similar to: policy - routing

Hey Marek, I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well formed my kernel. My others TC rules for source IP address (not for MAC address) does work fine...!!!, the problem is whith the MAC because is a not "IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it, and if i make an analogy from my others INGRESS rules applied to Src

Hi Paolo Malfatti, Thanks for your script. It works fine. I get what I expect. THANK you all the way until it comes to an end. FOR the benifit for evryone in the LIST. HERE IS the SCRIPT AGAIN. INTERFAZ_LAN=eth0 FULLBANDWIDTH=256 BANDWIDTH4LAN=64 tc qdisc del root dev $INTERFAZ_LAN tc qdisc add dev $INTERFAZ_LAN root handle 1 htb r2q 4 tc class add dev $INTERFAZ_LAN parent 1: classid 1:2

many many thanks for ur help ok i m making my problem more clear... my LAN ip is :172.16.100.0/24 ip of eth1 is :202.51.78.122 and this is fixed and permanent address and it has no netmask and gateway(so, to provide internet to my LAN i have used the ppp0 for this connection ) ip of eth2 : 203.78.165.154; netmask:255.255.255.248; gateway:203.78.165.153 for eth0 my

Hi, I think you now have 2 Links to the internet. You want to route web traffic (transparent proxy triffic) via one link and the rest via the other link. If it is the case, It is possible to do. I have done it. here I have mentioned eth0 and eth1 eth0 is connected to one link (link1) eth1 is connected to other link (link2) , via this link, web traffic will be routed. echo 210 link1 >>

On Mon, June 25, 2007 08:00, centos-request at centos.org wrote: > Send CentOS mailing list submissions to > centos at centos.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.centos.org/mailman/listinfo/centos > or, via email, send a message with subject or body 'help' to > centos-request at centos.org > > You can reach the

Hi iproute2, I have a network to reach which is 192.168.2.0/24. It is a branch of the company. I have currently added a route to that network via one gateway ( 192.168.0.254) in following way. ip route add 192.168.2.0/24 via 192.168.0.254 Now, We got another gateway which is 192.168.0.250. Now I want to add a route to the same network which is 192.168.2.0/24 via this gateway ( 192.168.0.250)

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

Hi, I want to know is there a way to divide a link in to two? Below is what I need? I have a 64 k link. I want to reserve 32 k for mail and 32 k for web . That means dividing 64 k link in to two for mail and web. Is it possible in Linux? Can iproute or iptables haddle this situation ? or can any other pkg do it? -- Thank you Indunil Jayasooriya

http://www.linuxquestions.org/linux/answers/Networking/Spanning_Multiple_DSLs -- Thank you Indunil Jayasooriya _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

Hi, I have a box running with iptables and iproute2. it has 3 ethernet cards. One for the internet. another for LAN and yet another for DMZ. @ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall. Now , I want to forward port 80 to theese 3 web servers. How can I do it? I searched a lot from google. But, still no luck. -- Thank you Indunil Jayasooriya

Hi ALL, I am using below script for DOWNLOADING. it is only for HTTP and HTTPS. I have given the same prio for both. (i.e prio 1). pls see my script given below. (last 2 lines of the script where I have highlighted in BOLD letters) Can I have 2 tc filter rules with the same prio? What is the proper method to write? MY SCRIPT IS BELOW #traffic shaping on eth1 (Downloading) INTERFAZ_LAN=eth1

OK I have sufficient evidence now that my split route ( multipath routing ) is inducing kernel panic and also frequent connection lost. The split route may not be the culprit but I can safely say that without using the split route, my system is perfectly stable. I have set up the split route according to http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html I could use

Hi, I am setting up a firewall on CENTOS 4.4. I have done default block iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP I have enabled ICMP to www.google.com iptables -A OUTPUT -p icmp -d 64.233.189.104 -j ACCEPT iptables -A INPUT -p icmp -s 64.233.189.104 -j ACCEPT Ping works fine as below [root at firebox rc.d]# ping 64.233.189.104 PING 64.233.189.104 (

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run

Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help

Maybe this don't to be the best form to solve your problem, but worked,rs. #!/bin/bash #power by Diego Rodrigues totalFileOne=$(wc -l file1 | cut -d" " -f1) totalFileTwo=$(wc -l file2 | cut -d" " -f1) count=0 if [ ! "${totalFileOne}" -eq "${totalFileTwo}" ];then echo "The two files need of same number of lines" exit 1 fi for

Hi, I tried to mount an audio cdrom to listen to its music. But It gives the below error. why is that ? -- [root at worldnet ~]# mount /dev/hdc /media/cdrom/ /dev/hdc: Input/output error mount: block device /dev/hdc is write-protected, mounting read-only /dev/hdc: Input/output error mount: /dev/hdc: can't read superblock [root at worldnet ~]# Thank you Indunil Jayasooriya -- Thank

Hi All, I want to create chains to mark bag packets. my firewall has 3 network cards. eth0 - connected to internet. eth1 - connected to DMZ eth2 - connected to LAN eth0 only accepts SSH (tcp -port 22) and ICMP for pinging.. If it gets anything other than that, I want to create a new chain and log and DROP . what are the suitable rules for it? what about the below rule? iptables -A

Hi all, I have a 256kbit link where I have shaped 64kbit for downloading @ one ethernet. (eth1) I am using mrtg to monior it. it works fine. In addition to that, I am looking for some other pkgs. Are there good pkgs for that purpose? below is my script for dowmloading. I am looking for pkgs that suit below script. #traffic shaping on eth1 (Downloading) INTERFAZ_DMZ=eth1 FULLBANDWIDTH=256