search for: frozentux

First of all, thank you to all of you who have helped to make iptables possible, whether in writing the code for it or testing it. It is BETTER than sliced bread! :-) Anyways, I have two questions related to the use of iptables. 1. I read on a post somewhere that it is smart to put the following two rules at the end of one''s iptables ruleset: iptables -A INPUT -p tcp -i eth0 -j

Can anyone tell me whether I have a routing problem, or an openVPN problem, or something else? I''ve stared at this for so long I think I must be looking in the wrong place! I have 3 machines: Machine A has single ethernet card, eth0, 192.168.5.5 Machine B has eth0, 192.168.5.? on the local net, eth1, 81.2.x.y to the internet, and

Hello Sir, I want some help from you. I have my configuration like this. I have three machines. PC1,PC2,PC3. hub hub PC1--------------------PC2-----------------------PC3 eth0 eth0,eth1 eth0 I want to work my configuration like diffserv. I am generating traffic from PC3 and sending it to PC1 via PC2(as a router)and from

...sec -j DROP Both result in: #iptables --list -n Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 But in the iptables Tutorial 1.1.19 by Oskar Andreasson (http://iptables- tutorial.frozentux.net/chunkyhtml/matches.html#TABLE.LIMITMATCH) there is written: "The limit match may also be inverted by adding a ! flag in front of the limit match. It would then be expressed as -m ! limit. This means that all packets will be matched after they have broken the limit." And in the iptabl...

...TLINK interface and what its significance? What are Xtables and why do many of them appear as duplicates with regular iptables modules? The FAQ is hopelessly out of date. The other documentation doesn't seem to discuss the kernel configuration, either. The tutorial at http://iptables-tutorial.frozentux.net/ seems to be the most recent and complete but apparently was produced before some of these changes. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the...

HI folks, I have a linux router connected to two separate internet connection from an ISP. There is a third interface ( ip -> 192.168.1.1 ) in the router connected to the local network. Configured the routing tables and added the rules and everything seems to be working fine from the routing box. Traceroute to external internet sites reveal that traffic is being routed correctly and

Hi, Only for my info: How can it be do via IPTables? Do you have an example or a howto? Thanks Gernot -----Ursprüngliche Nachricht----- Von: Andy Furniss [mailto:andy.furniss@dsl.pipex.com] Gesendet: Mittwoch, 27. April 2005 00:30 An: Grames Gernot Cc: lartc@mailman.ds9a.nl Betreff: Re: [LARTC] Activate ingress policies on suse ent erpr ise serv er 9 Grames Gernot wrote: > > Hi, >

Hi, my name is Calin and I''m new to linux, but I guess its the right place to ask this: what do I set on a linux RH9 box with 2.4.24 kernel to route a 10 machine private network (192.168.x.x) by 3 limited bandwidth, public IPs (193.231.x.x). The network uses a switch, the linux box has 1 ethernet card, the link is available trough a wireles ethernet bridge from my ISP. I begun to read

...ess i need. I was thinking about fwmark option. The problem is that routing decision is made after PREROUTING and not POSTROUTING (name obviously sais that :)) and i need to use -o. In OUTPUT this marking can''t be done. I made this conclusion by studying this URL: http://iptables-tutorial.frozentux.net/chunkyhtml/traversingoftables.html Am I right? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

...This allows specification of the ICMP type, which can be a numeric ICMP type, type/code pair, or one of the ICMP type names shown by the command iptables -p icmp -h As we can see, there is no word about the "Note" found on this page: https://www.frozentux.net/iptables-tutorial/chunkyhtml/a6339.html which clearly says that 255 is treated specially by iptables to mean "any". I think it would be a good thing to add that note to the manual page. Also since there is a name "any", maybe make a clear correlation between both. -- You...

Hi all Can iptables have log and deny rule together? if no. how can I make a deny rule and log rule and the log rule can limit the log entry eg: 200 if yes, how can I make it I am using freebsd ipfw. eg: ipfw add 22 deny log all from any to x.x.x.x thank you ____________________________________________________________________________________ Take the Internet to Go: Yahoo!Go puts the

is there anybody who can tell me how to forward request to other host, i would like to forward all dns requests to other dns server and it must be done with packet forwarding because dns server (resolver) must go down. There is many docs about port forwarding based on nat table and explanation consider linux box act like nat with two e cards. thanks, alens

Hi Alexander, The kind of firewall i have uses the basic iptables which came with the installation CDs of linux-SuSE. I installed SuSE 8.1 which has a firewall that has to be activated. But now, u know, i can't find the file containing the iptables so as to adjust the rules. When i try "iptables -L" in console mode i can see all the rules. I think i need to add some new rules

Hi, I have the following situation: 1 gateway box with 2 WAN interfaces (eth1 and eth2). 1 LAN interface eth0 default gateway is eth2 I want to route all traffic with destination protocol tcp 22 (ssh) NOT over the default gateway eth2 but force them to find it''s route over eth1. All other traffic must go the normal way over eth2. Is this possible with tc or an other tool? --

Hello Routing Gurus ;-) I''d like to know if it''s possible to make a routing decision for pakets originating from a specific port of the local machine without using ipfilter/iptables to mark the pakets. I read about the tc filter stuff but that seems only to be able to sort the pakets to a different queue on the same interface and not choose a different interface for example. Is

Hello in one of the emails I sent earlier ; mark (m.roth at 5-cent.us) mentioned: > install linux on a computer with two ethernet cards. connect eth0 to > your internet connection, and eth1 to your local network. configure > iptables firewall rules in the linux system. or install pfsense on that > same computer. Please if any one can help with more details and

hi, i hv been burning nights reading howtos and manuals for iproute2 and iptables aiming at succesfully implementing a DMZ-NAT solution for our college (institute.) i am a student and never had past experience but hv used linux for quite some time now. so my first question is: do the functions of iptables and iproute2 overlap atall. i am preety confused regd this matter. 2nd: is it possible to

Hi, I have established two connections to the same ISP. After that ip route list showed this: 195.14.247.94 dev ppp0 proto kernel scope link src 81.173.141.207 195.14.247.94 dev ppp1 proto kernel scope link src 81.173.237.84 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1 default via 195.14.247.94 dev ppp0 I want 192.168.0.2 to connect to the internet by ppp1 and all

Hi, Is there a way in Linux to do NAT with a pool of outside addresses such that each connection to the outside resource gets a different IP address?? I don''t want 1:1 NAT as I have some thousands of IP addresses on one side of the LARTC router that _may_ need to access a resource on the other side... The resource needs to see a different IP address for each active call, but these

Hello list members, Finaly I''m here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don''t work at all for me. Let me explain a bit more in