search for: ipt

Hi, I just migrated my office's server from Slackware64 14.1 to CentOS 7. So far everything's running fine, I just have a few minor details to work out. I removed the firewalld package and replaced it by a simple Iptables script: --8<---------------------------------------------------- #!/bin/sh # # firewall-lan.sh IPT=$(which iptables) MOD=$(which modprobe) SYS=$(which sysctl) SERVICE=$(which service) # Internet IFACE_INET=enp2s0 # R?seau local IFACE_LAN=enp3s0 IFACE_LAN_IP=192.168.2.0/24 # Relais des...

...ve is that I want to do the masquerading based on mac AND the ip not only on the ip (so if I change the ip on a computer and use another ip from another computer which is down , the masquerading process shouldn''t work) What I came up with is this : ------------------------- #!/bin/sh ipt="/usr/sbin/iptables" $ipt -F $ipt -F -t nat $ipt -t filter -N computer1 >/dev/null 2>&1 $ipt -t filter -N computer2 >/dev/null 2>&1 $ipt -t filter -N computer3 >/dev/null 2>&1 $ipt -t filter -N computer4 >/dev/null 2>&1 $ipt -t filter -N compute...

On 19.02.2015 11:58, Niki Kovacs wrote: > Hi, > > I just migrated my office's server from Slackware64 14.1 to CentOS 7. So > far everything's running fine, I just have a few minor details to work out. > > I removed the firewalld package and replaced it by a simple Iptables > script: > > > --8<---------------------------------------------------- > #!/bin/sh > # > # firewall-lan.sh > > IPT=$(which iptables) > MOD=$(which modprobe) > SYS=$(which sysctl) > SERVICE=$(which service) > > # Internet > IFACE_INET=enp2s0...

Hello! I''ve put some questions on this list some weeks ago and I''ve got good answers. Thank you! Now I''ve finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for those networks with the mark value of 1. Then, I''ve built...

...with my GNU/Linux router. I mean, I am trying to configure a VPN conection for the clients of the LAN and allow to connect them to the Internet trought the router. I have installed in the server a QoS policy and I have configured the firewall for allowing all the clients to connect. I attach the script. The idea is that when a client connect this pc the dhcp gives him an ip address, but he can''t connect to Internet. When he connect through the vpn he can access to Internet. With this script I can allow to visit websites but no the others protocol (I don''t know why). Someone can...

OK - this is starting to get frustrating... Are there any known issues with 2.6.9 and traffic shaping? I am using 2.6.9 with geoip 20041115, and get odd oopses. The following script oopses my box: ----------------------------------------------------- #!/bin/sh -x IFOUT=''eth1'' IFIN=''eth0'' TC=''/sbin/tc'' IPT=''/usr/local/sbin/iptables'' # BW definitions: # units of kbit/s NETBW=10000 OUTBW=116 INBW=116 #...

...g this. All have the same SIP software version, and all essentially have the same xml config files, with minor variations. Happening with OpenSER 1.0.0 and 1.0.1 I have pasted ngrep output of one of these below. Anyone got any ideas? # U 216.187.128.72:5060 -> 216.187.140.233:5060 REGISTER sip:ipt.oneeighty.com SIP/2.0. Via: SIP/2.0/UDP 216.187.128.72;branch=z9hG4bKca28b8d3BC755D46. From: "Sandy Sauvageau" <sip:2944029@ipt.oneeighty.com>;tag=2A2425B5-B64A4132. To: <sip:2944029@ipt.oneeighty.com>. CSeq: 1 REGISTER. Call-ID: 56150889-214b0f7f-e02e6d9c@216.187.128.72. Cont...

...g 1.2.9, but it's been ocurring for quite some time. We have about 35 phones and it's happening on most (also on the few running SIP software 1.6.6). SIP Software version: 1.6.3.0067 BootROM version: 2.6.2.0032 Reliably Transmitting (no NAT) to xxx.187.128.95:5060: NOTIFY sip:2944030@ua1.ipt.oneeighty.com SIP/2.0 Via: SIP/2.0/UDP xxx.187.142.203:5060;branch=z9hG4bK4d777013;rport From: <sip:2944026@ua1.ipt.oneeighty.com>;tag=as6fd80d1b To: "Front Desk" <sip:2944030@ua1.ipt.oneeighty.com>;tag=3B576862-120A3007 Contact: <sip:2944026@xxx.187.142.203> Call-ID: 5d...

Anyone out there have a functional DUNDi configuration using SIP for the inter-Asterisk transport? I've gotten it to work with IAX2, but if I change it to SIP it does not pass the call over even though it knows where to send it. Thanks. The contents of this email message and any attachments are confidential and are intended solely for addressee. The information may also be legally

Hi. -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don''t return in parent chain??? cause -j ACCEPT action accept the packet in the child chain and don''t return it to parent... example: ipt="iptables -t mangle" $ipt -N HTTP $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? or // it return to parent chain (PREROUTING) in mangle? $ipt -N OTHER $ipt -A OTHER -j IMQ $ipt -A PREROUTING [expression] -j HTTP $ipt -A PREROUTING -j OTHER all this I do f...

...he rest This is the way my network work better. Now my problem is: I have a bunch of clients direct connect into eth2 device and I need that, this clients, have some bandwidht control. Consider this: Client IP range: 192.168.0.0/24 Download band: 32 Kbit for each IP So I made a script just like this: ----------------------------- DL="eth2" CONT="99" for i in `cat /etc/firewall/qos/hosts.32k` do CONT=`expr $CONT + 1` $TC class add dev $DL parent 1:2 classid 1:${CONT} htb rate 32Kbit ceil 32Kbit $TC filter add dev $DL parent 1:0 proto...

...playing on my server hi have extreme lags caused by link owerloading and large packet loss.But my priority is cs trafik. I need to priorize this trafik(i know cs have many litle packets) but i need to priorize my cs server.And i need your help.I try wondersharper but without results. With this script i start my box now:(is this correct?) INET_IFACE=eth0 INET_NET=62.85.71.0/28 INET_GW=62.85.71.1 INET_IP=62.85.71.10 INET_BCAST_ADRESS=62.85.71.15 INET_MASK=255.255.255.240 DSL_IFACE=eth2 DSL_NET=81.198.4.0/28 DSL_GW=81.198.4.1 DSL_IP=81.198.7.159 DSL_BCAST_ADRESS=81.198.7.255 DSL_MASK=255.255.252....

As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future. Final Rev of working script w/ asterisk support I'm not going to run alchemy on production machines until it is stablish. Remember to set your uplink properly and to set your proper wan port. I use pppoe for mine. This must be used with pre 3.11 Here are detailed instructions on how to commit this to nvram: http://...

Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs <info at microlinux.fr>: > > I've experimented some more, and I have a partial success. Here, I'm > redirecting all HTTPS traffic *except* the one that goes to my bank: > > iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d > www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129 > > This works because my bank is hosted on a single IP. As soon as I > replace that with a domain that's hosted on multiple IP's, I get this: > > ipta...

Hi folks, When compiling the attached example with -ftrivial-auto-var-init=zero: $ clang -no-integrated-as -mno-sse -m64 -mstack-alignment=8 -O2 -ftrivial-auto-var-init=zero -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang -g -o ipt.ll -c ipt.i -w -S -emit-llvm , Clang generates an initialization memset() call for |acpar| in the IR: %0 = bitcast %struct.xt_action_param* %acpar to i8*, !dbg !27 call void @llvm.memset.p0i8.i64(i8* nonnull align 8 %0, i8 0, i64 40, i1 false), !dbg !28 Clang only splits memsets into ser...

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505 ------- Additional Comments From mbr@cipherdyne.org 2007-03-24 06:01 MET ------- I've tested the proposed patch against the iptables-1.3.7 source, and find that it works in the reported broken case: # iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG # ./iptables-save > ipt.out # ./iptables-restore ipt.out # ./iptables-save > ipt.out2 # diff ipt.out ipt.out2 |grep 22 # If the 111\"222 t...

Hello All, I have a strange problem regarding samba 3.0.37 I have samba server installed in the local network behind NAT, the router iptables are configured as follows: #samba $IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV $IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport --dports 139,145 -j DNAT --to-destination $FILESERV...

Le 11/03/2018 ? 13:09, Leon Fauster a ?crit?: > It is not a good practice to place domain names into iptables rules. Define > a custom table, place this table into your rule list (to stick at the right > place) and feed that table with the resolved domain names. This can be altered > while running in the case of changes (check resolving results periodically). I admit I've never worked...

Hi, I have simple question about Skype. What are the methods of selecting packets which belongs to Skype?? I know about 7layer but I don''t belive that is only way. Is 7layer realy good and stable solution for routers which must handle more than 1000 users ? Thanks in advance Pozdrawiam Szymon Turkiewicz

...rring for quite some time. We have about 35 phones and it's happening on most (also on the few running SIP software 1.6.6). > > SIP Software version: 1.6.3.0067 > BootROM version: 2.6.2.0032 > > Reliably Transmitting (no NAT) to xxx.187.128.95:5060: > NOTIFY sip:2944030@ua1.ipt.oneeighty.com SIP/2.0 > Via: SIP/2.0/UDP xxx.187.142.203:5060;branch=z9hG4bK4d777013;rport > From: <sip:2944026@ua1.ipt.oneeighty.com>;tag=as6fd80d1b > To: "Front Desk" <sip:2944030@ua1.ipt.oneeighty.com>;tag=3B576862-120A3007 > Contact: <sip:2944026@xxx.187.142...