search for: vnl

https://bugzilla.netfilter.org/show_bug.cgi?id=1211 Bug ID: 1211 Summary: When showing firewall status (iptables -vnL or iptables -L), some output is not as expected Product: iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: iptables Assignee:...

Thanks Keith. Here's the output: root at ubuntu2:~# iptables -vnL FORWARD Chain FORWARD (policy ACCEPT 745 packets, 47680 bytes) pkts bytes target prot opt in out source destination 6299 416K ufw-before-logging-forward all -- * * 0.0.0.0/0 0.0.0.0/0 6299 416K ufw-before-forward all --...

...the mangle table of iptables to force the TOS bit (based on the tcp src or tcp dst port) in order to sent interactive traffic to band 0 (1:1), bulk traffic to band 2 (1:3) and remaining traffic to band 1 (1:2). This seems to work. I do see packets flow trough the mangle table (iptables -t mangle -vnL) and I do see interactive traffic go band 0 , etc.. (tc -s qdisc ls dev ppp0). However I do not notice much of a difference. While downloading some linux kernels a telnet session still slows down a lot :( Any ideas how this might be possible? Best regards, -- Ronald Verlaan http://80.60.86.86...

Keith, Thanks for the reply and the pointers. > Did you remember to activate kernel ip forwarding? > i.e. echo 1 > /proc/sys/net/ipv4/ip_forward ? I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. > and when I saw that I was about to cancel

...#39;'ve tried both precompiled debian kernel and compiled latest one from sources as described at http://lists.xensource.com/archives/html/xen-users/2008-01/msg00699.html There is no linux bridge invoked, xend-config has (network-script network-dummy) There is no firewall invoked: iptables -vnL shows nothing, polices are ACCEPT. arptables is also empty. There are no DomU running. ( actually i''ve tested both hvmloader with knoppix liveCD and vanilla paravit_ops linux-2.24 kernel but it changes nothing regarding this issue) The temporary work-around was to add static arp entry...

...; I actually forgot to do this, but I have enabled it now in /etc/systctl.conf and can confirm now after a reboot that it's enabled. Unfortunately, still can't ping the node on the LAN. OK , let's just do one other simple thing before we continue, could you post the output of iptables -vnL FORWARD as long as it doesn't reveal anything you would prefer not to be public. Thanks!

...39;s the output of "ufw status numbered": > > root at ubuntu2:~# ufw status numbered > Status: active I'm actually unfamiliar with ufw, as I am with most of the plethora of iptables-helpers out there. I could ask you to post a list of all tools and chain, (iptables -vnL) but can we just do something simple first as a test? Can you disable your ufw and then run iptables -F FORWARD (just to be sure) and then test your tinc<->LAN connectivity? your default FORWARD POLICY is ACCEPT so this quick check should let us know if the firewall rules are getting in the...

...ted (I should change the scripts :) and then it loads a few modules and inserts a bunch of rules (not very many) and one of these rules got corrupted. Inserted rule: iptables -t mangle -A FORWARD -i hemmet -o eth1 -p tcp -m connmark \! --mark 0 -j CONNMARK --restore-mark Resulting rule (iptables -vnL output): 0 0 CONNMARK 144 -- hemmet !eth1 0.0.0.0/0 0.0.0.0/0 CONNMARK match !0x0 CONNMARK restore so proto was set to 144 not tcp, and output interface was !eth1 not eth1 as it should. And this is not all, no packets matched this rule as you can see but somehow...

...NEW Severity: normal Priority: P2 Component: iptables AssignedTo: laforge@netfilter.org ReportedBy: netfilter@rothwell.id.au When iptables is run as a non root user, all sorts of messages are produced that are pretty much irrelevant: $ /sbin/iptables -vnL modprobe: cannot create /var/log/ksymoops/20070208.log Permission denied modprobe: Can't locate module ip_tables modprobe: cannot create /var/log/ksymoops/20070208.log Permission denied iptables v1.3.6: can't initialize iptables table `filter': Permission denied (you must be root) Perha...

...l7dir /home/dda/l7dir --l7proto http -j ACCEPT iptables -A INPUT -i eth0 -p udp -m layer7 --l7dir /home/dda/l7dir --l7proto dns -j ACCEPT iptables -A OUTPUT -o eth0 -p udp -m layer7 --l7dir /home/dda/l7dir --l7proto dns -j ACCEPT iptables -P INPUT DROP iptables -P OUTPUT DROP and now: iptables -vnL after generating some http and dns traffic Chain INPUT (policy DROP 56 packets, 8892 bytes) pkts bytes target prot opt in out source destination 3340 134K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 129 9208 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0...

...f packets. I use complicated classification mechanizm based on time, packet size, protocol type, connection state, quota, source or destination port numbers etc. It is working very well. Anyway I have encountered some scalability issues, I have to solve before my shaping box collapses. # iptables -vnL FORWARD -t mangle | wc -l 2798 I have almost 3000 items in FORWARD chain in mangle table. Now I am switching to IPMARK target which can mangle packets automaticaly based on their src or dst address. IP address is converted to hex (ex. 10.11.12.13->0a0b0c0d), then 16 less importants bits are...

...OHQ NO OHQT 00 CBQ NO AUTH NO TDET NO TTBL 0 ATAN NO PLEV 2 ALRM NO ART 0 SGRP 0 AACR NO DES VERSA TN 101 01 TYPE TIE CDEN SD CUST 0 TRK PRI PDCA 1 PCML MU NCOS 0 RTMB 1 73 B-CHANNEL SIGNALING TGAR 1 AST NO IAPG 0 CLS UNR DTN WTA LPR APN THFD HKD P10 VNL TKID >ld 22 PT2000 MARP NOT ACTIVATED CEQU DLOP NUM DCH FRM TMDI LCMT YALM TRSH PRI 012 24 ESF NO B8S FDL 00 051 24 ESF NO B8S FDL 00 073 24 ESF NO B8S FDL 00 RLI 30 ENTR 0 LTER NO ROUT 30 TOD 0 ON 1 ON 2 ON 3 ON 4 ON 5 ON 6 ON 7 O...

...1Vp9sqtzXsk7QH7rTfLnosiM9DbPXZPbx W92JRCUdc6IrVWq4/qVk1IC5uZ2fq4aCJgAMAlKMyTmXljqecXIxQ6J2 J0LK34otl3XAzxGJHBD/95P2uk2NeCPE+0Cpgm0CeDO0DDNAYcAYCFJb UVovHAAqetLrxYRcgNegici7CNV7jjSz0KGKq4S+hq+6onOe7lu10Qkg enkAsKy269M3kkexFiJqr6zKGRdoDHDUxzmGzFMsLgp8Ib16dJHQ3mTX PUrYQMnUwh98VxpUnRl83Tg7MQalZon7ZjcJ2+VnL/sUcM4KuUo1hW7O 8nydXR2F2Kjh7ACySsUBmpVVwn5t0LihMrQm6VwPih+eKw0iTGKY12Uz VnV2/fDWtmYzM26a3z5fKkavbkTlJNIwebRI4zz1taOIyCqNUDFcxnTx 7/2aGbnXLskQirvx47RSgNyVAcKPneudt3UePS/Vp/2ntAXIB/ZnmBPi rvkuz/uVqLqxW/ytC5hLUINP0su9pRXLlXWjYSwuu47sDEOQQCToZAuc BodLA9tkut/Wx3vpiLKmTNYPOU735BBy1OrpCXJEJzzahA73x0TNpQi9...

I'm attempting to block access to port 53 from internet hosts for an internal server. This device is behind a gateway router so all traffic appears to come from source ip 10.100.1.1. Here are my (non-working) iptables rules: -A RH-Firewall-1-INPUT -s 10.100.1.1 -m tcp -p tcp --dport 53 -j REJECT -A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT Further down the

...39;s the output of "ufw status numbered": > > root at ubuntu2:~# ufw status numbered > Status: active I'm actually unfamiliar with ufw, as I am with most of the plethora of iptables-helpers out there. I could ask you to post a list of all tools and chain, (iptables -vnL) but can we just do something simple first as a test? Can you disable your ufw and then run iptables -F FORWARD (just to be sure) and then test your tinc<->LAN connectivity? your default FORWARD POLICY is ACCEPT so this quick check should let us know if the firewall rules are getting in the...

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=444 ------- Additional Comments From spiney@spiney.org 2006-02-08 19:18 MET ------- Created an attachment (id=207) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=207&action=view) kernel 2.6.15, telnet localhost 10025 -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email -------

We've been trying unsuccessfully to connect our Meridian Option 81C to a TE110P via PRI. We've followed the directions in asterisk-meridian-a1.pdf (link on http://www.voip-info.org/wiki/view/Asterisk+legacy+integration), but it doesn't seem to work on our 81C (even though many, many users report it works very well on Option 11's). Has anyone had any success in getting the above

Hi, I have a problem with rsyncing large data sets (consisting bunch of small files) over ssh. rsync 2.6.6 on both sides. Linux 2.6.10 on receiving side, 2.6.12.6 on sending side. This strace is from rsyncing over 2Mbit link but I can repeat it over 100Mbps lan, too (while testing on lan 2.6.11.3 was on sending and 2.6.12.6 on receiving side). I wonder what can be problem here? Some

I''ve been using camptocamp''s iptables module. It works pretty well, lets me define rules in various modules, etc. Now I find myself needing to generate a commented list of it''s rules. I notice that the README has a nice exec suggestion. But, when I try it, I can''t get it to work. In my iptables/manifests/init.pp I have: Iptables { before =>

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related