search for: nataniel

...: [root@ns1 rc.d]# /sbin/tc filter add dev eth3 parent 1:0 protocol ip prio 1 handle 10 fw classid 1:10 RTNETLINK answers: Invalid argument We have an error talking to the kernel [root@ns1 rc.d]# Anyone knows what can I do? My full script (the one that is working fine is at the end). Att, Nataniel Klug ------ #!/bin/sh #------ # Script de QoS Cyber Nett #------ # Nataniel Klug # suporte@cnett.com.br #------ TC="/sbin/tc" IPT="/usr/local/sbin/iptables" DL="eth3" #------ # Apagando regras antigas de QoS #------ $TC qdisc del dev $DL root 2> /dev/null &...

...is capable of running a web-cache (only http) using squid but I dont want that my clients go to the internet with the proxy/cache IP. Like when they enter in this site www.meuip.com.br it shows only the proxy/gw server ip and not the client ip. There is some way to make this happens? Att, Nataniel Klug

...ng Options > U32 Classifier (module) It is enable as a module. Can someone help me? My box is a Fedora Core 3 using kernel 2.6.13.4. PS.: Thanks all guys who have answered me about my other question (QoS). It was very useful hints. Now I think my QoS is working almost 100% ok. Att, Nataniel Klug

...ster, but as there are 22 variables this is time consuming. Is there a way to graphically represent the clusters in relation to the variables...if so I might need some guidance on the coding as I am new to the R environment. Any advice and direction would be gratefully received. best wishes, Nataniel Grey ___________________________________________________________ [[alternative HTML version deleted]]

...ng stats to be ok. I even have tryed to make a filter for ICMP protocol (using u32 as it is writen into LARTC how-to) but it did not work. How can I solve this problem? ------------------------------------------------------------------------ #!/bin/sh #------ # Script de QoS Cyber Nett #------ # Nataniel Klug # suporte@cnett.com.br #------ TC="/sbin/tc" IPT="/usr/local/sbin/iptables" $IPT -t mangle -X $IPT -t mangle -F DL="eth1" #------ # Apagando regras antigas de QoS #------ $TC qdisc del dev $DL root 2> /dev/null > /dev/null $TC qdisc del dev $DL ingres...

...and I need that one of my servers (that is into my LAN but has an routing ip address) did not get into the qos rules I have. So I want that all traffic coming or going to that specifc host did not get shapped by any traffic control and do not get even into a QoS class. How can I do this? Att, Nataniel Klug

...an ip into client) this rule works but into pppoe conection it did not work properly. Someone has some tip to match the interface that the conection is coming from? Like I wanna match all traffic coming from ppp0 and going throw eth0 to be shapped?! There is anyway to make this work? Att, Nataniel Klug

...o-ports 3128 If I make this rule my routing tables begins to scramble all my traffic and makes it going ALL through only 1 link (eth0). There is anyway to use transparent squid with multiple routing tables and marking packages? PS.: What is this error "Icmp checksum is wrong" Att, Nataniel Klug

Hi all, I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4 with layer 7 My network diagram below: - INTERNET --- LINUX_ROUTER_FW --- PCs Below is my simple iptables script: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK --set-mark 1 iptables -t

Hello all, As I have promised I am sending my QoS rules. This now works fine with u32 classifier (and parent 1:0 that I could not understand why it did not worked well before). Att, Nataniel Klug ------------------------ #!/bin/sh #------ # Script de QoS Cyber Nett #------ # Nataniel Klug # suporte@cnett.com.br #------ TC="/sbin/tc" IPT="/usr/local/sbin/iptables" DL="eth1" #------ # Apagando regras antigas de QoS #------ $TC qdisc del dev $DL root 2...

...ip route add default table 222 $GWE1 dev $IFE1 My question is: wich one will get hit first? Like, when a package comes and look for a gateway it will start looking in lower prio or higher prio tables? If it looks in lower, then my rule is right. The other way I will have to rewrite it. Att, Nataniel Klug

...s like eth0 and eth1 for backbone and eth2 for LAN): ---- SCRIPT BEGINING /usr/loca/firewall/loadbalance ---- #!/bin/sh #------------------------- # Configuracao de redirecionamento de portas para os links # Balanceamento de carga entre pontos de rede # ++++++++++++++++++++++++ # Script criado por NATANIEL KLUG #------------------------- # #---- # Variaveis de sistema #---- IPTABLES="/usr/local/sbin/iptables" IP="/sbin/ip" # #---- # ENTRADA DE LINKS #---- IF1=''eth0'' IF2=''eth0'' # #---- # Declara as redes #---- P1_NET=172.30.0.0/24'' P2_NE...

...8.0/26 lookup 201 202: from 10.1.1.0/24 lookup 202 210: from all fwmark 0x2 lookup 202 222: from all lookup 222 32766: from all lookup main 32767: from all lookup default This prio reads tables from lower prio (0) to higher prio (32767) or it makes reading this the other way? Att, Nataniel Klug

...o 1 u32 match ip dst ${i}/32 flowid 1:${CONT} done ----------------------------- I put thi just after the CLASS stuff. Now my clients are all full controlled, but my QoS do not work. There is some way to make this happens? PS.: In the end of this email is my full QOS script. Att, Nataniel Klug --------------- start - qos.sh --------------- #!/bin/sh #------ # Script de QoS Cyber Nett #------ # Nataniel Klug # suporte@cnett.com.br #------ TC="/sbin/tc" IPT="/usr/local/sbin/iptables" DIR="/etc/firewall/qos" UP="eth0" # wan info...

...IP1 $IP route add $P2_NET dev $IF2 src $IP2 # $IP route add default scope global nexthop via $P1 dev $IF1 weight 4 nexthop via $P2 dev $IF2 weight 1 # $IP rule add from $IP1 table T1 $IP rule add from $IP2 table T2 # #---- # Atualiza tabela de cache #---- $IP route flush cache --- SCRIPT --- Att, Nataniel Klug _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

...it ceil 512Kbit burst 15k $CLASS 1:1 classid 1:50 htb rate 256Kbit ceil 256Kbit burst 15k $CLASS 1:1 classid 1:60 htb rate 1024Kbit ceil 2048Kbit burst 15k And them direct all traffic coming from my ns2 server (using u32 classifier and src address) to class 1:5... Is this correct? Att, Nataniel Klug

...tcp -m tcp --dport 80 -j MARK --set-mark 40 iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark 40 I made this for every port and every protocol I want but I could not make this QoS works fine. This is still too slow (http browsing). Can someone help me? Att, Nataniel Klug

...92.168.0.0/24 (clients) eth2 - network 192.168.1.0/24 (clients) My problem is that this two networks, one into each interface, need to share 256 Kbps. I could not make a way to shape this both networks becouse they are in different interfaces. Anyone knows some way to make it happen? Att, Nataniel Klug

Hello al, Is it possible [indeed is this the right place] to add iptables to force all internet traffic to go thru a particular computer on a LAN? I have a 4 port Router/modem that contains a Busybox v0.61 Linux system. I am able to add entries to the iptables tho'' I don''t really know what it does yet. I want to be able to use Ethereal on this one computer to check what web

...ark a packge (i will use msnmessenger like example): $IPT -t mangle -A POSTROUTING -m layer7 --l7proto msnmessenger -j MARK --set-mark 3001 Now I want that all packges with this mark get throu my gateway using the link at eth2 and all other packges use link at eth1. How can I do this?! Att, Nataniel Klug _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc