similar to: iptables marks

Hi to all of you!!! I am a Computer Science student trying to do the pre-grade thesis. I am trying to develop a free software tool to help administrators to control the traffic. Right now this tool is based on tc and iptables. I am having some problems trying to understand tc and tc examples: - Why in almost every list of tc rules based on htb class, there is a "tc qdisc dev ... root ...

Hey Andreas, how i catch this traffic using L7 filter?, i´ve installed l7 filter now, but i don´t kwnow to use the kind of filter...!!! Can you help me? Thx.- Terraja-based 2007/4/29, lartc-request@mailman.ds9a.nl <lartc-request@mailman.ds9a.nl>: > > Send LARTC mailing list submissions to > lartc@mailman.ds9a.nl > > To subscribe or unsubscribe via the World

Hi! I have the following setup using iproute2: ======== | Root | ========     |     |           ===============     ------------| Box Level 1 |     |           ===============     |     |           ===============     ------------| Box Level 2 |     |           ===============     |     |     |           ===============     ------------|    Users    |                

Been running this for quite a while and noticed that have intermittent problems getting out. Find that if I ping the same site from 2 computers it may work on one and fail on the other. Also was surprised that some time they are going out different interfaces at the same time. Seems to work all the time from the firewall. Running 2.6.10 kernel with the multipath routing patches on a debian

Alejandro, So, i did try the script that you give to me, and the problems its continues.- Maybe the problem was in the IPTABLES rules, i attach the complete script below: ##################### ifconfig imq0 up tc qdisc add dev imq0 handle 1: root htb default 30 tc class add dev imq0 parent 1: classid 1:1 htb rate 500kbit ceil 2000kbit tc class add dev imq0 parent 1:1 classid 1:10 htb rate

Hi all, Can anybody tell me what the maximum number of handles are that I can use when setting up qdiscs and classes in tc? Regards, Leigh Leigh Sharpe Network Systems Engineer Pacific Wireless Ph +61 3 9584 8966 Mob 0408 009 502 Helpdesk 1300 300 616 email lsharpe@pacificwireless.com.au web www.pacificwireless.com.au _______________________________________________ LARTC

Hi. I was asked to put a real IP behind a linux router is doing static NAT for an internal network. Internet (gateway) | | | eth0 = real IP ----------------- L I N U X ROUTER ----------------- eth1 = private IP | | | eth0 = real IP ----------------- Wireless Access Point -----------------

Hi folks, I`ve a problem to use HTB and SFQ. The first script, below, to show a simple configuration, does work fine...!!! But, in the second example, does not work, becouse i put more code to clasify the traffic by protocol, http and ftp in this case. Somebody can tell me the errors? Thx, in advance.- NOTICE: IMQ device is to asociate with ETH1 my external iface. SCRIPT que funciona:

Hi.... Help me please!!! I am using Linux Redhat as router of the my network. I am to making NAT and firewall. In my iptables script, I need make 3 MARKs for the same packet, as following # It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and ''dedicate link'' 256Mb ) # I am using ''ip rule / ip route'' to make this iptables

Hi, I have three linux machines, and I want to let one of them forward packets betwen the other two. The forwarding node has two ethernet cards, connecting the two two machines respectively. However, when I ping between the two end points, the forwarding node can receive the ping requests at its eth0, but it never forwards them to its eth1. So is the reverse direction. The forwarding node is

Hi, Currently I´m using the following iptables rule to mark packets in order to shape traffic: iptables -A PREROUTING -i eth2 -t mangle -p tcp -s 192.168.1.50/32 -j MARK --set-mark 50 So my question is, is there a limit in the numbers that can be used as marks? And also, can only numbers be used as marks? How about: iptables -A PREROUTING -i eth2 -t mangle -p tcp -s 192.168.1.50/32 -j MARK

Hi.... Help me please!!! I am using Linux Redhat as gateway of the my network to internet. I am to making NAT and firewall. In my iptables script, I need make 3 MARKs for the same packet, as following # It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and ''dedicate link'' 256Mb ) # I am using ''ip rule / ip route'' to make this

Hi, I thought sending email went out on port 25? When I look with ethereal, outbound email transfers were on port 58020. I assume it''s choosing a random port for transfer? If so how do I tag it with iptables mark? I was hoping it was as simple as tagging port 25. Thanks, Mark

Hi All, I need to do some tricky filtering stuff. Can anyone tell me if any of the following are possible? * match on a combination of firewall mark AND u32 criteria. ie. handle 6 fw AND u32 match ip src 1.2.3.4/32 - to match packets from 1.2.3.4 which have been marked elsewhere OR * to OR the values of u32 matches. Something like u32 match ip src 1.2.3.4/32 OR match ip dst 1.2.3.4/32 - to

Dear Lists. I use shorewall-14.7 at ReHat-9.0 (2.4.26 with Julian Anastasov Patch) for quite long, and everything seem work fine. Untill this morning, i have problem with one rules ACCEPT loc:172.16.0.20,172.16.32.20,172.16.0.230,172.16.0.229,172.16.0.231 net udp 53 - 172.16.0.229 and 172.16.0.231 is my mail gateway (DNAT). DNS server is outside the firewall, Now, the

How can i redirect all traffic that not come from port 80 to a flow ? i was thing about some like tc filter add dev imq1 parent 1: protocol ip prio 7 u32 match ip sport !80 ...... But this not work. Another doubt, if i have two rules that intersects , for example , one filter with u32 match ip src 10.10.10.10 flowid 1:10 and other with u32 match sport 80 0xffff flowid 1:11 , which one will

I have many iptables setmark commands, but as soon as there is one match, I would like to skip all the rest. How to do this. -------not-working-not-mark-zero-is-not-accepted--------- iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A

Second test after big upgrade.. -- http://www.PowerDNS.com Open source, database driven DNS Software http://netherlabs.nl Open and Closed source services

I have two ISP connections, and am having some issues. I can connect to any services on the firewall, like the smtp gateway, but anything on the internal server only works from one connection. The lartc guide has a good example for what to do for services on the box, but leaves it open for how to handle services on an internal host. I''ve tried using iptables to mark the packets

=== tc filter - based on iptables - MAC fw marking not working == DEV="eth1" tc qdisc add dev $DEV root handle 1: htb default 20 tc class add dev $DEV parent 1: classid 1:1 htb rate 600kbps ceil 3276800kbit tc class add dev $DEV parent 1:1 classid 1:15 htb rate 3kbps prio 4 tc class add dev $DEV parent 1:1 classid 1:20 htb rate 500kbps prio 3 tc qdisc add dev $DEV parent 1:15 handle