Displaying 20 results from an estimated 23 matches for "tcpre".
Did you mean:
tcare
2007 Jan 25
4
":T" flags in 3.4.0-RC1
...ytes target prot opt in out source destination
215 36310 CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK match !0x0/0xff CONNMARK restore mask 0xff
648 69251 routemark 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0/0xff
647 69125 tcpre 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
21873 7205K tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x0/0xff00
Chain INPUT (policy ACCEPT 20174 packets, 6867K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEP...
2005 Jun 06
1
iptables bug results in confusion
...ppp0 -
201:P eth4 ppp1 -
Given that the packet''s are being marked in the PREROUTING chain, a
destination device should not be allowed in the rule; nevertheless, iptables
is not generating an error (the rule is being added to the ''tcpre'' which is
jumped to from the PREROUTING chain -- this sort of violation is supposed to
generate an error but isn''t). The result in this poster''s case is three
nonsensical rules which I would guess will never match any packets
("shorewall show mangle" needed...
2007 Dec 28
0
marking and routing (with multi-isp) not working
...0.0.0.0/0 0.0.0.0/0 MARK set 0x80
4600 737K MARK all -- eth0.1 * 0.0.0.0/0 0.0.0.0/0 MARK set 0x40
4932 783K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0/0xff CONNMARK save mask 0xff
and a tcpre chain of (who''s purpose is to default traffic via the CGCO
table and connection):
Chain tcpre (3 references)
pkts bytes target prot opt in out source destination
1310K 1862M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 MAR...
2004 Jun 13
1
[Help] IMQ download traffic is duplicated !?
...16
Sent 7209229 bytes 137739 pkts (dropped 1, overlimits 364)
# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
IMQ all -- anywhere anywhere IMQ: todev 1
pretos all -- anywhere anywhere
tcpre all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
IMQ all -- anywhere anywhere IMQ: todev 0
tcfor all...
2009 Dec 16
3
Dual-homing BGP gate problem
...7.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889
> TRACE: mangle:PREROUTING:rule:1 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889
> TRACE: mangle:tcpre:return:1 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID=49174 SEQ=37889
> TRACE: mangle:PREROUTING:policy:2 IN=eth3 OUT= SRC=83.3.197.202 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=59 ID=48172 PROTO=ICMP TYPE=8 CODE=0 ID...
2005 Feb 28
6
Trouble w/ transparent proxy in DMZ (fwmark, tc)
2005 Dec 04
6
tbf and prio blocking some flows entirely
...1778292 bytes 35841 pkt (dropped 0, overlimits 0 requeues 153)
rate 0bit 0pps backlog 0b 0p requeues 153
And I have the following iptables rules:
Chain PREROUTING (policy ACCEPT 1564K packets, 875M bytes)
pkts bytes target prot opt in out source destination
1560K 872M tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
1504K 864M CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore mask 0xff
1280K 726M RETU...
2005 Jan 26
11
Question on tcrules implementation
Hi all,
I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being
observed. The only way I can set the marks is by editing the tcstart file.
Is there a way to incorporate for tcstart to read and apply my set marks in
tcrules?
Thank you,
~Andrew Nady.
2004 Nov 24
14
traffic shaping on ftp server don''t work
Having study a number of documents on linux traffic shaper, I started
to setup my shaping rules in my network.
My linux box is running RH AS3 U3, shorewall 2.0.9.
It is using PPPoE connected to the Internet
firewall:
eth0: connect to the adsl modem
eth1: private net
ppp0: virtual dial up interface for pppoe
There is a ftp server on the private net
It is listen for port 21 and configured
2006 Jan 13
5
Using torrent in tcrules
Hi all,
I''m trying to set up traffic shaping and I''m having some difficulty.
Here is what I want, and where I am.
1. HTTP and SMTP traffic needs to be priority 1.
2. All other traffic priority 2
3. Torrent traffic priority 3.
My distro is Fedora Core 4, and the torrent protocol does not appear
in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is
built on top
2011 Jul 25
4
ipsets
I haven''t debugged this enough to understand what is happening, but I
observe the following:
someipset = bitmap:ip,mac
1) br0:+someipset
2) br0:+someipset[2]
The first 1) doesn''t match anything in rules or tcrules, the second 2)
matches fine. (Also using +someipset[1] doesn''t match anything)
Is it possible/sensible/feasible to have shorewall figure out the
2007 Apr 10
2
policy routing with two shorewalls
I have, for the time being, decided to split my dual ISP/single
shorewall connection into two shorewall connections/boxes, each handling
one ISP.
I am running OSPF in the network and so far things are working out
fairly well (from a client of the two gateways).
$ ip route ls
10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20
192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric
2004 Aug 17
16
Sanity check please !
I am setting to a shorewall system with 4 NIC''s as per the outline
specification below. Can anyone please have a look and let me know what I
have missed and what I have got wrong as I want to take this system live
ASAP but do not want to kill internet access and the hosting for too long !
I have listed below the system outline & have attached the config files that
I have changed, if
2003 Mar 28
9
Squid
...2 packets, 106K bytes)
pkts bytes target prot opt in out source
destination
437 65376 man1918 ah -- eth0 * 0.0.0.0/0
0.0.0.0/0
992 106K pretos ah -- * * 0.0.0.0/0
0.0.0.0/0
992 106K tcpre ah -- * * 0.0.0.0/0
0.0.0.0/0
0 0 MARK tcp -- eth3 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 MARK set 0xca
0 0 MARK tcp -- eth3 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 MARK set 0xca
Ch...
2007 Jul 29
12
Shorewall 4.0.0 + Kernel 2.6.21.5-grsec
...mx:/usr/share/shorewall# more /var/lib/shorewall/.iptables-restore-input
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:tcfor - [0:0]
:tcout - [0:0]
:tcpost - [0:0]
:tcpre - [0:0]
-A PREROUTING -j tcpre
-A FORWARD -j tcfor
-A OUTPUT -j tcout
-A POSTROUTING -j tcpost
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:Drop - [0:0]
:Reject - [0:0]
:all2all - [0:0]
:blacklst - [0:0]
:dropBcast - [0:0]
:dropInvalid - [0:0]
:dropNotSyn - [0:0]
:dyna...
2004 Sep 22
2
IPSEc versus Multipath routing
...0.0.0.0/0
0.0.0.0/0 tcp dpt:22 to:192.168.1.2
Mangle Table
Chain PREROUTING (policy ACCEPT 72574 packets, 11M bytes)
pkts bytes target prot opt in out source
destination
523 60122 pretos all -- * * 0.0.0.0/0
0.0.0.0/0
517 59810 tcpre all -- * * 0.0.0.0/0
0.0.0.0/0
Chain INPUT (policy ACCEPT 50316 packets, 7586K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 11429 packets, 1761K bytes)
pkts bytes target prot opt in out sou...
2004 Dec 04
7
vpn-zone wide open
Hello!
I am using shorewall shorewall-2.0.11-1 on fedora core2
(iptables-1.2.9-95.7). My box has 2 physical nicĀ“s plus one virt. ipsec
interface for a freeswan-vpn connection.
A few days ago, portsentry spit out a lot of connections from windows
clients (port 135, 445). Ooops.
I review my shorewall settings but could not find a mistake. So I took a
win-client and established a second
2005 Dec 08
3
trouble with shorewall on Mandriva 2006 (2nd)
...ces)
pkts bytes target prot opt in out source
destination
6919 507K MASQUERADE all -- * * 192.168.1.0/24
0.0.0.0/0
Mangle Table
Chain PREROUTING (policy ACCEPT 2522K packets, 1576M bytes)
pkts bytes target prot opt in out source
destination
2522K 1576M tcpre all -- * * 0.0.0.0/0
0.0.0.0/0
Chain INPUT (policy ACCEPT 77417 packets, 11M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 2444K packets, 1565M bytes)
pkts bytes target prot opt in out source
destination
244...
2007 Jan 20
8
Shorewall VOIP Traffic Control Configuration
I''m having troubles with my outbound VOIP connection. I''m convinced
that I don''t have QOS/traffic shaping configured properly in my
shorewall linux firewall, which serves as my Asterisk VOIP server and
Internet router/gateway. I don''t have a separate router box. I''ve been
using VOIP for about a year now, but just recently realized that I need
to
2011 Jul 21
42
Problem With OpenVPN Connectivity
Hi,
I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the
VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in
Slackware 13.1 using the same Shorewall version and files, the ''interfaces'',
''policy'' and ''zone'', are all I have configured, it was working and this also
works in Arch at