similar to: Problem With NFS and iptables

Hi. Does anyone know if it is possible to use ip_queue and IMQ at the same time - if I modprobe one then the other will fail to modprobe with init_module: Device or resource busy TIA Andy. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I have many iptables setmark commands, but as soon as there is one match, I would like to skip all the rest. How to do this. -------not-working-not-mark-zero-is-not-accepted--------- iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A

Currently, linux tc has very useful concept of a ''index'' for a given policy. However, I need to have policers on multiple hosts to share the same index (and thus, know and police the aggregate traffic across a set of routers). I''d like to be able to share tc policers across a set of boxes. Unfortunately, I''m not knowledgeable enough myself to implement that,

Hello! I want to mark all outgoing traffic depending on its service. Example: eth0 = 192.168.0.1 (local interface) ppp0 = 80.10.10.10 (internet 1) ppp1 = 80.10.10.11 (internet 2) http traffic over internet 1 (ppp0) ssh traffic to interface 2 (ppp1). I tried the following (routing and rules are set): iptables -A PREROUTING -t mangle -s 192.168.0.0/24 -p tcp --dport 80 -j MARK --set-mark 1

Hi List, i have a realy strange problem with no solution yet, i''m using iproute together with the iptables mangle option, in a dmz network is a cisco pix present with another inet link behind, therefore i''m using the mangle option to split traffic on a protocol base like: iptables -A PREROUTING -t mangle -i eth1 -s 192.168.1.5 -p tcp --dport 80 -j MARK --set-mark 3 and add the

Hello, I have read most of the relevant emails already posted to the LARTC mailingilist and I have not found a solution to my problem. What I am trying to do is: limit the HTTP output traffic to 30Mbps and also to limit each HTTP connection at 512Kbps, if the client downloads more than 1MB. I have managed to limit the total traffic but not the traffic of each HTTP connection. Here it is my

I think I understand what''s going on, thanks to a small mistake ;-) I needed to add a 5th nic to the gateway box - this new nic was an identical mate for another isa in there, so I modified the module options accordingly. So, after 10 minutes of trying to figure out why the DSL device was unwilling to talk to, well, anything - it occurred to me that the new card was the next address up,

Hello, I have a LINUX server with two internet connections available. I want all the traffic to go over the default route, but HTTP traffic to go over ISP2 line. Interfaces: eth1 192.168.2.254 - LAN 192.168.2.x ppp0 x.x.x.106 - remote gateway x.x.x.6 - ISP1 (default route) eth0 192.168.164.254 - remote gateway 192.168.164.113 - ISP2 (a hardware router) I have the following configuration: echo

Hi.... Help me please!!! I am using Linux Redhat as router of the my network. I am to making NAT and firewall. In my iptables script, I need make 3 MARKs for the same packet, as following # It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and ''dedicate link'' 256Mb ) # I am using ''ip rule / ip route'' to make this iptables

Hi all, I manage network with two connections with l00Mbit In the past when network wasn''t so load everything was OK, now in pick hours load over border server from 1.0 to 1.5 / it isn''t so big / and for me is very strange why I have increasing of ping timeout from 0.5- 5ms in normal hour to 50-100 ms in pick hours.. server is with good hardware AMD 64 Dualcore

Hello, I''m trying to configure a machine to send mail traffic out on eth0 and web traffic, via Squid, out of eth1, with the default gw on the eth0 interface. After spending most of the day of trying this and that and reading docs until my eye hurts, I have had zero luck making anything work expect for standard routing. The Advance Routing Howto makes it seams easy to do this, but I fear

Greetings, I want to setup bandwidth restrictions for a few clients that use openvpn to connect to my server. I''m using iptables to mark the packets in the mangle table (PRE/POSTROUTING) on eth0 before they get sent via the tunnel. Will the mark survive even if the packets then get routed via an openvpn tunnel (tunX) out the box or does openvpn change it removing the mark ? damnit,

I am asking this on behalf of the HIPL developers; http://infrahip.hiit.fi/ https://launchpad.net/hipl They have been working on getting their code consistant to the new libnetfilter architecture. Finally have Fedora 18 and 19 available, but have hit a stumbling block with Centos 6. They tell me they are not finding libnetfilter_queue. Here is their message to me: On 08/08/2013 02:03 PM,

hi all At last i got sucess !.. but am confused y it didnt work earlier..the difference today was that i reinstalled RH7.2 & complied kernel 2.4.16(not 17).. rest was same..... & the bandwidth too is under control!.. is it normal for to get more than said bandwidth--i mean i restricted a network with 8Kbit(with same script as below) but still was able to get a download(ftp) of

Hello. The problems are: 1. Using HTB I get negative values for tokens and ctokens in tc -s output, for example: mich:~# tc -s -d class show dev eth0 class htb 1:11 parent 1:1 prio 1 quantum 1024 rate 8Kbit ceil 23Kbit burst 1609b/8 mpu 0b cburst 1628b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 1287999 ctokens: 453286 class htb 1:1

Hi folks, I have a strange situation. When I add branches to the tree, everything goes to the default class. The error might be obvious, but I cannot find it. I would really appreciate your help. this works, nothing goes to "1:9999": ############################################################################# /sbin/iptables -F -t mangle /sbin/tc qdisc del dev eth1 root >

Hi All, I am adding ip_queue module for snort inline IDS. I am using snort2.4.0 And iptables-1.3.4. Userspace Queuing(queue target) is enabled. It is built-in and not built as a module. The output of /proc/net/ip_queue is shown below: cat /proc/net/ip_queue> Peer PID : 0 Copy mode : 0 Copy range : 0 Queue length : 0 Queue max. length : 1024 IPTABLES 1.3.4 is

Dear All, I’m working with Fedora Core 3, kernel 2.9.1, MPLS-for-Linux-4.193, and having some problems when create a HTB queue. ALL packets goes to the default queue, they don’t care about any mark or ip field I use to enqueue them. : -/ That’s the deal, all packets that incoming the interface eth2 are classified and have theirs TOS field changed following some qos policy at the PREROUTING

Hi, A thought for the list. As I mentioned in another posting, there are a lot of QoS mechanisms out there. Linux supports some, but not all. Some patchsets add others, but don''t work for all kernels. There are also userland implementations, usually sitting in software routers, but there are other packages. Would it be helpful if I worked on a table of what''s out there for

Hello, Is it possible to mark packets from particular IP and if it downloads over 100Kbytes, then it enters in CBQ shaper 32kbit/s for example ? My kernel is 2.4.22. If someone experimented with connection bytes patch please answer me. Regards, Todor Neshev _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc