similar to: Dead Gateway Detection & BGP

Hi, I plan to implement a redundant Internet connection using BGP on 2 different Linux Routers. The routing daemon software I will be using is Zebra (zebra.org). I''m wondering if I should have my Linux firewall behind the 2 BGP routers, or could I keep the shorewall on both BGP routers? Has anyone had any experience with this? Any help is much appreciated. Thanks, Sam

Hi list, I have a problem I thought was simple first, but now I''m stuck. In a nutshell, it''s about redundant uplinks at an outside location. Crude ASCII-Art follows: Internet | | +------------+ | cisco with | | uplinks | +------------+ | | ATM interface +----------+ ... | alvarion | | | wireless

Dear List, I am wanting to perform some traffic shaping as the subject of this email suggests. What I am wanting to do is this; I would like to have traffic shaping performed on the following protocols: HTTP, RDP, GRE, PPTP, SIP and IAX. Obviously I would like to have highest priority set for voice packets so much so that the general http traffic does not impede on the voice packets. I

I''m being cast headlong into unfamiliar waters here, and being desperate for some air, thought I''d come here for some help. :) Anyway, my employer is going through some whiplash-inducing growth spurts, and as a result, the simple "Internet T-1 -> Linux Firewall/NAT -> LAN" setup just isn''t going to cut it anymore. First, we''re bringing in 2

Hello, can anybody interpret what the following means: [root@funke ipp2p-0.8.0]# iptables -t mangle -A MarkList0x666-ipp2p -p tcp -m ipp2p --edk -j MarkSet0x666 iptables: Unknown error 4294967295 ----- I have installed ipp2p-0.8.0 via: make copied ipt_ipp2p.ko to my kernel lib dir copied libipt_ipp2p.so to my iptables lib dir insmod ipt_ipp2p gives the following in dmesg: IPP2P v0.8.0

Greetings List Members, I''ll firstly apologise if this isn''t the place that I should be posting this message but here goes. What I want to do is have a VPN (PPTP/IPSEC/CIPE/etc) server, but it must support more than one simultaneous connection. I currently have a PPTP VPN server setup that has port 1723 and protocol 47 DNAT''d through to the internal IP

Hi, I am new to the Linux Advance Routing Project and to Policy Based Routing as implemented in Linux.... but I have been using Linux for 10 years so not _really_ a newbie.... Looking at the lartc.org website I came across the reference implementation of a traffic shaper... I also have Matt Marsh''s book on ''Policy Based Routing using Linux'' which covers traffic

hi all, first i wann to explain my network & it''s problem, i am using a redhat el5 for multigateway routing, i have 3 adsl lines which is connected with eth0, eth2 and eth3. eth1 is my local network. those 3 lines comes with adsl modem from same isp with equal bandwidth (512 Kbps). In this adsl modems there is one lan and one wan port, adsl modem''s lan ip is gateway for my

I am setting up 2 Vyatta routers that will serve as redundant failover core routers out to the backbone of our ISP. They will be serving for routing between other branches and the ISP and bandwidth management. I am trying to differentiate between the plethora of information about having redundant, automatic failover routers and pretty much decided on VRRP for the IP address failover mechanism. I

Hi iproute2, I have a network to reach which is 192.168.2.0/24. It is a branch of the company. I have currently added a route to that network via one gateway ( 192.168.0.254) in following way. ip route add 192.168.2.0/24 via 192.168.0.254 Now, We got another gateway which is 192.168.0.250. Now I want to add a route to the same network which is 192.168.2.0/24 via this gateway ( 192.168.0.250)

http://www.uniras.gov.uk/vuls/2004/236929/index.htm ----Quote---- "The impact of this vulnerability varies by vendor and application, but in some deployment scenarios it is rated critical. Please see the vendor section below for further information. Alternatively contact your vendor for product specific information. If exploited, the vulnerability could allow an attacker to create a

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 ------- Additional Comments From fhagur@gmail.com 2007-04-17 05:04 MET ------- I have been wondering about this bug and had similar problems myself here in my Debian system, linux-kernel 2.6.18 iptables 1.3.6. I too saw that some packets became transmitted illegally through the ppp0 interface, when they just shoudn't. What I

Hi folks, At work, we're considering the idea to replace the presente router with a stardard box with CentOS as a SO and GNU Zebra as a routing software. The line is a 4Mbps SDSL. ?What do you think about Zebra and what are your experiencies with it? Any feedback will be so appreciated. TIA.

For easy reading: http://www.karthaus.nl/r/ Hi, We used to have 1 single ip range (1.1.1.0/24) that had one uplink to a = switch of the colocation provider. Recently we got a second range 2.2.2.0/24 and a redundant uplink = directly on two routers. But our switch does not have spanning tree = protocol support so we cannot use them redundantly. We have set up the switch to have a vlan for both

First, I'd like to configure my system to forward ip, to act as a gateway for my network. I've always used a script during startup to do this: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${IP_NAT} This works fine, however I want this permanent so I don't have to run the script on startup. I have the firewall setup with SNAT

After installing Zebra for ripd to get win2k routes I am getting this May 20 23:24:20 ns1 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=64.42.53.202 DST=64.42.53.207 LEN=92 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=72 May 20 23:25:25 ns1 last message repeated 3 times I am new to zebra, so I am assuming that this is broadcasting to windoz for routes weird !!!

Refering to pppoe i have next problem : I asked my isp if i can buy a class of real ip`s to be routed by them. They said elegantly it can`t be done . I want opinions . I am using an ADSL connection through a Speedtouch 510 configured in bridge. About Bgp : i asked someone if i can peer 2 different locations on 2 different ip`s using private asn number and he said yes , and what i don`t

Sirs, I am a newbe jumping to advance routing and traffic control. I work for one of the leading isp in kingdom of Nepal. My goal is to do bandwidth management for our lease line customer so that they could use their allocated bandwidth only. Bgp and ospf is implemented as a routing protocol. All routers are cisco routers. There are about 16 routers some are with highly danced ports. No Linux box

Hi. I''m wondering if there''s a good way to configure a Linux firewall box to failover to a single backup server, while preserving connection state. This question has been asked before, but the latest reference I can find is from 2004, at which time Linux had no equivalent of OpenBSD''s pfsync, though Harald was said to be working on one. Did anything come of those

Hello all, I have a linux machine with a SIP server (Asterisk) and 2 WAN interfaces (NATed) configured to do load balancing. I experienced problems with the SIP/RTP protocols and load balancing, because when initiating a call to an external SIP Host, a new RTP flow starts from the server to the Host, that sometimes uses another default route (due to the nexthop configuration). As i have two