similar to: process id with firewall and tc

This patch changes HTB''s class storage from hash+lists to a two-level linear array, so it can do constant time (O(1)) class lookup by classid. It improves scalability for large number of classes. Without the patch, ~14k htb classes can starve a Xeon-3.2 at only 15kpps, using most of it''s cycles traversing lists in htb_find(). The patch eliminates this problem, and has a

Hi wondering if anyone can help. I have two NICs on a debian sarge based system and current running as a bridge (br0) which consists of eth0 and eth1. Is it possible to add a virtual interface to the eth1 so I can also do NAT on the box as well? I have tried many times and keep coming up with errors. Kind Regards William Bohannan

Hi I am currently learning iptables and would like to see the output of shorewall rules in iptables format, as I would like to make a script for the rules instead of using shorewall. Kind Regards William _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge? Internet – router - (bridge eth0 – eth1) – local lan auto lo iface lo

I am planning a setup with thousands of classes in a HTB qdisc, say from 1:1000 to 1:2000, each with a very small rate and a big ceil, for fair sharing of a 45mbit link. I suspect some problems could be lurking in there. Anyone having good/bad experience with such number of classes? Simon _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

I recently tried to swap server from an ancient Asus PIII machine running Fedora-8 to a Dell PowerEdge T105 running Centos-5.1 . Unfortunately, I have not been able to set it up to allow local machines to access the internet. I can access the internet directly from the server (which connects to an ADSL modem) but not from a laptop connected to the server through an ethernet hub or WiFi router.

> Send LARTC mailing list submissions to > lartc@mailman.ds9a.nl > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > or, via email, send a message with subject or body ''help'' to > lartc-request@mailman.ds9a.nl > > You can reach the person managing the list at >

Hello everybody, I am new to the lartc mailing list. I have been using "tc" for some time now. To be precise, tc & HTB to shape traffic. I did a lot of search on Google for 2 things: - A GUI to create configure new qdiscs & classes for HTB - A utility that will graph the data sent through all configured classes or qdiscs. I could not find anything. Could someone tell me if a

re I would like to do some firewalling and p2p shaping/limiting on one of the vlans in my network and I was thinking of using linux box as transparent bridged firewall/limiter. For this I''m planning to use AMD64 2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The box must be totally transparent and unseen in the network, as well as it should have much influence on

Hi I am having problems trying to get a time match with iptables 1.3.5 and the latest pom it says time match only works in the prerouting stage but I really need to use the classify command which only works in the postrouting. Does any one have a patch for 2.6 kernel, latest pom and iptables 1.3.5 so time matching can occur in the post routing? machinenemae login: ipt_time loading ipt_time:

Hello! I want to have firewall/monitor in wine. Configuring Linux firewall is an external solution that affects all programs etc. The idea is to create configuration file for black- and/or while- list that would be analysed by wine during connections requests. The brute way is to modify ws2_32 dll source directly, but maybe there is more accurate way. Could you suggest where to start digging?

Hello, Here is the situation. There is a machine with 3 intel gigabit card, 2 of them on PCI-X and in bridge, the 3rd is used only for management access. The machine is a dual Xeon 2.8GHz with HT. With 2.6.8 kernel from debian (testing) and htb with u32 on, i usually get about 30-40% software interrupts on CPU0 and CPU2, and without htb and u32, 10% less. Now, if I boot with 2.6.17.9 kernel,

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

Hi all, Does anyone know of a Linux firewall that offers layer 8 firewall / user level firewalling? Cyberoam (http://www.cyberoam.com/firewall.html) has a layer 8 firewall built into their UTM firewalls, and while it's a great product I find it a bit limited for what I want. I basically want to track which user access what on the internet, from an internal network. Ideally I want to limit

Hello in one of the emails I sent earlier ; mark (m.roth at 5-cent.us) mentioned: > install linux on a computer with two ethernet cards. connect eth0 to > your internet connection, and eth1 to your local network. configure > iptables firewall rules in the linux system. or install pfsense on that > same computer. Please if any one can help with more details and

HI! Does anybody has a ready solution for graphing the tc stats eg. from htb to cacti? Yours, _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

On Wed, 2003-07-09 at 08:53, Jonas Anderson wrote: > Hi! > > I''ve been searching for information about using Shorewall as a > bridging firewall. I wonder if you have any documentation regarding > this subject. > Shorewall doesn''t work with bridging. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA

Hi All, I want to build a dedicated firewall/router as I am launching a NPO and I can host this in my garage. (Comcast offered me a 100 x 20 circuit for $99/mo with 5 statics) I used to run Untangle, but as of version 9, you are forced to use their build in protocol policies versus the firewalling I am used to (Deny All and then opening holes for specific IP's, etc). There are so many