Displaying 20 results from an estimated 20000 matches similar to: "blocking traffic on the FORWARD chain using physdev"
2006 Oct 14
5
Problem with two providers:Need to route packets on the interface on which they arrives.
2006 Dec 28
4
filter policy drop and allow transparent proxy
Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent proxy works great? It seems a
bit strange as from reading several articles on it I thought the
following occurs.
1st line - if it doest match it gets dropped on the local filter input.
2nd line - redirects the traffic off the link layer into the network
layer ready for line 3.
3rd line -
2006 Jul 21
5
linux transparent bridge running squid
Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge?
Internet – router - (bridge eth0 – eth1) – local lan
auto lo
iface lo
2007 Mar 15
3
Traffic Shaping over Satellite Internet
I''ve set up Traffic Shaping on a Linux Router.
Using HTB with SFQ, i''m trying to slow down
heavy downloading for 20 subscribers over
a 2048 kbit downlink. I''m classifying internet related
traffic using iptables marking.
bri0 is my local lan bridge, receiving egress traffic destined for subscribers.
tc qdisc add dev bri0 root handle 1: htb default 2
tc class add dev
2007 May 28
9
2 NICs Bridge + Router
Hi wondering if anyone can help. I have two NICs on a debian sarge based
system and current running as a bridge (br0) which consists of eth0 and
eth1. Is it possible to add a virtual interface to the eth1 so I can
also do NAT on the box as well? I have tried many times and keep coming
up with errors.
Kind Regards
William Bohannan
2007 Jun 06
5
What I learned about Linux bridging
Here are some notes I have about Linux bridging. I''ll try to separate
what I know I know from what I think I know.
Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP
Address of, say, 1.2.3.2. This is how to do it:
echo "Setting up br0 to bridge eth0 with eth1 and eth2"
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
2013 Jul 08
6
Getting nwfilter to work on Debian Wheezy
Hi,
I'm trying to configure nwfilter for KVM, but so far I haven't managed
to figure out a working configuration.
Network setup: The dom0 (Debian 7.1, kernel 3.2.46-1, libvirt 0.9.12) is
connected via eth0, part of the external subnet 192.168.17.0/24, and has
an additional subnet 192.168.128.160/28 routed to its main address
192.168.17.125.
The host's subnet is configured as bridge
2004 Jun 06
4
iptables v1.2.7a: Couldn''t load match `physdev'':/lib/iptables/libipt_physdev.so: cannot open shared object file: No such file or directory
Hi, I''m running RH9 Linux and I''m having a slight problem with shorewall, i originally set it up as a two card configuration, but i have now bridged the connections in an attempt to get my WiFi network communicating with the wired network (eth0 and wlan0). I have followed the instructions for bridging from http://www.shorewall.net/bridge.html but when I activate shorewall i get
2005 Dec 18
3
connection tracking
Hello
I have some rules inserted in the NAT table dual SNAT and DNAT for a
connection
They use at some moment the same port of the outside network.
The problem i have is that the connection tracking in the kernel checks
first the oldest rule and then the newest one.
I use a system based on ARM XScale processor. Is that the default behaviour
and how can i change this behaviour?
Marius
2007 Jan 09
5
filtering in layer 2 [but is not a bridge]
I have a linux AP with prism2 (hostap) wireless nic.
I whant to filter traffic that pass betwen clients of the AP, this is layer 2
traffic (802.11) and netfilter does not sees it, at first i think in physdev
target, but is for layer2 bridged interfaces, and this is not the case.
There is a way to filter layer2 traffic independet if it is from a bridged
iface or not?
--
Luciano
2004 Mar 29
6
bridging shaper
Hello,
I have a transparent bridge/firewall setup using linux-2.6.3. My iptables
commands for the firewall seem to work fine, but my tc traffic shaper
rules dont. The tc rules seem to apply ok, but have no effect.
Here are my tc rules. Basically im just trying to limit each IP in my
internal /24 to 512k of bandwidth in and out.
DEV=eth0
tc qdisc del dev $DEV root
tc qdisc add dev $DEV
2004 Jun 16
6
QOS Script difficulty on bridge
I''m playing with the rather excellent QOS script from Alexander Clouter
at http://digriz.org.uk/jdg-qos-script/
So far I am really impressed with it - a very impressive example of the
power of linux QOS rules (has pretty much everything in it from the
LARTC Howto!) However, the instructions hint that "for QoS to affect
locally generated traffic in a non ethernet bridge setup
2006 Dec 30
1
Accumulating Physdev Counts
When using v2 we would modify the saved /var/lib/shorewall/restore file to
modify logging so we had separate counts by the physical device the
packets (actually, NEW connections, not total packet counts), such as:
-A LogStuff -j LOG etc
-A LogStuff -m physdev --physdev-in eth1 -j DROP
-A LogStuff -m physdev --physdev-in eth2 -j DROP
which gave us an idea where dropped traffic cam from
2007 Apr 18
1
[Bridge] Multilink + bridge + nat problem
Hi, I have a suspicious problem with multiple uplinks configuration.
First of all my configuration:
1) kernel 2.6.20.3
2) iptables 1.3.7
3) last iproute (for masked marks)
All wan interfaces are bridged (stp disabled) in only one interface
(wan0), all lan interfaces are bridged (stp enabled) in only one interface
(zlan0).
The wan0 bridge is to allow UPnP works.
To allow related
2005 Sep 21
5
IP Tables on a bridge
Not normally a question for this group, but you guys are very
bridge/router/firewall savvy, so I thought I''d toss it here.
I have a bridge. On one side of the bridge is that fancy thing called the
Internet. On the other side is my LAN. The bridge is the obvious
demarcation line and a good place to put a firewall.
Now, I have all my iptables stuff planned out, EXCEPT for nat.
The
2007 Feb 15
2
?OT? Linux 2.6: bridge + routing firewall
Hi All!
I need to deploy a bridge firewall using linux kernel 2.6. I had success
using kernel 2.4 plus br-nf patch. But the configuration does not work with
kernel 2.6.
If the default policy for the iptables FORWARD chain is ACCEPT I have a
bridge. If iptables FORWARD chain is DROP I have an insulator (no packet
flows). Any hint?
I did some google search and in many places they say "kernel
2003 Jul 28
6
snooping - the crux of the problem
I have a computer with two interfaces, say with addresses 192.168.1.1
and 192.168.1.2. I want to set up routing such that when I ping
192.168.1.1 it goes out through 192.168.1.2 and not to the local
interface.
Is this possible - all my attempts so far have been unsuccessful? If
so, pointers, etc. would be gratefully appreciated.
Jim
--
Jim Redman
(505) 662 5156 x85
2007 Mar 20
3
Fairness queuing across a range of IP addresses
I have a block of IP addresses (2048) used for ADSL connections to
customers.
In order to provide a fair slice of available bandwidth on the contended
services I would like to be able to set up some kind of SFQ filter, but
using a hash of the destination IP address rather than the the full
source and destination ip and port. This would be done at the Internet
side gateway for traffic being
2006 Dec 12
1
Layer7 module doesn''t detect nothing on my bridge with a 2.6.18.3 kernel
Hello
I''ve setuped a QOS bridge under debian 3.1 using 2.6.18.3 kernel +
iptables 1.3.6
I''ve patched the kernel an Iptables with esfq+layer7 without problems.
This simple script doesn''t log nothing ... And I''m sure to have eMule
traffic (I''ve checked with tcpdump )
If I remove " -m layer7 --l7proto edonkey \" line I can see
2005 Oct 25
7
Ip Src rewite.
Hello folks..
Does any of you know if it is possible to rewrite the ip src in a packet.
I have a problem involving a DMZ with external IP addresses routed
trough a single WAN IP. When the server initiates a connection, it looks
like it comes from the WAN ip instead of it''s designated External IP
routed through the WAN.
So in short, Is it possible to rewrite the packet in the router,