search for: bohannan

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

...help. I have two NICs on a debian sarge based system and current running as a bridge (br0) which consists of eth0 and eth1. Is it possible to add a virtual interface to the eth1 so I can also do NAT on the box as well? I have tried many times and keep coming up with errors. Kind Regards William Bohannan

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

Not sure this is the correct place to post this but I am looking to have status of the firewall and traffic control (active, disabled, stopped etc) on a webpage controlled via something like pid as the machine has many things running on it, like firewall, traffic control, data collection for graphing the traffic flows, as well as other services like squid etc. Any ideas would be most helpful.

...Traffic (Suresh Babu) > 3. Usubscribe (corey@core-techweb.com) > 4. Re: Sip Traffic (sophana) > 5. HTB - Rate errors (Luke McConnell) > 6. Re: Sip Traffic (Marius Corici) > 7. Re: HTB - Rate errors (Luciano Ruete) > 8. trying to get time control working (William Bohannan) > 9. trying to get time working - had error in first email > (William Bohannan) > 10. how to change classful netem loss probability? (George Nychis) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 26 Apr...

Hi I am currently learning iptables and would like to see the output of shorewall rules in iptables format, as I would like to make a script for the rules instead of using shorewall. Kind Regards William _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge? Internet – router - (bridge eth0 – eth1) – local lan auto lo iface lo

...v eth1 parent 1:1 classid 1:1x htb rate xxxxkbit ceil xxxxkbit prio 3 quantum 1532 # setting up leafs 1:xxxx /sbin/tc class add dev eth1 parent 1:11 classid 1:xxxx htb rate xxxxKbit ceil xxxxKbit prio x quantum 1532 /sbin/tc qdisc add dev eth1 handle xxxx: parent 1:xxxx sfq Kind Regards William Bohannan

...comes to accounting for the local traffic as all it shows is ip address, I have been looking around for a command to get the "windoz" name from an ip address then a quick script to change the log entries to also have names. Wondering if anyone has done this? Kind Regards William Bohannan _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi I am having problems trying to get a time match with iptables 1.3.5 and the latest pom it says time match only works in the prerouting stage but I really need to use the classify command which only works in the postrouting. Does any one have a patch for 2.6 kernel, latest pom and iptables 1.3.5 so time matching can occur in the post routing? machinenemae login: ipt_time loading ipt_time:

...-A match-chain-eth0-1:12 -p tcp -m multiport --port 4569 -j RETURN /sbin/iptables -t mangle -A match-chain-eth0-1:12 -p udp -m multiport --port 4569 -j CLASSIFY --set-class 1:2008 /sbin/iptables -t mangle -A match-chain-eth0-1:12 -p udp -m multiport --port 4569 -j RETURN Kind Regards William Bohannan _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Skipped content of type multipart/alternative-------------- next part -------------- GRANT INSERT ON cdr.* TO root@localhost IDENTIFIED BY '8anana?!'; USE cdr; CREATE TABLE cdr ( uniqueid varchar(32) NOT NULL default '', userfield varchar(255) NOT NULL default '', accountcode varchar(20) NOT NULL default '', src varchar(80) NOT NULL

Currently have a bridge working, would now like to add a third virtual nic so the machine can do nat as well to local users, however after a crazy amount of ready cant seem to get my head around it. Please help. Have a working bridge below (etc/network/interfaces and eth0 is the internet side interface so a virtual interface like eth1:0 would be nice :) auto lo iface lo inet loopback auto br0

Having a problem with classid and prio and position. Wondering if someone could help? Below I have pasted a part of my current rules, now it consists of one chain and two pipes. If they both use 60Kbit which one would get priority? Would it be the one with the better prio or the one with the lower classid or would it be the one which is first on the list? /sbin/tc class add dev eth1 parent

Hi use traffic shaping on my local lan and it keeps all drops packets by logging them to mysql via ulogd. Since there is windows and apple users on the network I would like to have their "computer names" instead of ip address to make for easy accounting. Does anyone know of a script or tool to get the ip address of a drop packet and turn it into a computer name (via wins or something

Hi I am using traffic shaping on br0 and working nicely. Only problem is when I nat off br0 with a third nic I run into the following problems when traffic shaping: Wondering if anyone has had success with the following layout??? ______br0(eth0,eth1)---------eth1 --- local network | | (public address)

Hi installed Debian with bridging enabled then I install squid. Squid work if I manually enter proxy setting in firefox. Then I ran the following to make it transparent: echo 1 > /proc/sys/net/ipv4/ip_forward ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80

Hi I am currently trying to get time control working but come up with an error.. /sbin/iptables -t mangle -A ms-chain-eth0-1:11 -m time --datestart 2006:01:26:17:00:00 --datestop 2006:12:26:18:00:00 -j CLASSIFY --set-class 1:111 iptables: Unknown error 4294967295 iptables -m tos -help displays the help for it I am using Debian with kernel 2.6.15-2, iproute2-2.6.16-060323, iptables 1.3.5,

Hi I am currently trying to get time control working but come up with an error.. /sbin/iptables -t mangle -A ms-chain-eth0-1:11 -m time --datestart 2006:01:26:17:00:00 --datestop 2006:12:26:18:00:00 -j CLASSIFY --set-class 1:111 iptables: Unknown error 4294967295 iptables -m time -help displays the help for it I am using Debian with kernel 2.6.15-2, iproute2-2.6.16-060323, iptables 1.3.5,

Hi I am having problems trying to get a time match with iptables 1.3.5 and the latest pom it says time match only works in the prerouting stage but I really need to use the classify command which only works in the postrouting. Does any one have a patch for 2.6 kernel, latest pom and iptables 1.3.5 so time matching can occur in the post routing? machinenemae login: ipt_time loading ipt_time: