Displaying 20 results from an estimated 7000 matches similar to: "Proxy ARP and UDP"
2006 Apr 04
0
RE: Proxy ARP and UDP
I found the problem! It was me and it was dumb...
This was the network layout:
10.10.10.0/24 1.2.3.0/27
10.10.10.n
internal hosts
|
<----+-----+--------+ +-------+------>to the Internet
| | | |
Proxied | | |
H.323 device Firewall Router
eth1 eth0
1.2.3.11
2005 May 30
4
Very simple traffic shaping script for H.323
Hello -
What I want to do seems very simple - I want to make sure any H.323
traffic gets processed before anything else entering or leaving this
network. The network has a videoconferencing device on the LAN at
192.168.16.4. A Linux firewall NATs an external IP Address to this
internal address and I have appropriate SNAT and DNAT rules that work.
The NAT and connection tracking rules all work
2007 May 30
4
Proxy ARP with a Coyote Point equalizer
Here is a puzzle.
I have a network with several servers. It''s a mess. It''s a /24 and
pieces and servers are all over the place inside this /24 block, on both
sides of the firewall. For example, the router at 1.2.3.1 is outside
the firewall and many of the servers at 1.2.3.nnn/24 are behind the
firewall. (Obviously, 1.2.3.nnn is a fudged network.)
eth0 points outward to
2004 Dec 21
5
Is ''publish'' proxy arp still broken ?
Can''t get proxy arp with arp -s <IPaddr> <MACaddr> pub
to work with a 2.4 kernel. I see some evidence in the archive
that this was broken in the 2.0.x timeframe and never fixed.
Anyone know for sure if it''s broken or working ?
(I''m attempting to route a few addresses into a routed
network, from the ethernet side of a DSL router that
has a /29 public
2006 Feb 20
0
(no subject)
Hello -
I am using kernel 2.4.27 and running into behavior I don''t know how to
explain.
I have 2 relevant interfaces. eth0 is external, eth1 is internal. My
internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied
up). I have an H.323 videoconference device inside my internal LAN, but
at IP Address 1.2.3.11/27. (IP Address dummied up.) I want to proxy
ARP this
2005 May 17
3
problem with the "arp" command (using the pub flag)
Hi all.
I experienced a strange behaviour in the "arp" command when I use the
"pub" (publishing) flag.
This is the scenario (I know it''s an unusual one, but it''s just for a test):
__________
| |
| host C |
| |
|__________|
|
__________|________________________________
2007 Jun 06
5
What I learned about Linux bridging
Here are some notes I have about Linux bridging. I''ll try to separate
what I know I know from what I think I know.
Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP
Address of, say, 1.2.3.2. This is how to do it:
echo "Setting up br0 to bridge eth0 with eth1 and eth2"
/usr/sbin/brctl addbr br0
/usr/sbin/brctl addif br0 eth0
2005 Sep 27
2
QoS-iptables-iproute-tc (doesn''t work together:S)
Hello i''m having some issues trying to match packets
using iptables mark, iproute filter and tc filter.-
i mean, when i do
iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK
--set-mark 20
iptables -t mangle -A PREROUTING -p tcp --dport 25 -j
MARK --set-mark 10
iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1
--dport 25 -j MARK --set-mark 10
$TC qdisc del dev $INET_IFACE root
$TC
2005 Dec 27
3
Ingress policing (matching netfilter marks)
Hi,
I''m having issues with policing my incoming traffic by matching packet marks
made by iptables. I''ve checked as many sites and guides as I can find, and I
seem to be doing the exact same thing as they all are, but there''s still no
success. As such, I was wondering if anyone can have a quick look to see if
I''ve done anything obviously stupid?
Essentially, I
2004 Nov 05
1
QoS and arp packets.
Hello list,
I''m having problems with HTB on a machine. I noticed that after a
while the machine seems off-line after i start the htb script. After
some debugging i realised the problem stays in the arp packets send by
the machine, which are delayed or dropped. Because of that i had to
remove the default class. Is there a way to match arp packets ?
because i want to add them to the class
2005 Dec 10
10
Marking packets by mac addr using tc filter u32 match?
Hi
Is there a way of marking packets by mac address instead of ip or ports
using a "tc filter u32 match"?
I read somewhere that I could use the offset -8 and -14 to grab the mac
addresses but if I use anything lower than -8, for example -9, I get an
error.
I''m modifying the wondershaper script to cap the download speed by mac
address.
Any sugestions?
2005 May 06
3
Broken filters?
Hi!
By iptables I set marking (-j MARK) just before -j IMQ.
There are only three marks. Exectly all of them are ditected to 1:20
Why I see 3 pkts in default 1:30?
How explain it?
### imq0: queueing disciplines
qdisc htb 1: r2q 10 default 30 direct_packets_stat 0
Sent 631429 bytes 1812 pkts (dropped 0, overlimits 20)
### imq0: traffic classes
class htb 1:20 root prio 0 rate 100Kbit ceil
2013 Jan 04
4
CentOS 6.3 as Firewall/Router
I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new
CentOS 6.3 system. In the olden days, I successfully used the attached
iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this
doesn't seem to be quite working on the new system.
Specifically, while it seems to be routing ok, you cannot connect to
anything on the inside net (e.g., with ssh or
2004 Oct 09
4
Does anyone have a working proxyARP setup?
If you have a working proxyARP setup, will you please post it?
I''ve tried to insert a Linux box between the DSL connection and the
switch, but I''m getting nowhere. Everything works correctly when all
the servers in this network use the switch to get to the DSL. Any box
directly connected to the DSL also works correctly.
http://www.sjdjweis.com/linux/proxyarp/
makes it sound
2007 Dec 06
3
How does one increase the output buffer size?
In 2.4 kernels, there was a [bp]fifo that could be implemented with ''tc
add'', but in 2.6 kernels, I find no way to create either of these
fifos. I am able to increase txqueuelen.
What I desire is a larger number of backlogged packetes before drops
occur.
How can the output buffer size be increased for HTB?
--
gypsy
2005 Dec 21
2
HTB droping packets
Hello,
I''m using htb3 with kernel 2.6.13 on debian testing release. I have a
hierarchy consisting of 10 parents clas each with 2 to 20 childs and every
child use sfq. The problem is when the default class become congested, the
system start to drop packets for 2 seconds all traffic is blocked, another 3
to 5 minutes all goes all and so on.
Anyone have any ideea about this ?
2010 Jan 21
2
Samba behind NAT
Hello All,
I have a strange problem regarding samba 3.0.37
I have samba server installed in the local network behind NAT, the
router iptables are configured as follows:
#samba
$IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV
$IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport
2004 Aug 16
1
question re ip rules logic
Hello everyone,
Please excuse these basic questions but I am new to Linux and I
am getting desperate for answers.
We are running redhat linux and after many hours of investigation I am
unable to get a certain ip rule and ip route command combination to work.
These are the software versions installed.
[root@c1b04a01 linux-2.4.21-15.EL]# uname -a
Linux c1b04a01 2.4.21-15.ELsmp #1 SMP Thu Apr
2005 May 24
3
equal-cost multipath in 2.6.7
I have question about multipath routing. I am running a 2.6.7 kernel (gentoo).
I have a route with three nexthops on the same interface. I see a
different nexthop being picked for different destination addresses.
All is fine.
Now if one of the nexthop goes down (arp entry times out and arp
request doesnt get a response), does it remove the nexthop from
contention and only use the remaining two
2005 Jan 22
2
Layer 7 packet classifier doesn''t recognize packets sent by the router itself
Hi there,
I have a little problem. I had this some months ago but didn''t solve it
back then. I have patched my kernel with Layer 7 support and patched my
iptables to support it, too.
Now I inserted this line in my firewall script on my router for testing
purpose:
$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7
--l7proto http -j DROP
It works, BUT only if the