similar to: brouting on interfaces without IP address

Hi, Sorry to bother you all. I have a typical problem sharing DSL upstream bandwidth with users. I have 3 types of traffic high-priority, medium-priority and low priority. My upstream rate is 960kbits. Traffic (any priority) can vary in bandwidth from 0 to 960kbits. I have a test setup where I can pump 600kbit of high priority sustained and I have 400kbit of low priority traffic sustained. I

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

Still learning Xen, and would like to know if it''s possible to run Squid in D0 when running in bridging mode. I have iptables and ebtables going, and am able to log packets with those, but can''t seem to get any traffic out of the bridge into Squid in D0 (or through iptables in D0, for that matter). Information I''ve gathered so far is that I need

Hi Rahul, If you're certain that your problem isn't as Stephen suggested, you might want to have a look at this: --- (From http://ebtables.sourceforge.net/brnf-faq.html <http://ebtables.sourceforge.net/brnf-faq.html> ) How do I let vlan-tagged traffic go through a vlan bridge port and the other traffic through a non-vlan bridge port? Suppose eth0 and eth0.15 are ports of br0.

Good morning, I''m writing to ask for collaboration in finding an improvement to a particular process. Today: To get traffic for our IDS sensors and a billing system, we collect everything at our core switches (2) by connecting a SPAN port from each switch to a server (so, 2 interfaces collecting traffic). That server changes the destination MAC address on all traffic to that of

https://bugzilla.netfilter.org/show_bug.cgi?id=1316 Bug ID: 1316 Summary: ebtables-nft support for broute Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables over nftable Assignee: pablo at

Hi, I tried sending this earlier, but it didn't come through. Apologies if this appers twice on the list. I'm running bridging using the brouter setup described on this page: http://ebtables.sourceforge.net/examples.html "Making a brouter". The setup described there is like this: ifconfig br0 0.0.0.0 ifconfig eth0 172.16.1.1 netmask 255.255.255.0 ifconfig eth1 172.16.2.1

Hello! I have the following setup: 1) a connection to my ISP with a public IP (1.2.3.4) with the gateway 1.2.3.1 2) an allocated IP class with 64 addresses (5.6.7.192/26) 3) two LANs connected through two NICs: a) 192.168.0.0/24 on eth1 (192.168.0.1) b) 10.0.0.0/24 on eth2 (10.0.0.1) The IPs from the allocated class are all assigned to eth0. The networks are SNATed to the external IP and

Hello list, I've posted here about this before, but I realise that it may have been assumed that the bridged vlans simply put a switch port in a blocking state and left my question ignored. So to recap. I have two tg3 interfaces named 'in' and 'out' and a bridge named 'br0' My vlan trunk is on the 'in' side of the network, and set as in.2, in.3 ... The

Hi all, This is my first post to this list. I hope someone can help me, I have been getting grey hairs trying to make this work! I have a bridge setup on a debian sarge box. The bridge is called br0 and sits between my cable modem and a non-name brand router/switch: [cable modem]----[eth1]---[br0]----[eth2]-----[no-name brand router] I have squid setup on the linux box and it works, I have

I think I may have fixed my memory leaks, and it may be that it was nothing to do with xen... the machine has been up for 10 days now which is the longest it has lasted in quite a while. I changed the way the bridges and vlans worked together, previously I had it configured thus: trunk = renamed Ethernet interface br0 = bridge of trunk and any domU I wanted on vlan1 br0.2 = vlan 2 on trunk br1 =

Hello. I''m trying to use vlan in domU, but have something strange: I created bridge on eth0. This interface was configured as trunk with vlan 300, 301. I use this bridge in my domU, and I can see tagged packets when run tcpdump in domU. Also I created interface on domU to work with vlan 300. On this interface I see untagged packets in vlan300. And everything looks fine. But when

Hello all. I know this does not directly relay to Ethernet bridging but I need some advise... anyone want to give me some info/help on the subject. In the interest of multipath routing I need to know if it is possible to do a one-way arp spoof. Lets start with the machines layout... br1------ADSL br2------cisco router-----serial line. br0-----Internal network. I already have

Hi I have been using Shorewall for a while now and find it very useful and easy to configure, I am learning iptables and having trouble getting the bridge to successfully work with squid, although I get it working with Shorewall straight away? Does anyone know the rules to successfully use squid with a transparent bridge? Internet – router - (bridge eth0 – eth1) – local lan auto lo iface lo

Hello all, I am having some trouble getting a firewall filter to work with TC. I am actually setting the mark via EBTables (which is working as far as I can tell, I am also logging the packet and my syslog reports lots of marks): ebtables -t broute -A BROUTING -p ipv4 -i eth1 -s 08:00:46:60:B3:57 -j mark --set-mark 7 --mark-target CONTINUE --log --log-level debug --log-prefix "EBFW Mark

Hi installed Debian with bridging enabled then I install squid. Squid work if I manually enter proxy setting in firefox. Then I ran the following to make it transparent: echo 1 > /proc/sys/net/ipv4/ip_forward ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80

I hope this list is still active. I''m an experienced Linux Sysadmin, but I haven''t done much in the way of routing. Due to a decision made by my higherups, I need to jam a computer between my ISP and my LAN to do bandwidth throttling. My current setup: 1 Crappy Cable Modem (7Mb/768Kb connection) with a static IP. 4 servers (all have static, routable IPs) - One of which is

Hi, I''ve asked this elsewhere and received hints but no one seems to have a concrete explanation :- What I am looking to do is to be able to configure a Linux based router to be able to share THE SAME SINGLE Public IP address between the linux router and a single computer on the lan acting as the DMZ host (NOT normal NAT IP sharing !). So basically you have a linux router with two

Hi, First, some software versions, just to get them out of the way: - CentOS 5.x through Centos 6.2 - Ruby 1.8.5 - 1.8.7 - Puppet 2.7.19 - Facter 1.6.11 Just a note - we''re working from the EPEL repos almost exclusively. I am working with the firewall module, and so far I am unable to use firewallchain. Some digging suggests that it''s not completely user error (though I

Hi, it seems that "ip address delete" will delete all addresses of the same class on an interface if it is ordered to only delete the first one: # ip a f eth0 # ip a l eth0 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether xx:xx:xx:xx:xx:xx # ip a a 192.168.a.b brd + dev eth0 # ip a a 192.168.c.d brd + dev eth0 # ip a d 192.168.a.b brd + dev