Hey Marek,
I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well
formed my kernel. My others TC rules for source IP address (not for MAC
address) does work fine...!!!, the problem is whith the MAC because is a not
"IP PROTOCOL" and for that i must to use the "u32/u16 match"
to solve it,
and if i make an analogy from my others INGRESS rules applied to Src IP
address, to Src MAC address using the scripts below, did not work too.
Im not shure that i am doing...!!!, please "give a hand" !!!
Regards, mateo.-
2007/12/10, lartc-request@mailman.ds9a.nl
<lartc-request@mailman.ds9a.nl>:>
> Send LARTC mailing list submissions to
> lartc@mailman.ds9a.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> or, via email, send a message with subject or body 'help' to
> lartc-request@mailman.ds9a.nl
>
> You can reach the person managing the list at
> lartc-owner@mailman.ds9a.nl
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of LARTC digest..."
>
>
> Today's Topics:
>
> 1. MAC filter (m.a.t.e.o)
> 2. Re: MAC filter (Marek Kierdelewicz)
> 3. ixp400 (jerry)
> 4. PAT HOW to - IPTABLES (Indunil Jayasooriya)
> 5. Re: PAT HOW to - IPTABLES (Alexandre J. Correa - Onda Internet)
> 6. Re: PAT HOW to - IPTABLES (Indunil Jayasooriya)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 9 Dec 2007 12:24:27 -0300
> From: m.a.t.e.o <drumlesson@gmail.com>
> Subject: [LARTC] MAC filter
> To: lartc@mailman.ds9a.nl
> Message-ID:
> <823158cf0712090724o1f0e9100x8c3432a1e1eaf650@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I did search a lot of post in this list and other, but never have a
> solution
> that works...
> I want to filter the INGRESS by MAC address...please, any help?
>
> There are a "solution" that supposedly works, but did not work
for me:
>
>
> #######
> for the MAC address: M0M1M2M3M4M5
>
> tc filter add dev eth1 parent 1: protocol ip prio 5 u32 match u16 0x0800
> 0xffff at -2 match u16 0x4455 0xffff at -4 match u32 0x00112233 0xffffffff
> at -8 flowid 1:40
>
> #######
>
> Thx, a lot.-
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
>
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071209/acbe85f3/attachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Sun, 9 Dec 2007 16:47:57 +0100
> From: Marek Kierdelewicz <marek@piasta.pl>
> Subject: Re: [LARTC] MAC filter
> To: lartc@mailman.ds9a.nl
> Message-ID: <20071209164757.0fd8c33d@catlap>
> Content-Type: text/plain; charset=US-ASCII
>
> Hi,
>
> >There are a "solution" that supposedly works, but did not
work for me:
>
> What you sent works for egress not ingress.
>
> Look here:
> http://www.linux-foundation.org/en/Net:IFB
>
> There's an example how to shape traffic in ingress.
>
> cheers,
> Marek Kierdelewicz
>
>
> ------------------------------
>
> Message: 3
> Date: Sun, 09 Dec 2007 11:57:59 -0800
> From: jerry <geraldwalden@frontiernet.net>
> Subject: [LARTC] ixp400
> To: lartc@mailman.ds9a.nl
> Message-ID: <1197230279.3410.4.camel@localhost.localdomain>
> Content-Type: text/plain
>
> Hello
>
> I am encountering what I believe is a deadlock state when I am
> transferring traffic via an embedded linux device that only kills
> traffic with a combination of the Intel ixp400_eth.ko driver and the
> sch_htb.ko queuing discipline. If I use any other qdisk - including the
> complex cbq module I encounter smooth sailing. Any suggestions?
>
> Thanks
>
> Jerry
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 10 Dec 2007 15:50:31 +0530
> From: "Indunil Jayasooriya" <indunil75@gmail.com>
> Subject: [LARTC] PAT HOW to - IPTABLES
> To: "Mail List - Linux Advanced Routing and Traffic Control"
> <lartc@mailman.ds9a.nl>
> Message-ID:
> <7ed6b0aa0712100220n57ea0e54x628d539621cb6b35@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> I have a box running with iptables and iproute2. it has 3 ethernet cards.
> One for the internet. another for LAN and yet another for DMZ.
>
> @ DMZ ZONE I have 3 web servers. But I have only one real ip on my
> firewall.
> Now , I want to forward port 80 to theese 3 web servers.
>
> How can I do it?
>
> I searched a lot from google. But, still no luck.
>
>
> --
> Thank you
> Indunil Jayasooriya
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
>
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/7146d379/attachment.html
>
> ------------------------------
>
> Message: 5
> Date: Mon, 10 Dec 2007 08:32:18 -0300
> From: "Alexandre J. Correa - Onda Internet"
> <alexandre@ondainternet.com.br>
> Subject: Re: [LARTC] PAT HOW to - IPTABLES
> To: lartc@mailman.ds9a.nl
> Message-ID: <475D23C2.2090300@ondainternet.com.br>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> you can use squid as reverse proxy ..
>
> see cache_peer !!
>
> squid can load balance between 3 servers and cache it !!
>
> run squid on your box with real ip..
>
> here you can see examples
> http://under-linux.org/7964-squid-atuando-como-proxy-reverso.html
>
> (pt-br)
>
>
> Indunil Jayasooriya wrote:
> > Hi,
> >
> > I have a box running with iptables and iproute2. it has 3 ethernet
> > cards. One for the internet. another for LAN and yet another for DMZ.
> >
> > @ DMZ ZONE I have 3 web servers. But I have only one real ip on my
> > firewall. Now , I want to forward port 80 to theese 3 web servers.
> >
> > How can I do it?
> >
> > I searched a lot from google. But, still no luck.
> >
> >
> > --
> > Thank you
> > Indunil Jayasooriya
> >
------------------------------------------------------------------------
> >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
>
>
> --
> Sds.
>
> Alexandre Jeronimo Correa
>
> Onda Internet - http://www.ondainternet.com.br
> OPinguim Hosting - http://www.opinguim.net
>
> Linux User ID #142329
>
> UNOTEL S/A - http://www.unotel.com.br
>
>
>
> ------------------------------
>
> Message: 6
> Date: Mon, 10 Dec 2007 16:09:52 +0530
> From: "Indunil Jayasooriya" <indunil75@gmail.com>
> Subject: Re: [LARTC] PAT HOW to - IPTABLES
> To: "Alexandre J. Correa - Onda Internet"
> <alexandre@ondainternet.com.br>, "Mail List -
Linux
> Advanced Routing
> and Traffic Control" <lartc@mailman.ds9a.nl>
> Message-ID:
> <7ed6b0aa0712100239j7591a4e3pd484c70baeb2d668@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> >
> >
> >
> > see cache_peer !!
> >
> > squid can load balance between 3 servers and cache it !!
> >
> > run squid on your box with real ip..
> >
> > Thanks for your quick answer. I know about reverse proxy. I wanted to
> know
> > that without squid, whether iptables it self can handle this
situation.
>
>
> Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation
> as before?
>
> in that case, What can I do?
>
>
> Hope to hear form you.
>
>
> --
> Thank you
> Indunil Jayasooriya
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
>
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/4fc3208e/attachment.htm
>
> ------------------------------
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
>
> End of LARTC Digest, Vol 34, Issue 12
> *************************************
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc