similar to: Using iptables level7/ipp2p match in a bridge

Does anyone know if load balancing and DNAT work well together? I know that load balancing and NAT do not, but what about a simple port forward? I can''t apply Julian Anastasov''s patches, because they don''t work with PPTP patches. :/ Anyhow, a simple: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport xxx -j DNAT --to yyy:xxx iptables -I FORWARD -i eth0 -d yyy -p

The LARTC howto correctly describes load balancing and split access for traffic from a machine with multiple ISP connections (http://www.lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS) -- *provided* the traffic originates from the machine itself (i.e. traffic regularly handled by the INPUT and OUTPUT chains of iptables). When forwarding traffic from an attached local network, the following

I have tried using iptraf for my NAT firewall to analyse the IP traffic. Basically I am faced with this difficulty of related the source IP to the outgoing interface to the internet, so I am wondering if anyone has a suggestion for a different ways to do it, or a suggestion for a better tool. Details :- Supposed : eth0 - LAN eth1 - WAN1 eth2 - WAN2 And then

This problem is driving nuts, so I am seeking help here. Your help will be deeply appreciated. I have made myself a Linux bridge with eth1 and eth0 to form br0. Then I run a script to configure tc with htb on it. But I can never match non-icmp traffic ( such as tcp and udp ) with TOS or DSCP values such as 0x68. The full story as follows :- 1. On the source testing machine, I do this to set

Normally when we talk about traffic control, we are talking about doing traffic control (tc) using a router, ie packets into an interface and based on routing, they goes out to somewhere else. However I have a box with two interfaces, eth0 and eth1 added to a bridge br0 and I would like to perform traffic control via the two interfaces. Is that supposed to work the same as the router

I have a requirement which I guess it is not too unusually, however I haven''t quite figured out how to do it and couldn''t find any examples which handle that. I have made myself a Linux-based bridge, eth0 bridged with eth1 to form br0. In this bridge, I run ''tc'' script to handle QoS. So far nothing unusual. However, what''s different is that this

lartc-request@mail man.ds9a.nl To: lartc@mailman.ds9a.nl Sent by: cc: lartc-bounces@mail Subject: LARTC Digest, Vol 20, Issue 13

As you are probably aware, this is a ever green topic. I have personally tried doing it, testing it and verifying it and I am myself finding this problem challenging and frustrating. Most of the scripts will recommend some form of rate limiting ( or policing ) on the download. But the challenge is how to determine the correct value for the policing ? Lot of the recommendation says use x %

hi there, I just wanted to share a recent discovery I did on how to setup a secure VPN implementation for linux 2.4.x (I''m using 2.4.20 but it should be working, as far as documentation states, for > 2.4.18) without using FreeS/WAN. The tool (ipsec_tunnel: http://ringstrom.mine.nu/ipsec_tunnel/, by Tobias Ringström) is a kernel module based on ipip and ip_gre. It uses CyptoAPI to

Assuming if I have rules matching the same packet, the one chosen is the lower preference value or the high ? For example # ip rule list .... 100 from 192.168.1.0/24 lookup main 200 from all fwmark 5 lookup first ..... Packet is matching both rules, the one with priority/preference 100 or 200 is selected ? _______________________________________________ LARTC mailing list /

Hi I using ipp2p to block p2p traffic. How to enable to use p2p to me host in my net ? I using this setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP This setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -d ! mynet -j DROP iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -s ! mynet -j DROP not

Hey guys, I''ve just built a sparc64 (Ultra/5) based firewall with ipp2p compiled as a module and I''m constantly getting the following message in my logs: Kernel unaligned access at TPC[100f8490] search_all_edk+0x20/0x4c [ipt_ipp2p] I''m running the following versions: - Kernel 2.6.22 - ipp2p 0.8.2-r4 - iptables 1.3.8-r1 Any thoughts?

Hi, The new version ipp2p 0.8.0 is released. Klaus -- www.ipp2p.com

Hi, I get this error when trying to insmod the ipp2p kernel module: "insmod: error inserting ''ipt_ipp2p.ko'': -1 Invalid module format" in the kernel log: "ipt_ipp2p: disagrees about version of symbol struct_module" Kernel version 2.6.20.4 iptables version: 1.3.5 ipp2p version: 0.8.2 (latest) Anyone tried ipp2p with kernel 2.6.20? Best Regards Niclas

Hello every body: I have RedHat fedora core 2 machine, using iptables and squid. I am having a lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have installed ipp2p from rpm. Every thing was ok until I use iptables rules. I get this error. [root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP iptables: No chain/target/match by that name sames

Hi, can anybody comment on the cost of matching with IPP2P vs. Layer7. Also, does a iptables rule with more complicated matching mechanism also slow down processing if all the packets are matched before they reach the rule. I.e. is the mere existence of a potentially costly rule already slowing down processing or only if packets are actually processed by it? Thanks very much in advance.

Hi, I''m using following rule in /etc/shorewall/rules REJECT:ULOG:P2P loc net ipp2p:all ipp2p iptables -L : Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ULOG all -- anywhere anywhere ipp2p v0.8.2--ipp2p ULOG

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the

Hello, I guess a few of you know about the iptables-p2p project at the http://sourceforge.net/projects/iptables-p2p site. This suite has an excellent filter of which I use today and its running very smoothly. The main reason why I use this is because I desperately need to block torrents. IPP2P does not do this at this time (it seems to me in the doc at least). Is it maybe some way we could merge

Hello, can anybody interpret what the following means: [root@funke ipp2p-0.8.0]# iptables -t mangle -A MarkList0x666-ipp2p -p tcp -m ipp2p --edk -j MarkSet0x666 iptables: Unknown error 4294967295 ----- I have installed ipp2p-0.8.0 via: make copied ipt_ipp2p.ko to my kernel lib dir copied libipt_ipp2p.so to my iptables lib dir insmod ipt_ipp2p gives the following in dmesg: IPP2P v0.8.0