similar to: Proxy ARP and UDP

I found the problem! It was me and it was dumb... This was the network layout: 10.10.10.0/24 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11

Hello - What I want to do seems very simple - I want to make sure any H.323 traffic gets processed before anything else entering or leaving this network. The network has a videoconferencing device on the LAN at 192.168.16.4. A Linux firewall NATs an external IP Address to this internal address and I have appropriate SNAT and DNAT rules that work. The NAT and connection tracking rules all work

Here is a puzzle. I have a network with several servers. It''s a mess. It''s a /24 and pieces and servers are all over the place inside this /24 block, on both sides of the firewall. For example, the router at 1.2.3.1 is outside the firewall and many of the servers at 1.2.3.nnn/24 are behind the firewall. (Obviously, 1.2.3.nnn is a fudged network.) eth0 points outward to

Can''t get proxy arp with arp -s <IPaddr> <MACaddr> pub to work with a 2.4 kernel. I see some evidence in the archive that this was broken in the 2.0.x timeframe and never fixed. Anyone know for sure if it''s broken or working ? (I''m attempting to route a few addresses into a routed network, from the ethernet side of a DSL router that has a /29 public

Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal LAN, but at IP Address 1.2.3.11/27. (IP Address dummied up.) I want to proxy ARP this

Hi all. I experienced a strange behaviour in the "arp" command when I use the "pub" (publishing) flag. This is the scenario (I know it''s an unusual one, but it''s just for a test): __________ | | | host C | | | |__________| | __________|________________________________

Here are some notes I have about Linux bridging. I''ll try to separate what I know I know from what I think I know. Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP Address of, say, 1.2.3.2. This is how to do it: echo "Setting up br0 to bridge eth0 with eth1 and eth2" /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0

Hello i''m having some issues trying to match packets using iptables mark, iproute filter and tc filter.- i mean, when i do iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 10 iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1 --dport 25 -j MARK --set-mark 10 $TC qdisc del dev $INET_IFACE root $TC

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hello list, I''m having problems with HTB on a machine. I noticed that after a while the machine seems off-line after i start the htb script. After some debugging i realised the problem stays in the arp packets send by the machine, which are delayed or dropped. Because of that i had to remove the default class. Is there a way to match arp packets ? because i want to add them to the class

Hi Is there a way of marking packets by mac address instead of ip or ports using a "tc filter u32 match"? I read somewhere that I could use the offset -8 and -14 to grab the mac addresses but if I use anything lower than -8, for example -9, I get an error. I''m modifying the wondershaper script to cap the download speed by mac address. Any sugestions?

Hi! By iptables I set marking (-j MARK) just before -j IMQ. There are only three marks. Exectly all of them are ditected to 1:20 Why I see 3 pkts in default 1:30? How explain it? ### imq0: queueing disciplines qdisc htb 1: r2q 10 default 30 direct_packets_stat 0 Sent 631429 bytes 1812 pkts (dropped 0, overlimits 20) ### imq0: traffic classes class htb 1:20 root prio 0 rate 100Kbit ceil

I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new CentOS 6.3 system. In the olden days, I successfully used the attached iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this doesn't seem to be quite working on the new system. Specifically, while it seems to be routing ok, you cannot connect to anything on the inside net (e.g., with ssh or

If you have a working proxyARP setup, will you please post it? I''ve tried to insert a Linux box between the DSL connection and the switch, but I''m getting nowhere. Everything works correctly when all the servers in this network use the switch to get to the DSL. Any box directly connected to the DSL also works correctly. http://www.sjdjweis.com/linux/proxyarp/ makes it sound

In 2.4 kernels, there was a [bp]fifo that could be implemented with ''tc add'', but in 2.6 kernels, I find no way to create either of these fifos. I am able to increase txqueuelen. What I desire is a larger number of backlogged packetes before drops occur. How can the output buffer size be increased for HTB? -- gypsy

Hello, I''m using htb3 with kernel 2.6.13 on debian testing release. I have a hierarchy consisting of 10 parents clas each with 2 to 20 childs and every child use sfq. The problem is when the default class become congested, the system start to drop packets for 2 seconds all traffic is blocked, another 3 to 5 minutes all goes all and so on. Anyone have any ideea about this ?

Hello All, I have a strange problem regarding samba 3.0.37 I have samba server installed in the local network behind NAT, the router iptables are configured as follows: #samba $IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV $IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport

Hello everyone, Please excuse these basic questions but I am new to Linux and I am getting desperate for answers. We are running redhat linux and after many hours of investigation I am unable to get a certain ip rule and ip route command combination to work. These are the software versions installed. [root@c1b04a01 linux-2.4.21-15.EL]# uname -a Linux c1b04a01 2.4.21-15.ELsmp #1 SMP Thu Apr

I have question about multipath routing. I am running a 2.6.7 kernel (gentoo). I have a route with three nexthops on the same interface. I see a different nexthop being picked for different destination addresses. All is fine. Now if one of the nexthop goes down (arp entry times out and arp request doesnt get a response), does it remove the nexthop from contention and only use the remaining two

Hi there, I have a little problem. I had this some months ago but didn''t solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too. Now I inserted this line in my firewall script on my router for testing purpose: $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP It works, BUT only if the