similar to: [Bug 680] Packets disappear after NAT on 2nd gateway

http://bugzilla.netfilter.org/show_bug.cgi?id=680 Willie <MidSpeck at hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |MidSpeck at hotmail.com --- Comment #8 from Willie <MidSpeck at hotmail.com> 2011-12-16 21:29:19 --- I

On Sat, 28 Dec 2019 17:02:09 +0100 richard lucassen via nsd-users <nsd-users at lists.nlnetlabs.nl> wrote: > The problem is (was) that I used "include:" statements in nsd.conf > to load zone information. Apparently nsd does not reread the include > files upon a SIGHUP. I scripted everything into 1 file and a HUP > rereads the zone info now. Wrong, I made a mistake it

http://bugzilla.netfilter.org/show_bug.cgi?id=727 Summary: Open your firewall by a simple typo Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy:

I have used tinydns for many many years now and it has always worked very well. I like its simplicity: 1 text file is converted into a cdb database, there's no master/slave environment (all nameservers are equal) and synchronisation is done by rsync. Tinydns is run by runit, a supervise system. I'm looking at NSD now and I think I can use NSD the same way I use tinydns. The only

Packets going to a 2.6 kernel IPSEC tunnel do not seem to pass the POSTROUTING chain. Is that correct? R. -- ___________________________________________________________________ It''s so simple to be wise. Just think of something stupid to say and say the opposite. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht

Is it possible to create 1 filter rule using fw selectors AND u32 selectors? Richard. -- ___________________________________________________________________ Recursion: see recursion +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | |

What is the maximum value for "prio"? It seems that for htb its maximum is 7. Is that right? R. -- ___________________________________________________________________ It''s so simple to be wise. Just think of something stupid to say and say the opposite. +------------------------------------------------------------------+ | Richard Lucassen, Utrecht

Is it possible to negate the "match" to the ip? I want to match all traffic to dport 80 NOT going to dst 1.2.3.4: $TC filter add dev ${DEV_IFB} parent 1:0 prio 2 protocol ip u32 \ match ip protocol 0x6 0xff \ match ip dport 80 0xffff \ match ip dst 1.2.3.4/32 \ classid 1:14 I can''t find it in the docs. I tried "!" "\!" and "not" in several

Hello list, Please don''t shoot me. I know I''m doing something with bonding that bonding wasn''t made for. I just want to give it a try. I want a simple mechanism to have a failover on a 24Mbit line to a 2Mbit line in case the 24Mbit line goes down. Between A and B there are two lines: a 24Mbit and a 2Mbit. I use two OpenVPN tunnels with tap devices: +-- tap0 (A)---

http://bugzilla.netfilter.org/show_bug.cgi?id=680 Jozsef Kadlecsik <kadlec at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |kadlec at netfilter.org Resolution|

Hello list, I have these sorts of filters, putting traffic into the appropiate classid (1:15 is the default class): ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \ match ip protocol 0x6 0xff \ match ip sport 22 0xffff \ classid 1:11 # ssh ${TC} filter add dev ${DEV_IFB} parent 1:0 prio 1 protocol ip u32 \ match ip protocol 0x6 0xff \ match ip dport 22

I set up this config: +------+ -+ ISP1 +--+ +------+ | +-------+ +--+ linux | +------+ | +-------+ -+ ISP2 +--+ +------+ No problem. Standard setup with two ISP''s. Both routed subnets. Default gateway is ISP1. No magic here. Now I put a server behind the Linux box. I want the server to be reachable on an /extra/ IP in the routed subnet of ISP2. +------+ -+ ISP1

Is it possible (one way or another) to guarantee or to limit bandwidth of 1 session? E.g.: RDP: 750kbit rate, 1Mbit ceil default: 250kbit rate, 1Mbit ceil max bw per RDP connection: 100kbit guaranteed bw per RDP session: 20kbit R. -- ___________________________________________________________________ It''s so simple to be wise. Just think of something stupid to say and say the

I have 1 100MB NIC with two 2MB-subnets trough a router behind it. I''d like to create multiple default classes: 1: + |\_ 1:10 default, ceiling 100000kbit, rate 96000kbit | |\_ 1:11 ceiling 2048kbit, rate 2048kbit | | | |\_1:110 ceiling 2048kbit, rate 1536kbit | \_1:111 ceiling 2048kbit, rate 512kbit (default subnet1) | \_ 1:12 ceiling 2048kbit, rate

I''m a newbie to tc and after some experimenting I have the following problem: # tc qdisc show qdisc sfq 8006: dev ipsec0 quantum 1514b perturb 15sec I can''t get rid of this entry. Is there a way to clear all entries? I tried all sorts of "tc qdisc del xxx" but nothing seems to work. It says: RTNETLINK answers: No such file or directory What syntax do I need to

Second test after big upgrade.. -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services

Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop

This is one of my test classes: class htb 1:10 parent 1:1 prio 0 quantum 2048 rate 160Kbit ceil 400Kbit burst 1803b/8 mpu 0b cburst 2111b/8 mpu 0b level 0 Q1: where does "level 0" stand for? Q2: where does this b/8 stand for? Q3: this is on a i386 platform, so timer resolution should be 10mS. According to the doc the minimal burst should be 10mS*160Kbit=1600. Why is it 1803? Q4: I

Is there a qdisc that allows a per connection maximization? E.g.: bandwidth 1Mb, four sessions RDP and a per session limit of 250kb R. -- ___________________________________________________________________ It is better to remain silent and be thought a fool, than to speak aloud and remove all doubt. +------------------------------------------------------------------+ | Richard Lucassen,

Hello list, I''d like to use teql with tap devices (two OpenVPN tunnels). This works, but the doc /usr/src/linux-<version>/net/sched/sch_teql.c says: "1. Slave devices MUST be active devices, i.e., they must raise the tbusy signal and generate EOI events. If you want to equalize virtual devices like tunnels, use a normal eql device." I can''t find if tap devices