search for: contracking

Hello, Sorry for the many Ccs, but I hope to reach all parties involved. I want to do traffic shaping with NAT and I wanted to do it with IFB instead of IMQ [1]. I tried a lot of things but now I am stuck (and maybe confused). The setup: eth0 eth1 WAN/(Internet) <-> Linux Router <-> LAN Linux router: - does NAT for the LANs - runs local processes

I''m havign a HUGE amount of difficulty getting shoreline to work with LVS. We use it here constantly so we know it works. The problem is packets come in, get directed to a webserver, webserver returns the packet to firewall, and then it goes into a black hole. rp_filter is off globally on all interfaces. LVS seems to be working right.... I use shorewall tcrules to mark packets on

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1

Folks, Ive got two ISP connections that I am using with: --- ip route add 192.168.200.0/24 dev eth2 src 192.168.200.11 table connection1 ip route add default via 192.168.200.1 table connection1 ip route add x.175.244.0/24 dev eth1 src x.175.244.2 table connection2 ip route add default via x.175.244.1 table connection2 ip rule add from 192.168.200.11 table connection1 ip rule add from x.175.244.2

Hi. there is a way to MARK udp VOIP (SIP) traffic, in order to put in a highest prio class ? Traffic flow seems start on udp 5060 port, but next both server and client seems jump to a random(?) port. I can''t use CONNMARK because is udp traffic. I only see a pattern for L7 patch in order to SIP traffic identification , but I run 2.4 kernel series . When you patch 2.4 kernel with

Hi all, I manage somo interface in output. I know that i can send packet to the single interface using routing tables. I use IMQ to shape ingress traffic but why i would have to use IMQ on postrouting? When IMQ, on egress, give me advantages? and what are this advantages? Thanks Bye Simone -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Clicca qui:

Hi http://mailman.ds9a.nl/pipermail/lartc/2002q3/004977.html I have the same problem to discuss as in the above link. I want to allocate say X MBit per individual connection regardless of the number of connection . KIndly could anyonen suggest me how to proceed. I have tried with SFq but is doesnot yeild my requirement.. Thanks, Namitha. _______________________________________________ LARTC

Hi All, I''m looking for some comments on an issue that I''d had since the start of the week. In short the problem appears to potentially be an overwhelming of the conntrack tables, where connection state is lost and packets dropped. A combination of using htb & U32 QOS to clamp the smtp traffic to 128kb on a 512kb sync line, some sizeable bulk emails sent from the

Hi, I have typical situation, local LAN with private addresses, translated via NAT to internet. I need to shape ingress traffic (from internet to local LAN) in several HTB queues accorting to destination (private not public) IP. So I need mark packets to divide them to corresponding queue. According to http://www.docum.org/stef.coene/qos/kptd/ I thing I have only one way how to do it, because

I''ve got a linux router pushing 600-1000 pppoe connections through it. I''m getting a screen error "Neighbor Table Overflow" after this box has been up for between 1 week and 1 month. When this is happening, routing slows to a crawl if at all. Then dies. I''ve added: # Added to stop "neighbor table overflow" messages in the kernel

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish