search for: tiew

Does anyone know if load balancing and DNAT work well together? I know that load balancing and NAT do not, but what about a simple port forward? I can''t apply Julian Anastasov''s patches, because they don''t work with PPTP patches. :/ Anyhow, a simple: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport xxx -j DNAT --to yyy:xxx iptables -I FORWARD -i eth0 -d yyy -p

...request@mailman.ds9a.nl You can reach the person managing the list at lartc-owner@mailman.ds9a.nl When replying, please edit your Subject line so it is more specific than "Re: Contents of LARTC digest..." Today''s Topics: 1. Drop packets using tc ? (Ming-Ching Tiew) ---------------------------------------------------------------------- Message: 1 Date: Thu, 12 Oct 2006 10:52:28 +0800 From: "Ming-Ching Tiew" <mingching.tiew@redtone.com> Subject: [LARTC] Drop packets using tc ? To: <lartc@mailman.ds9a.nl> Message-ID: <00ad01c6eda9$74...

This problem is driving nuts, so I am seeking help here. Your help will be deeply appreciated. I have made myself a Linux bridge with eth1 and eth0 to form br0. Then I run a script to configure tc with htb on it. But I can never match non-icmp traffic ( such as tcp and udp ) with TOS or DSCP values such as 0x68. The full story as follows :- 1. On the source testing machine, I do this to set

Subject almost says it all, I wonder if there is a way for me to use iptables matches like l7 and/or ipp2p match in a bridge ( one ethernet in and one ethernet out ) ? Regards.

Normally when we talk about traffic control, we are talking about doing traffic control (tc) using a router, ie packets into an interface and based on routing, they goes out to somewhere else. However I have a box with two interfaces, eth0 and eth1 added to a bridge br0 and I would like to perform traffic control via the two interfaces. Is that supposed to work the same as the router

The LARTC howto correctly describes load balancing and split access for traffic from a machine with multiple ISP connections (http://www.lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS) -- *provided* the traffic originates from the machine itself (i.e. traffic regularly handled by the INPUT and OUTPUT chains of iptables). When forwarding traffic from an attached local network, the following

I have a requirement which I guess it is not too unusually, however I haven''t quite figured out how to do it and couldn''t find any examples which handle that. I have made myself a Linux-based bridge, eth0 bridged with eth1 to form br0. In this bridge, I run ''tc'' script to handle QoS. So far nothing unusual. However, what''s different is that this

As you are probably aware, this is a ever green topic. I have personally tried doing it, testing it and verifying it and I am myself finding this problem challenging and frustrating. Most of the scripts will recommend some form of rate limiting ( or policing ) on the download. But the challenge is how to determine the correct value for the policing ? Lot of the recommendation says use x %

I have tried using iptraf for my NAT firewall to analyse the IP traffic. Basically I am faced with this difficulty of related the source IP to the outgoing interface to the internet, so I am wondering if anyone has a suggestion for a different ways to do it, or a suggestion for a better tool. Details :- Supposed : eth0 - LAN eth1 - WAN1 eth2 - WAN2 And then

hi there, I just wanted to share a recent discovery I did on how to setup a secure VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be working, as far as documentation states, for > 2.4.18) without using FreeS/WAN. The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses CyptoAPI to

Perhaps someone will help me on this :- I have read a lot of examples of syn flood protect on the INPUT chain. That I have no question at all. I wonder if it make sense to perform syn flood protection at the FORWARD chain ? If packets are originated from a LAN worm, and are not targetted at the firewall itself, but rather at hosts in the internet, will it cause problem with the firewall itself,

Assuming if I have rules matching the same packet, the one chosen is the lower preference value or the high ? For example # ip rule list .... 100 from 192.168.1.0/24 lookup main 200 from all fwmark 5 lookup first ..... Packet is matching both rules, the one with priority/preference 100 or 200 is selected ? _______________________________________________ LARTC mailing list /

Hello Everyone, Hope everyone is doing well. First off I would like to say that Lartc has been an invaluable source of information for me, I was looking for a solution and a bit of google''ing found this wonderful HOW-TO. So now down to the Question: I have three Internet connections, (Soon to be four if I can get this working) ETH0 - 2mb/2mb ETH1 - 7mb/1mb ETH2 - 7mb/1mb I wish

Anyone has tried wct4xxp drivers' alarmdebounce parameter ? I search the internet no one seems to have used it, is this how the parameter can be specified, eg :- # modprobe wct4xxp alarmdebounce=200 Does it have the effect of making asterisk PRI more "tolerant" with poorer quality lines ? Regards.

Anyone has idea of what would be the best way to track connection time some a particular user to the internet ? Imagine a wifi network where the users will connect to the system via DHCP ( there is no PPPOE session involved ). If there is a need to track internet usage based on connection time ( to the internet ), what would be the best way to track it ? Appreciate any input or ideas.

I have a linux bridge in an embedded system with limited tools. I want to drop these packets from flowing across the bridge, NETBEUI - TCP port 135-139 UDP port 137-139 TCP/UDP port 445 Also all broadcast and multicast. Is there a way to accomplish it using ''tc'' ? If the packets cannot be dropped, I will be happy

I am machines on IPsec VPN which is a subnet of my bigger LAN ( ie I have machines on the LAN which is not in the VPN ), specifically :- 192.168.132.0/29:0 -> internet ---> 192.168.1.192/27:0 ( local subnet ---> internet--> remote subnet ) # ip route list ... 192.168.1.192/27 via 21x.18x.11x.8x dev ipsec0 192.168.1.0/24 via 192.168.15.146 dev eth0 ... Now, the machines in the

Correct me if I am wrong, RIP is kind least hop routing, but is there a way for me to have best throughput routing or least latency routing ? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

OK I have sufficient evidence now that my split route ( multipath routing ) is inducing kernel panic and also frequent connection lost. The split route may not be the culprit but I can safely say that without using the split route, my system is perfectly stable. I have set up the split route according to http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html I could use

I have a Linux with 3 LAN interfaces doing multipath NAT to two internet links via ADSL. The question I have is after I added the default route on each of the routing table, I can''t ping the external interfaces of the Linux from the LAN ( pinging from the Linux itself is OK ). But pinging beyond the two external interfaces ( eg the default route ) is OK. I use symbolic names here :-