2007 Feb 13
11
Routing problem (RTNETLINK answers: Invalid argument) on multiple internet link.
...is only used for traffic originating inside
the network. The other (eth1, 192.168.1.2) is only used for a VPN, where all
(udp) traffic originates from outside our network. I have created a second
routing table for eth1, with its own default gateway, and selected it with
ip rule from 192.168.1.2 iif lo lookup 4. All this works fine.
My problem is that one of the udp ports is forwarded to another server using
iptables:
/sbin/iptables -t nat -A PREROUTING -i eth1 -p udp -d 192.168.1.2 --dport
4902 -j DNAT --to 192.168.12.5:4902
using tcpdump on eth1, I can see that the incoming packets receiv...
2024 Jul 16
4
[Bug 1761] New: nft_fib checks only the main route table when iif is a slave of a master vrf interface
https://bugzilla.netfilter.org/show_bug.cgi?id=1761
Bug ID: 1761
Summary: nft_fib checks only the main route table when iif is a
slave of a master vrf interface
Product: nftables
Version: 1.0.x
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: kernel
Assignee: pa...
2009 Aug 31
2
UPS::Nut PERL module is rewritten
...to rewrite UPS::Nut because it was not developed since 2002
and it was based a very old version of upsd speaking a totally
outdated protocol.
If some of you interested in it you can get from my debian repository.
package name is libups-nut-perl.
Add this to your APT sources:
deb http://debian6.ki.iif.hu/ lenny contrib
deb-src http://debian6.ki.iif.hu/ lenny contrib
Or simply download
http://debian6.ki.iif.hu/pool/contrib/libu/libups-nut-perl/libups-nut-perl_1.5_all.deb
(Eeee... I forgot to say: it is accessible with IPv6 only. Sorry. Please
do not complain about this.)
Any (other) feedback is...
2017 Feb 03
4
[Bug 1117] New: Table ipv4-nat prerouting dnat doesn't accept dest IP:PORT
...ype nat hook prerouting priority -150; policy accept;
}
chain postrouting {
type nat hook postrouting priority -150; policy accept;
oifname "pub-aaaa" masquerade
}
}
---------------
Now add a port forward:
------------------
# nft add rule ip nat prerouting iif pub-aaaa tcp dport 80 dnat
192.168.123.20:80
# no error
# nft list table ip nat -nn -a
table ip nat {
chain prerouting {
type nat hook prerouting priority -150; policy accept;
iif "pub-aaaa" tcp dport 80 dnat to :80 # handle 4
}
chain postrouting {
typ...
2006 Apr 27
0
MULTIPATH: how to control chache expiration time?
...eth6 weight 1
root@server1:/backup/ftp# ip ro show cache | egrep ''eth4|eth5|eth6'' -B1 | tail
-n20
201.216.128.100 from 192.168.90.5 via 192.168.3.1 dev eth6 src 192.168.90.1
--
192.168.90.5 from 201.240.149.1 dev eth2 src 192.168.1.2
cache mtu 1500 advmss 1460 hoplimit 64 iif eth5
--
cache <src-direct> mtu 1500 advmss 1460 hoplimit 64 iif eth2
200.114.138.45 from 192.168.90.5 via 192.168.1.1 dev eth4 src 192.168.90.1
--
192.168.90.5 from 200.74.39.52 dev eth2 src 192.168.1.2
cache mtu 1500 advmss 1460 hoplimit 64 iif eth5
71.80.214.141 from 192.168.90....
2002 Sep 10
3
RE: 4 nic advanced routing question update
ok i will do it in text:
66.92.114.46 eth0
209.141.2.194 eth1
192.168.119.101 eth2
192.168.120.101 eth3
What i have is a linux box RH7.3 which will eventually run Shorewall Firewall. On this box there is eth0 66.92.114.46 conneted to isp1 and eth1 209.141.2.194 connected to isp2
It also has eth2 192.168.119.101 and eth3 192.168.120.101 which will connect to a failover appliance which has 2 wan
2018 Jan 30
7
[Bug 1221] New: "fib" produces strange results with an IPv6 default route
...OS: Debian GNU/Linux
Status: NEW
Severity: major
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
Reporter: f30 at f30.me
I am trying to implement reverse path filtering using "fib" rules like `fib
saddr . iif oif 0 drop`.
I don't understand why exactly (see #1220), but this generally works for IPv4
and IPv6 without a default route. However, "fib" starts to behave strangely
with a v6 default route.
Assume a host with two interfaces, enp0s5 and enp0s6, and the following IP
addresses:
>...
2003 Jul 28
6
snooping - the crux of the problem
I have a computer with two interfaces, say with addresses 192.168.1.1
and 192.168.1.2. I want to set up routing such that when I ping
192.168.1.1 it goes out through 192.168.1.2 and not to the local
interface.
Is this possible - all my attempts so far have been unsuccessful? If
so, pointers, etc. would be gratefully appreciated.
Jim
--
Jim Redman
(505) 662 5156 x85
2003 Mar 01
5
Policy routing and strange packets traversing.
...proper gateway
22: from 1.1.1.30 lookup 1
22: from 2.2.2.66 lookup 2
...
# This rules are unnecessary I think but used for diagnostics gateways
#by me.
30: from all to 1.1.1.29 lookup 1
30: from all to 2.2.2.65 lookup 2
#Balance tables distributes traffic from LAN.
70: from all iif eth1 lookup balance
# ip r l ta 1
default via 1.1.1.29 dev eth2
# ip r l ta 2
default via 2.2.2.65 dev eth4
# ip r l ta balance
default
nexthop via 1.1.1.29 dev eth2 weight 2
nexthop via 2.2.2.65 dev eth4 weight 3
So. Everything works but I have observed some behaviour what
I c...
2017 Mar 25
0
[Bug 1138] New: icmpv6 mld-listener-query not detcted
...0.4-1-default #1 SMP PREEMPT Sat Mar 18
12:29:57 UTC 2017 (e2ef894) x86_64 x86_64 x86_64 GNU/Linux just does not detect
icmpv6 mld-listener-query packets.
With following ruleset
table inet filter {
chain INPUT {
type filter hook input priority 0; policy drop;
iif "lo" accept
ct state { related, established} accept
ct state invalid counter packets 8 bytes 411 drop
iif "ens192" icmpv6 type mld-listener-query counter packets 0
bytes 0 drop
iif "ens192" icmpv6 type mld...
2004 Sep 30
2
2 DSL link, DNAT & SNAT
...hdsl & adsl for the 2 dsl lines,
0: from all lookup local
30: from all fwmark 3 lookup hdsl
38: from 192.168.254.10 lookup hdsl <<== NOTE this
40: from 217.58.51.160/27 lookup hdsl
41: from 81.121.243.248/30 lookup adsl
52: from all iif eth0 lookup adsl
53: from all iif eth2 lookup adsl
32766: from all lookup main
32767: from all lookup default
+ hdsl table has default gw to HDSL line
+ adsl table has default gw to ADSL line
+ DNAT & SNAT occurring from both dsl lines
Chain PREROUTIN...
2020 Jan 15
4
[Bug 1397] New: What am I doing wrong!?
...W
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: tad1073 at gmail.com
code snippet
table inet nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
fib saddr . iif oif 0 counter drop
fib saddr . iif oif "lo" counter accept
fib saddr . iif oif "$inet_if" counter accept
fib daddr . iif type { local, broadcast, multicast } counter accept
ip daddr 10.0.0.11 tcp dport 80 dnat to 8080
ip daddr 10.0.0.11 ud...
2010 Dec 02
0
default route with two nexthops and MASQUERADE problem
...p eth2
32717: from 192.168.5.124 lookup eth1
32766: from all lookup main
32767: from all lookup default
Q1: if I do pings from two PC in LAN: 5.137 and 5.147, to the same IP how can they go via different links (ping 195.60.x.x is run on both computers)?
# ip r g 195.60.x.x from 192.168.5.137 iif eth0
195.60.169.6 from 192.168.5.137 via 192.168.1.1 dev eth1 src 192.168.5.1
cache <src-direct> mtu 1500 advmss 1460 hoplimit 128 iif eth0
# ip r g 195.60.x.x from 192.168.5.147 iif eth0
195.60.169.6 from 192.168.5.147 via 192.168.2.1 dev eth2 src 192.168.5.1
cache <src-direct> m...
2004 Aug 16
1
question re ip rules logic
...brd 10.10.10.255 scope global eth0
5: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 00:0d:60:4e:33:d3 brd ff:ff:ff:ff:ff:ff
inet 10.10.11.104/24 brd 10.10.11.255 scope global eth1
[root@c1b04a01 root]#
When we try these commands:
ip rule add iif eth0 prio 100 table 100
ip route add default via 10.10.10.1 dev eth0 table 100
ip rule add iif eth1 prio 200 table 200
ip route add default via 10.10.11.2 dev eth1 table 200
no packets are sent out of the interfaces.
When we try the commands:
ip rule add default prio 100 table 20
ip route add def...
2019 Oct 10
13
[Bug 1371] New: Concatenations Literal sets
...Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: tad1073 at gmail.com
inet.nft:97:44-51: Error: syntax error, unexpected protocol
iif $int_if0 ip6 saddr . ip6 daddr . ip6 protocol { $g6dns . $myip_v6 .
tcp, $g6dns . $myip_v6 . udp } jump global_dns_in
^^^^^^^^
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML...