search for: intif

...go zapoznat s pf zatova ako nqkoi moje da pomogne e dobre doshyl :) btw moje i neshto ot tia opcii kato set timeout i optimization da e :] Macros: define common values, so they can be referenced and changed easily. extif="fxp1" # replace with actual external interface name i.e., dc0 intif="fxp0" # replace with actual internal interface name i.e., dc1 internal_net="172.16.0.0/16" external_addr="192.168.173.34" loif="lo0" set timeout { interval 30, frag 10 } set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 } set timeout {...

...255.0.0.0 U 0 0 0 lo default 192.168.253.254 0.0.0.0 UG 1 0 0 eth0 ------------------------------------------------------------- firewall from first box: #!/bin/bash IPTABLES=/usr/sbin/iptables #IPTABLES=echo EXTIF="eth0" INTIF="hdlc0" echo " External Interface: $EXTIF" echo " Internal Interface: $INTIF" echo " Clearing existing rules" $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD ACCEPT $IPTABLE...

Hello, I'm trying to set up port forwarding in IPTABLES and so far it's working great from the internet, but when I attempt from my internal LAN using the External IP address, it fails. EXTIF="eth0" INTIF="eth1" EXTIP="xxx.xxx.xxx.xxx" INTNET="192.168.1.0/24" INTIP="192.168.1.1" PORTFWIP="192.168.1.13" >From the internet, if I type in http://xxx.xxx.xxx.xxx:81 it works. When use a computer on my LAN and type in http://192.168.1.13:81 it works....

I suppose a few questions pop up on this list about access Samba through a firewall. ?I have been very successful running Samba through a firewall, until today. ?I hit a stumbling block. I have a Linux Firewall with the public IP Address of 134.x.x.140 <it is not the exact ip address, but close>. ?I am using NAT and port forwarding to send traffic destined for 137, 138,139, and 445 for BOTH

...and the internal network #  should preferably be addressed with a RFC1918 private address #  scheme. # #  For this example, "eth0" is external and "eth1" is internal" # # #  NOTE:  If this doesnt EXACTLY fit your configuration, you must #         change the EXTIF or INTIF variables above. For example: # #            If you are a PPPoE or analog modem user: # #               EXTIF="ppp0" # # TEQLIF="teql0" EXTIF="eth0" EXTIF2="eth1" EXTIF3="eth3" INTIF="eth2" echo "   TEQL Interface: $TEQLIF...

Hello, I have a webcam that I wish to view from the internet. It is a wireless linksys model with an ip address of 192.168.1.15. I have it set on port 8081, 192.168.1.15:8081. I am using the IP Masquerade HowTo script. Here's the rule I added to my firewall script: EXTIF="ppp0" INTIF="eth1" EXTIP="`$IFCONFIG $EXTIF | grep inet | cut -d : -f 2 | cut -d \ -f 1`" $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport 8081 -m state \ --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A PREROUTING -t nat -p tcp -d $EXTIP --dport 8081 \ -j DNAT --to 192.1...

...wall when executed. # Created on 11 Mar 2004 # echo -e "\n\nLoading firewall..\n" # Location of iptables and kernel module programs IPTABLES=/sbin/iptables DEPMOD=/sbin/depmod MODPROBE=/sbin/modprobe IFCONFIG=/sbin/ifconfig # Set external and internal interfaces EXTIF="ppp0" INTIF="br0" FILTER_NET="192.168.0.0/16" echo " External Interface: $EXTIF" echo " Internal Interface: $INTIF" #-------------------------------------------------- #----- No editing is required below this line ----- echo -en " loading modules: " #...

...bandwidth (download/upload) and I made a script as below to test. I am testing using ttcp tool from by linux box to other linux (192.168.200.51). my box <---- Linux = more than 128kbit mybot -----> Linux = get 128kbit But I want to control both ways, what am I missing? script: EXTIF=eth0 INTIF=eth1 TC=/sbin/tc DOWN=128 UP=64 IP=192.168.200.201 ################## # $TC qdisc del $EXTIF root 2> /dev/null > /dev/null # $TC qdisc add dev $EXTIF root handle 0: htb default 1 $TC class add dev $EXTIF parent 0: classid 1 htb rate 128Kbit ceil 128Kbit # $TC filter add dev $EXTIF protocol i...

Easy question here: I have a test network that looks like this (apologies for my lack of ascii skills): [hostc]---------------[Firewall]192.168.42.1 (EXTIF: eth0) /10.0.0.1 (INTIF: eth1) 192.168.42.10 (wan) |(lan) | +-------------[hosta] 10.0.0.10 (port 4242) | +-------------[hostb] 10.0.0.20 (port 2424) All of those machines are vms I created using virsh/libvirt. I...

Hello. I'm moving from a very old Fedora Core 1 to CentOS 4.4, what a change!! Three year ago, I wrote some script (network related) and worked very well. Now, I can put into init.d by means of chkconfig and I restarted the system, but always hang when executing my srcipt (in my new centos 4.4). There a manual for making scripts for init.d? there is some new requirement by which it does not

...192.168.1.1 0.0.0.0 UG 0 0 0 eth0 At present, I am testing my system, so I have adopted a VERY liberal iptables ruleset. It has the following entries #! /bin/sh # # definitions IPTABLES=/sbin/iptables DEPMOD=/sbin/depmod MODPROBE=/sbin/modprobe EXTIF="eth1" INTIF="eth0" UNIVERSE=0.0.0.0/0 # # Load modules $DEPMOD -a $MODPROBE ip_tables $MODPROBE ip_conntrack $MODPROBE ip_conntrack_ftp $MODPROBE ip_conntrack_irc $MODPROBE iptable_nat $MODPROBE ip_nat_ftp $MODPROBE ip_nat_irc # # Enable IP forwarding echo "1" > /proc/sys/net/ipv4/ip_for...

...ill occur and the internal network # should preferably be addressed with a RFC1918 private address # scheme. # # For this example, "eth0" is external and "eth1" is internal" # # NOTE: If this doesnt EXACTLY fit your configuration, you must # change the EXTIF or INTIF variables above. For example: # # If you are a PPPoE or analog modem user: # # EXTIF="ppp0" # IFDS0="eth1" IFADSL="eth2" IFLAN="eth0" echo " External Interfaces: $IFDS0,$IFADSL" echo " Internal Interface: $IFLAN&quo...

I am creating three u32 filters with different dst addresses. When I delete one of those filters, all three are deleted. Why all 3 filters are deleted even though in ''tc filter del'' command I give exactly all parameters of filters creation. Is this expected behaviour, that all other filters are deleted also ? Thanks Yakov Lerner Here is sample script that reproduces how

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

hello, I have working htb system with about 1000 users. Until now I reload all rules at change, but it take too much time to apply. I cannot delete applyed filters. There is rules for one user: #!/bin/bash -v # Download shaper EX -> 2:20 /sbin/tc class add dev eth2 parent 2:20 classid 2:1775 htb rate 8000Kbit ceil 10000Kbit quantum 1514 /sbin/tc qdisc add dev eth2 parent 2:1775 sfq perturb

...slav at quintagroup.com> 2012-07-04 16:10:55 CEST --- We're experiencing a bug in Fedora 16 with kernel-3.2.9-2.fc16.x86_64 and kernel-3.3.4-3.fc16.x86_64. Adding following rule helped get id of packets with "internal" IP on "external" interface: $IPTABLES -A FORWARD -i $INTIF -p tcp -m state --state INVALID -j DROP Additional information for somebody that will be hit by the issue (to be able to google this comment) follows: We've been doing Nagios' check_http with --no-body (don't wait for document body: close socket after receiving headers). The closed s...

...]; then PORT=sport fi iptables -t mangle -A MYSHAPER-$DEV -p tcp --$PORT 4000 -j MARK --set-mark 22 # skype configured to listen on 4000 iptables -t mangle -A MYSHAPER-$DEV -p udp --$PORT 4000 -j MARK --set-mark 22 [...] } [...] HTB_shape $INTIF $RATEDN HTB_shape $EXTIF $RATEUP ? According to http://www.skype.com/help/faq/technical.html we can choose the port that skype will use for sending and receiving traffic. For this example port 4000 was chosen, and that port is forwarded from the linux router to the internal machine that run...

...me on the same server (since it always takes the first path found). >> I invoke the script via ansible like this (since the script needs to run on all bricks); >> - hosts: host1,host2,host3 >> ? tasks: >> ? ? - shell: 'bash /root/clean-stale-gluster-fh.sh --host="{{ intif.ip | first }}" --volume=ovirt-data --backup="/backup/stale/gfs/ovirt-data" --shard="{{ item }}" --force' >> ? ? ? with_items: >> ? ? ? ? - 1b0ba5c2-dd2b-45d0-9c4b-a39b2123cc13.14451 >> >> fortunately for me the issue seems to be disappeared, sinc...

...re is any bandwidth left, proceed with the class with the next lower prio. That doesnt happen, any excess b/w will be spread all across the classes/prios. Now here is the script: -------------------------------------------- #!/bin/bash # # Shell-Skript fuer Quality of Service mit HTB # EXTIF=ppp0 INTIF=eth0 if [ "$1" = "start" ]; then ############ # Outgoing ############ ## Root /sbin/tc qdisc add dev $EXTIF root handle 1:0 htb default 400 ## Hauptklasse /sbin/tc class add dev $EXTIF parent 1:0 classid 1:1 htb rate 380kbit ceil 380kbit /sbin/tc class add dev $EXTIF parent 1:1...