similar to: learning iptables

Not sure this is the correct place to post this but I am looking to have status of the firewall and traffic control (active, disabled, stopped etc) on a webpage controlled via something like pid as the machine has many things running on it, like firewall, traffic control, data collection for graphing the traffic flows, as well as other services like squid etc. Any ideas would be most helpful.

Hi, I am trying to compile "iproute2" (iproute2-2.4.7-now-ss020116-try.tar.gz, inclusively the latest HTB patch, activated diffserv components) on a SuSE-Linux 8.2 system (using "gcc 3.3", system based on "glibc 2.3.2"). It is no problem as long as I use the kernel header files of linux-2.4.20 (vanilla), linux-2.4.20.SuSE (special kernel patched by SuSE, shipped

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

Helle everybody, I am finishing a computer science degree and I would like to know how you use qos on Linux. Please take a few seconds to answer my questions I would like to know : - what type of qdisc you use - if it is only for tests or for a "real" use (what use) - how much qos box do you use - do you use anything else (Cisco, Unix ...) I don''t know if it is better

Hi wondering if anyone can help. I have two NICs on a debian sarge based system and current running as a bridge (br0) which consists of eth0 and eth1. Is it possible to add a virtual interface to the eth1 so I can also do NAT on the box as well? I have tried many times and keep coming up with errors. Kind Regards William Bohannan

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

> Send LARTC mailing list submissions to > lartc@mailman.ds9a.nl > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > or, via email, send a message with subject or body ''help'' to > lartc-request@mailman.ds9a.nl > > You can reach the person managing the list at >

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge? Internet – router - (bridge eth0 – eth1) – local lan auto lo iface lo

Hello, Is it possible to mark packets from particular IP and if it downloads over 100Kbytes, then it enters in CBQ shaper 32kbit/s for example ? My kernel is 2.4.22. If someone experimented with connection bytes patch please answer me. Regards, Todor Neshev _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc

I have found this problem while trying to see the active rules on IPTABLES: [root@worf root]# iptables --list /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: insmod

Hello, I setup iproute2 and iptables on my box, is a P4 2000 Ghz / 1GB memory. I have setup squid and iptables to be a transparent proxy, with cache. I''ve read on lartc.org almost everything and i want to ask if there is a u32 match for the connection time or something like that, or an u32 match for the packet number in a connection. All i want to do is shape the web traffic for long

I have a linux box with kernel 2.4.22 and iptables 1.2.9 First, i patch linux kernel with Norbet Buckmuller''s .diff #cd \usr\src\linux #patch -p1 < imq-combo-debian-2.4.22.diff All correct Second, i -try to- patch iptables (following www.linuximq.net/faq.html) #cd /usr/src/linux/net/ipv4/netfilter I edit IMQ.pom-ng.patch and replace $KERNEL_DIR with /usr/src/linux #patch

hi, anyone to know a tool that will display more friendly output ... probably a tree like structure (if no cross sections occur)... OR a top like output... thanx raptor _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello. The problems are: 1. Using HTB I get negative values for tokens and ctokens in tc -s output, for example: mich:~# tc -s -d class show dev eth0 class htb 1:11 parent 1:1 prio 1 quantum 1024 rate 8Kbit ceil 23Kbit burst 1609b/8 mpu 0b cburst 1628b/8 mpu 0b level 0 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) lended: 0 borrowed: 0 giants: 0 tokens: 1287999 ctokens: 453286 class htb 1:1

Hi all. I remember someone in here was at least affiliated with the above mentioned ipp2p-project (an extension to iptables that allows to match peer-to-peer traffic). About two weeks ago I tried to contact the author of this extension via the address that is mentioned on the project website, since I wanted to send in a patch, but with no success. At least I didn''t receive a reply.

Hello, I am using the IMQ with iptables (latest versions) and asking all packets to be enqueued to IMQ0 from both prerouting and postrouting (using different iptables rules to mark different streams). When I do this I get the kernel saying: "Dead loop on netdevice imq0, fix it urgently!" and communications stop intermittently. If I remove the jump from either preroute or postroute it

i''ve installed mrtg to make graphics of the trafic from the interfece throw the snmpd, and the same with ipac witch put iptables accounting rules colect them and store, and gets the output, but the "problem" is that ipac graphics are 3 times smaller that the snmpd. Why??? i did catch all the trafic with ipac so no problem here, and i know that ipac/iptables is at level 3, and

Hi, I have a box running with iptables and iproute2. it has 3 ethernet cards. One for the internet. another for LAN and yet another for DMZ. @ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall. Now , I want to forward port 80 to theese 3 web servers. How can I do it? I searched a lot from google. But, still no luck. -- Thank you Indunil Jayasooriya

Hi all I''m sure you have heard this before but sorry.I wrote a script once and never looked at it again.An as my luck will have it I need it now and it is gone.I''m trying my best to rewrite it:-( My 1st question is: If my server is a gateway and I''m marking packets for iptables should I use OUTPUT,INPUT,PREROUTING,POSTROUTING or FORWARD rules in iptables And If I

Greetings, I want to setup bandwidth restrictions for a few clients that use openvpn to connect to my server. I''m using iptables to mark the packets in the mangle table (PRE/POSTROUTING) on eth0 before they get sent via the tunnel. Will the mark survive even if the packets then get routed via an openvpn tunnel (tunX) out the box or does openvpn change it removing the mark ? damnit,