similar to: Routing for multiple interfaces (marking ports)

Hello all, I am having some difficults to make a routing rule work. I want that every P2P packages go to one interface (eth2 - cheaper link) nad the rest of the traffic go to another interface (eth0 - frame relay very expensive). I am using this script to make the mark and balance: ------- #!/bin/bash IPT="/usr/local/sbin/iptables" IP="/sbin/ip" #---- # Declara redes #----

Hello all, I am trying to configure a linux box to make some QoS into my netowork and, at the same box, control my clients bandwidth. I have this classes created: ---------------------------------------------------------------- UP="eth0" # wan infocontabil DL01="eth2" # lan clientes $TC qdisc del dev $DL01 root 2> /dev/null >

Hello all, I am trying to make a filter into my QoS rules and I founded that when I try to use filters u32 and with fwmark they do not work together. This is the filter I use, just and example, for u32: $TC filter add dev $DL parent 1:0 protocol ip prio 1 u32 match ip sport 22 0xffff flowid 1:10 This is working fine. Now if I try to mark a package that I want it to go to the same

Hello, I am trying to make a load balance at my box using two conections. I have compile my kernel with this patch routes-2.6.13-12.diff (tha I get from this website: http://www.linuxvirtualserver.org/~julian/#routes). The problem is that when I try to balance using weight sintaxe (i will put the script bellow) some conectios just drop. So I can enter some pages but other I could not...

Hello all, As I have promised I am sending my QoS rules. This now works fine with u32 classifier (and parent 1:0 that I could not understand why it did not worked well before). Att, Nataniel Klug ------------------------ #!/bin/sh #------ # Script de QoS Cyber Nett #------ # Nataniel Klug # suporte@cnett.com.br #------ TC="/sbin/tc" IPT="/usr/local/sbin/iptables"

Hello all, I have set my QoS solution and now I am facing a little problem... When I ping to my server it has some lost packages: Estatísticas do Ping para 172.30.0.1: Pacotes: SENDED = 1029, RETURNED = 880, LOST = 149 (14% de perda), Aproximar um número redondo de vezes em milissegundos: Mínimo = 0ms, Máximo = 686ms, Média = 105ms If I disable my QoS ping stats to be ok. I even have

Hi All Take a look and please tell what is wrong: root@prensa:~# $IPT -t mangle -F PREROUTING root@prensa:~# $IPT -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables: No chain/target/match by that name root@prensa:~# $IPT -t mangle -A PREROUTING -j CONNMARK iptables v1.3.4: CONNMARK target: No operation specified Try `iptables -h'' or

Hi all, I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4 with layer 7 My network diagram below: - INTERNET --- LINUX_ROUTER_FW --- PCs Below is my simple iptables script: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK --set-mark 1 iptables -t

Hello all, I am with a doubt about QoS solution... I have a 4 Mbit backbone coming from the telco I use... This is the link I serve to my clients, so I make this classes: $TC qdisc add dev $DL root handle 1: htb default 60 CLASS="/sbin/tc class add dev $DL parent" $CLASS 1: classid 1:1 htb rate 4096Kbit $CLASS 1:1 classid 1:10 htb rate 256Kbit ceil 3072Kbit burst 15k $CLASS 1:1

hi i recently searched in the mailinglist archive and found similar problems, whose solutions helped very much, thank you. i have the following scenario: a firewall with one lan interface eth0 10.1.1.1/24 and two uplink interfaces eth1 10.2.2.1/24 eth2 10.3.3.1/24 each uplink interface does SNAT: iptables -t nat -I POSTROUTING -o eth1 -j SNAT --to-source 10.2.2.1 iptables -t nat -I POSTROUTING

As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future. Final Rev of working script w/ asterisk support I'm not going to run alchemy on production machines until it is stablish. Remember to set your uplink properly and to set

Hello, Here is what I want to do: I have a patch that make me able to mark package by its nature useing layer 7. So I use this line to mark a packge (i will use msnmessenger like example): $IPT -t mangle -A POSTROUTING -m layer7 --l7proto msnmessenger -j MARK --set-mark 3001 Now I want that all packges with this mark get throu my gateway using the link at eth2 and all other packges use

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hi all, I have 2 ISPs on a Linux router and a local network with one Linux server and many windows. The local network is masqueraded. I want to give access to port 25 and 80 of my server from any incoming request (i.e. from my 2 ISP). I have made a DNAT translation, witch work but the outgoing answers are not routed correctly. Of course, the de-SNAT process is done before the routing process. So

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hello, Sorry for the many Ccs, but I hope to reach all parties involved. I want to do traffic shaping with NAT and I wanted to do it with IFB instead of IMQ [1]. I tried a lot of things but now I am stuck (and maybe confused). The setup: eth0 eth1 WAN/(Internet) <-> Linux Router <-> LAN Linux router: - does NAT for the LANs - runs local processes

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

[ I hope this isn''t a dupe. Evolution crashed on my last send and I see nothing in my logs that leads me to believe the mail made it out before the crash ] Well, it probably is working. I''m probably just misunderstanding something. Given routing rules that look like this: 0: from all lookup local 10000: from all fwmark 0x40 lookup CGCO 10001: from all fwmark 0x80

Hello, I am trying to shape p2p trafik to 256kbps on my dsl line. I wrote this set of commands: DEV=eth2 ip link set imq0 up tc qdisc add dev imq0 root handle 1:0 htb default 21 r2q 2 tc class add dev imq0 parent 1:0 classid 1:1 htb rate 530kbit tc class add dev imq0 parent 1:1 classid 1:20 htb rate 530kbit ceil 530kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:21 htb rate 64kbit

hi list I have a strange problem here. Maybe it is normal behavior and i search within the wrong direction. Probably someone here can give me a hint. I have a device (rhel4 kernel 2.6.9) with 3 interfaces. 2 interfaces (eth0, eth2) are bridged together (br0) and the bridge device has an ip address assigned (192.168.11.15). Another interface (eth1) has assigned 10.7.0.10. So far so good.