similar to: custom route for forwarded traffic

Hi, got a 25/25Mbit connection which is quite stuffed. So I applied htb rules. Uplink: class htb 1:1 root rate 24500Kbit ceil 24500Kbit burst 4661b/8 mpu 0b overhead 0b cburst 4661b/8 mpu 0b overhead 0b level 7 Sent 430600689269 bytes 730147320 pkt (dropped 0, overlimits 0 requeues 0) rate 23057Kbit 5520pps backlog 0b 0p requeues 0 lended: 199673949 borrowed: 0 giants: 0 tokens: -964

Aleksander Kamenik wrote: > Hi, > If I add a rule to the main routing table in the users network''s > firewall for servers network''s external IP to go through the VPN, I will > break the VPN connection (kind of like the chicken and egg problem). > This true only for cases like L3 IPSec where traffic to be encrypted is based on src/dst IP combo. If you had a VPN

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

Hello guys I have a subnet with 255 users, which need to share 1 single slow internet connection, so i would like to implement a kind of *fair queuing *on the UPLOAD between them, which means that they all share the connection equally.. The tools that i have available is: A linux box with IPROUTE2,HTB and TC.. I have looked at some examples, and my first idea was to make 255 entries in

Hi All, I''ve got an interoffice IPSEC VPN in place that I''m trying to give priority to terminal service (tcp 3389) traffic. I''ve created rules at each end, but have hit a bit of a dillemma. As the data is encrypted I must also give highest priority to protocol 50 otherwise the priority is lost as the packet gets encrypted. When I do this however, I can''t

Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Dear all, I am having exactly the same problem as Andy on an Intel Mac (see below / https://stat.ethz.ch/pipermail/r-sig-mac/2009-May/006208.html) with the degree symbol. I am using R version 2.11.1 (2010-05-31) on Xubuntu 10.04 with Windows fonts copied from /WINDOWS/Fonts and included via 'sudo dpkg-reconfigure fontconfig' and 'sudo fc-cache'. Any help would be highly

Hi everyone, First of all, this is my first post in this ML, so I''m not sure that this is the right place for my question (please don''t shoot me down ;)). For the record, I''ve been reading and using LARTC for almost 3 years now, and it''s a great help for anyone who wants to learn linux networking. My problem: I want to setup a tunnel for the following

Dear all, I've got many responses to my initial question, which is stated below. However, from those responses it has become clear that I need to rephrase my problem. All responses dealt with subscripting the data matrix before 'apply' is run on it. But this is not want I wanted to do. 'apply' cycles through rows or columns of a matrix, and runs a function on each row or

Tom Eastep wrote: > | Have you applied the ipsec+netfilter patches ? Without them, packets > are > | only seen encrypted in the OUTPUT chain. > | > Yes -- the ipsec+netfilter patches are applied. Here is the same test > with the bridge removed and the local ip address transfered to one of > the network cards: The problem is ipv4_sabotage_out in the briding code. It

Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny

Dear all, I am interested in correctly testing effects of continuous environmental variables and ordered factors on bacterial abundance. Bacterial abundance is derived from counts and expressed as percentage. My problem is that the abundance data contain many zero values: Bacteria <-

Hi I am having a weird problem which I cant figure out - so I was hoping someone here could give me a hand. First off the end goal is that a specific server in my network runs an IPSEC connection to another company and I want all other servers to route traffic for the IP on that network through this single server. Server 1 in this example is the server that runs the IPSEC connection. (CentOS

http://bugzilla.mindrot.org/show_bug.cgi?id=877 Summary: ssh 3.8.1p1 client cannot disable encryption with "-c none" Product: Portable OpenSSH Version: 3.8.1p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo:

Dear all, I was looking for methods in R that allow assessing the number of significant principal coordinates. Unfortunatly I was not very successful. I expanded my search to the web and Current Contents, however, the information I found is very limited. Therefore, I tried to write code for doing a randomization. I would highly appriciate if somebody could comment on the following approach.

Dear all, I use R 2.0.1 on Windows XP professional. When I want to load the 'Gregmisc' library I get the following error message: Error in library(pkg, character.only = TRUE) : 'gregmisc' is not a valid package -- installed < 2.0.0? Can anybody tell me what's wrong with this package? Cheers, Christian

On the Granstream 102 box that I have in front of me, there is a "feature list" on the side. One of the features has grabbed my attention: " - optional voice encryption (model 102D)" Now, digging through Grandstream's site, I see that it's not offered quite yet. However, sending mail to their standard "information" email address has resulted in no

I've got an application that I can run under wine. It uses SSL to communicate with a server. Since it's using SSL I can't just sniff the network packets. What would be the best way to have wine be able to dump the unencrypted data to a file for analysis? If this requires modifying code, which files should I look at? -- Anish Mistry amistry at am-productions.biz AM Productions

OK - I figured out what it is but maybe someone can give an explanation here. If I use he multiple zones configuration I have to do in addition Hosts v3005 vlan3005:0.0.0.0/0 And of course this seems to be very logic since this means all ip´s on the internet. But I am still confused a lot why this is the first time I have to do it after using Shorewall over years without to be forced to say