Displaying 20 results from an estimated 30000 matches similar to: "learning iptables"
2006 Sep 16
2
process id with firewall and tc
Not sure this is the correct place to post this but I am looking to have
status of the firewall and traffic control (active, disabled, stopped etc)
on a webpage controlled via something like pid as the machine has many
things running on it, like firewall, traffic control, data collection for
graphing the traffic flows, as well as other services like squid etc. Any
ideas would be most helpful.
2003 Aug 18
6
Compile error "iproute2"
Hi,
I am trying to compile "iproute2" (iproute2-2.4.7-now-ss020116-try.tar.gz,
inclusively the latest HTB patch, activated diffserv components) on a
SuSE-Linux 8.2 system (using "gcc 3.3", system based on "glibc 2.3.2").
It is no problem as long as I use the kernel header files of linux-2.4.20
(vanilla), linux-2.4.20.SuSE (special kernel patched by SuSE, shipped
2006 Dec 14
5
blocking traffic on the FORWARD chain using physdev
Currently using physdev on a bridge to try and isolate certain paths
across and to the bridge. It all works except when trying to stop the
flow in one direction on the FORWARD chain?? Can someone please help??
Below is the testing done so far.
eth1 <---> BRIDGE <---> eth0
# Block (eth0 ---> eth1) - blocks both directions and not just one??
iptables -A FORWARD -m physdev
2003 Sep 04
2
Statistics
Helle everybody,
I am finishing a computer science degree and I would like to know how you
use qos on Linux.
Please take a few seconds to answer my questions
I would like to know :
- what type of qdisc you use
- if it is only for tests or for a "real" use (what use)
- how much qos box do you use
- do you use anything else (Cisco, Unix ...)
I don''t know if it is better
2007 May 28
9
2 NICs Bridge + Router
Hi wondering if anyone can help. I have two NICs on a debian sarge based
system and current running as a bridge (br0) which consists of eth0 and
eth1. Is it possible to add a virtual interface to the eth1 so I can
also do NAT on the box as well? I have tried many times and keep coming
up with errors.
Kind Regards
William Bohannan
2006 Dec 28
4
filter policy drop and allow transparent proxy
Trying to use the policy drop rule with the bridged firewall, when I
removed the first line the transparent proxy works great? It seems a
bit strange as from reading several articles on it I thought the
following occurs.
1st line - if it doest match it gets dropped on the local filter input.
2nd line - redirects the traffic off the link layer into the network
layer ready for line 3.
3rd line -
2006 Apr 27
1
Unsubscribe
> Send LARTC mailing list submissions to
> lartc@mailman.ds9a.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> or, via email, send a message with subject or body ''help'' to
> lartc-request@mailman.ds9a.nl
>
> You can reach the person managing the list at
>
2006 Jul 21
5
linux transparent bridge running squid
Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge?
Internet – router - (bridge eth0 – eth1) – local lan
auto lo
iface lo
2003 Nov 03
1
Iptables connbytes
Hello,
Is it possible to mark packets from particular IP and if it downloads
over 100Kbytes, then it enters in CBQ shaper 32kbit/s for example ?
My kernel is 2.4.22.
If someone experimented with connection bytes patch please answer me.
Regards,
Todor Neshev
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc
2003 Nov 18
1
Starting IPTables
I have found this problem while trying to see the active rules on IPTABLES:
[root@worf root]# iptables --list
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: init_module:
Device or resource busy
Hint: insmod errors can be caused by incorrect module parameters, including
invalid IO or IRQ parameters
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: insmod
2005 Jan 17
3
iproute2 + iptables - match the connection time or packets sent/recieved
Hello,
I setup iproute2 and iptables on my box, is a P4 2000 Ghz / 1GB memory.
I have setup squid and iptables to be a transparent proxy, with cache.
I''ve read on lartc.org almost everything and i want to ask if there is a u32
match for the connection time or something like that, or an u32 match for
the packet number in a connection.
All i want to do is shape the web traffic for long
2004 Apr 26
1
patching kernel and iptables for IMQ
I have a linux box with kernel 2.4.22 and iptables 1.2.9
First, i patch linux kernel with Norbet Buckmuller''s .diff
#cd \usr\src\linux
#patch -p1 < imq-combo-debian-2.4.22.diff
All correct
Second, i -try to- patch iptables (following www.linuximq.net/faq.html)
#cd /usr/src/linux/net/ipv4/netfilter
I edit IMQ.pom-ng.patch and replace $KERNEL_DIR with /usr/src/linux
#patch
2002 Oct 24
3
iptables output ?
hi,
anyone to know a tool that will display more friendly output ... probably a tree like structure (if no cross sections occur)...
OR a top like output...
thanx
raptor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
2004 Jun 30
3
HTB and iptables statistics
Hello.
The problems are:
1. Using HTB I get negative values for tokens and ctokens in tc -s
output, for example:
mich:~# tc -s -d class show dev eth0
class htb 1:11 parent 1:1 prio 1 quantum 1024 rate 8Kbit ceil 23Kbit burst 1609b/8 mpu 0b
cburst 1628b/8 mpu 0b level 0
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 1287999 ctokens: 453286
class htb 1:1
2004 May 10
2
Contact for iptables-extension "ipp2p"?
Hi all.
I remember someone in here was at least affiliated with the above
mentioned ipp2p-project (an extension to iptables that allows to match
peer-to-peer traffic). About two weeks ago I tried to contact the author
of this extension via the address that is mentioned on the project
website, since I wanted to send in a patch, but with no success. At
least I didn''t receive a reply.
2003 Feb 19
2
IMQ device problems with iptables: dead looping?
Hello,
I am using the IMQ with iptables (latest versions) and asking all packets to
be enqueued to IMQ0 from both prerouting and postrouting (using different
iptables rules to mark different streams). When I do this I get the kernel
saying:
"Dead loop on netdevice imq0, fix it urgently!" and communications stop
intermittently. If I remove the jump from either preroute or postroute it
2002 Oct 31
6
ipac/iptables + mrtg accounting
i''ve installed mrtg to make graphics of the trafic from the interfece
throw the snmpd, and the same with ipac witch put iptables accounting
rules colect them and store, and gets the output,
but the "problem" is that ipac graphics are 3 times smaller that the
snmpd. Why???
i did catch all the trafic with ipac so no problem here, and i know that
ipac/iptables is at level 3, and
2007 Dec 10
6
PAT HOW to - IPTABLES
Hi,
I have a box running with iptables and iproute2. it has 3 ethernet cards.
One for the internet. another for LAN and yet another for DMZ.
@ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall.
Now , I want to forward port 80 to theese 3 web servers.
How can I do it?
I searched a lot from google. But, still no luck.
--
Thank you
Indunil Jayasooriya
2004 Feb 09
1
htb,iptables
Hi all
I''m sure you have heard this before but sorry.I wrote a script once and
never looked at it again.An as my luck will have it I need it now and it
is gone.I''m trying my best to rewrite it:-(
My 1st question is: If my server is a gateway and I''m marking packets
for iptables should I use OUTPUT,INPUT,PREROUTING,POSTROUTING or FORWARD
rules in iptables
And
If I
2004 Aug 04
1
iptables mark + openvpn will the mark survive ?
Greetings,
I want to setup bandwidth restrictions for a few clients that use openvpn to
connect to my server. I''m using iptables to mark the packets in the mangle
table (PRE/POSTROUTING) on eth0 before they get sent via the tunnel. Will the
mark survive even if the packets then get routed via an openvpn tunnel (tunX)
out the box or does openvpn change it removing the mark ?
damnit,