similar to: what''s wrong?

Hello list. I''ve configured a very simple script to slow down packets coming from a particular IP Address. I''ve used IPTABLES to mark traffic coming from this IP Address, but it does not appear to be working as expected. Let me first describe my system as maybe what I''m doing is beyond what NETFILTER can do. I have one machine that runs all my servers as

Hi all, Since the mail list receives a lot of repeated subjects (for example: "i have two adsl lines..."), maybe these specific issues should be treated on the LARTC Guide, or maybe if we had an wiki? Is there a LARTC Wiki? If not, what do you think about creating one? Thanks -- Marco _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl

On Fri, 2015-06-26 at 09:40 -0600, Shawn Heisey wrote: > On 6/26/2015 5:48 AM, Andrew Beverley wrote: > > I'm configuring some Sieve scripts for virtual users. I'd like to keep > > the Sieve scripts somewhere "sensible". > > > > Currently, all the mail goes into /var/mail/vhosts/<domain>/<mailbox> > > > > So I thought a good

Sir, I have one 2 MB link which I have to distribute to 200 people. Caching may enchance performance. Kindly suggest packages for this purpose under GPL. Regards, Rayudu. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

After varying degrees of success with p2p detection modules, I would like to write the following rules using iptables to reliably identify p2p traffic: 1. If a host on the network has 5 or more simutaneous tcp connections to ports above 1024, mark all connections to ports 1024 and above as 60. 2. If a host has received (or sent) UDP packets from 5 different hosts'' ports above 1024 in a

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

Hi all! After that good thread "DGD patch not detecting dead gateway" I was able to set up a Load Balancing with ping based DGD (without Julian Anastasov patch). But now I''m facing a new problem and tried some options, with only partial solutions. I made a script based on http://www.mail-archive.com/lartc@mailman.ds9a.nl/msg16257.html (Thank you Manish Kathuria),

Hi, I''m trying to divide my bandwidth between different services, but I''d like to take into account the number of active users. For example, l want divide my bandwidth between HTTP and SMTP and guarantee HTTP 80% of the bandwidth. However, I have many users on my system (tens of thousands) and if only 1% of my active users are using HTTP (and the other 99% SMTP), I''d

Hi, I''m having problems with this configuration: iptables 1.3.7 (vanilla or repackaged for fc5) kernel 2.6.19 (vanilla) ROUTE 1.11 (last pom-ng) layer7-filter 2.6 (last in sf.net) connlimit (last pom-ng) When I try to use -j ROUTE in any chain in mangle table I have this error: [root@myhost ~]# iptables -v -t mangle -A POSTROUTING -p tcp --dport msnp -j ROUTE --gw

Hi all, I''m tring to isolate P2P traffic, specifically BitTorrent, for my QoS scripts. I can''t seem to completely isolate ALL BitTorrent traffic. I identify & mark packets and then use tc filters to put them into appropriate classes. My firewall rules (below) do the markings. My VoIP boxes'' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,

Hi folks, I came across this issue on both stock CentOS(v6.4) and Ubuntu(14.04 LTS) and was wondering if any of you have seen it. As far as I can tell this seems like a day-1 bug to me. PROBLEM: If I expire a linux user's password (passwd -e <user>) and then log in via ssh, it will prompt you for a password change. On changing the password successfully, sshd will drop the connection

Hi everybody, it is my first message here. I tried to browse throughout older posts but I found no immediate answer. I need to change rate of a tbf queue while ip packets are already enqueued by it. If I go: tc qdisc replace|change|link dev eth0 root tbf rate 180kbit burst 1540 limit 15400 as results all enqueued packets seems to disappear. I can see that from a: tc -s qdisc ls dev eth0

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

I have two domain controllers running ubuntu (12.04 and 13.10) both with samba (4.1.6 and 4.1.7) installed and running (and with sssd on both machines to retrieve uid/gid from AD). I wish to set a share on ubuntu2 in the way so it could be accessible only from ubuntu1 (and by any user from ubuntu1, for instance by local root). I have found this solution though I'm not sure it solves my issue:

I saw this snippet from Daniel Chemko dchemko@smgtec.com Mon, 31 May 2004 09:30:43 -0700 # Egress marking (mostly for QOS operations) iptables -t mangle -A POSTROUTING -j CONNMARK --restore-mark iptables -t mangle -A POSTROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A POSTROUTING -o ${if_inet} --dport 21 -j MARK --set-mark 0x111 iptables -t mangle -A POSTROUTING -j CONNMARK

Hello everybody. i have the folowing problem: i have this in the top of PREROUTING chain in mangle table iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 0 # rule 1 iptables -t mangle -A PREROUTING -m connmark --mark 5 # rule 2 iptables -t mangle -A PREROUTING -m connmark --mark 6 # rule 3 i think when packet is passing trough my POSTROUTING in mangle table

Hello, I have finished setting up the load balancer with IPROUTE ... also patch the kernel to support DGD and now it''s working fine with the valuable guide at LARTC website, Julian Anastasov, and the kind people in this mailing list. Now I would like to launch a web server and a ftp server to the public but I''m stuck into a problem and really need your help. Currently internal

Hi, I have a linux box which balances load between two interfaces ( say WAN1 and WAN2). I have masquerading on for any request coming from LAN to the outside world. The setup is in such a way that WAN1 drops packets with source ip belonging to WAN2''s network and viceversa. For some strange reason, I find that packet coming out from the WAN interface has source address of WAN2 and

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

The LARTC howto correctly describes load balancing and split access for traffic from a machine with multiple ISP connections (http://www.lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS) -- *provided* the traffic originates from the machine itself (i.e. traffic regularly handled by the INPUT and OUTPUT chains of iptables). When forwarding traffic from an attached local network, the following