Hi all iam using Iptables+TC+HTB on Redhat 9 working fine with the bandwidth control I am taging my eth1 with Vlan interface with Cisco Switch when even though i have mention ceil, its crossing more than Ceil, when they are effected Virus in their network or DoS attacks, its should be control the mentioned Ceil right, why this uploads are increaing.. when the uploads are increased all the users in the switch are getting effected how can i solve this problem, does any one have come across this kind of problem, if so, recomend me hare _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I have the next script written by me but it doen´t work correctly. The modem2 (eth2) send the packets with the source IP of the modem1 (eth0). I´m view it with the snort (snort -i eth2 -Nv port 80)..... Any idea? It is my script:: ################################## IP=/sbin/ip IPTABLES=/sbin/iptables MODEM1="eth0" MODEM2="eth2" LAN="eth1" $IPTABLES -A FORWARD -i $LAN -o $MODEM1 -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $MODEM1 -j MASQUERADE $IPTABLES -A FORWARD -i $LAN -o $MODEM2 -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $MODEM2 -j MASQUERADE $IP rule add fwmark 1 table modem1 $IP rule add fwmark 2 table modem2 $IP rule add fwmark 3 table web $IP route add table web eql nexthop via 24.xxx.xxx.1 dev $MODEM1 nexthop via 200.xxx.xxx.1 dev $MODEM2 $IP route add default via 24.xxx.xxx.1 dev $MODEM1 table modem1 $IP route add default via 200.xxx.xxx.1 dev $MODEM2 table modem2 $IPTABLES -A PREROUTING -t mangle -i $LAN -p tcp --dport 80 -j MARK --set-mark 3 echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
XMundo - Soporte Tecnico wrote:>I have the next script written by me but it doen´t work correctly. The >modem2 (eth2) send the >packets with the source IP of the modem1 (eth0). > >I´m view it with the snort (snort -i eth2 -Nv port 80)..... > >Any idea? > >It is my script:: >################################## > >IP=/sbin/ip >IPTABLES=/sbin/iptables >MODEM1="eth0" >MODEM2="eth2" >LAN="eth1" > >$IPTABLES -A FORWARD -i $LAN -o $MODEM1 -j ACCEPT >$IPTABLES -t nat -A POSTROUTING -o $MODEM1 -j MASQUERADE >$IPTABLES -A FORWARD -i $LAN -o $MODEM2 -j ACCEPT >$IPTABLES -t nat -A POSTROUTING -o $MODEM2 -j MASQUERADE > >$IP rule add fwmark 1 table modem1 >$IP rule add fwmark 2 table modem2 >$IP rule add fwmark 3 table web > >$IP route add table web eql nexthop via 24.xxx.xxx.1 dev $MODEM1 nexthop via >200.xxx.xxx.1 dev $MODEM2 > >$IP route add default via 24.xxx.xxx.1 dev $MODEM1 table modem1 >$IP route add default via 200.xxx.xxx.1 dev $MODEM2 table modem2 > >$IPTABLES -A PREROUTING -t mangle -i $LAN -p tcp --dport 80 -j >MARK --set-mark 3 > >echo "0" > /proc/sys/net/ipv4/conf/eth0/rp_filter >echo "0" > /proc/sys/net/ipv4/conf/eth2/rp_filter > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > >Hi Arnt you supposed to use PREROUTING. Kind Regards Brent Clark _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/