similar to: can I use tos and fwmark at the same time?

Hi, this is my Linux Box ---------------------------- LAN 1 -----|--eth1 <---br1--->eth0.1 | | \ | | eth0--|----- 802.1q tagged 1 Mbps link | / | LAN 2 -----|--eth2 <---br2--->eth0.2 | ---------------------------- I have to bridge the 2 lans

Hi all, I want to divide the incoming traffic between what should go to the firewall and what should be forwarded to the local network behind it. I started with the IMQ example config, but added an extra htb class right below "10:1" to get the two sfq''s to borrow each other''s bandwidth. However, I can''t figure out how to set the two marks. According to this

Hi, I have a computer which is used as router/firewall/VPN with four network card. One connected on the LAN (br0, 10.0.0.0/24), the three others to three different ISP, eth0 192.168.1.0/29, eth1 192.168.0.0/24, eth2 192.168.2.0/29. This computer is under Linux 2.6.11 with the Julian Anastasov routes patch. The configuration by default is to balance the load on the three interfaces. Then, I

Hi guys im trying to make a port redirecction using iproute together with iptables mangle option .. but for some strange reason is not working yet, I know i can do it in a diferent way, but the idea is using packet marking and redirect the packets with a rule. I have two computers PC1 and PC2 PC1: 192.168.0.1 this is the one connected to internet, and this machine make the redirection PC2:

Suppose: ipchains -A forward -s inside_net -d 0/0 -j MASQ -m 100 (similar setup with iptables: iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j SNAT iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j MARK --set_mark 100) eth0 = outside iface eth1 = inside iface now: tc filter add dev eth0 ... handle 100 fw should catch packets marked by the above rule in ipchains (iptables). Ok. When

Hello! I''ve put some questions on this list some weeks ago and I''ve got good answers. Thank you! Now I''ve finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for

Could someone comment on the benefits of using CLASSIFY vs fwmark (or vice versa) in iptables? I''m getting ready to implement some basic tc for VoIP and most of the examples seem to use the (older?) fwmark syntax. Should I convert these to CLASSIFY? Can the two syntaxes be mixed? Also with U32? TIA, Edwin -- <=+=+=+==+=+=+==+=+=+=+=+=+=+=+=> Edwin Whitelaw, P.E. New River

Hi, I am trying to setup a shaper for my linux box and I am experiencing some problems. What I am trying to do is priorizing packets on the egress link, therefore I have setup some prio classes etc. The priorizing seem to work but the problem is that the ceil parameter doesnt seem to work on non leafs. This is what stats show: > class htb 1:1 root rate 3000bit ceil 3000bit burst 1602b/8 mpu

Hy, I would want to mark the packets that are entering in a machine, with a mark for using diffserv with DSMARK. My machine has 2 interfaces, a ethernet and a wireless. The ethernet interface is eth1 and the other is wifi0. Firs, I would want to test that I would be able to mark the tos of the paquets that I would be receiving, for this I write in the console of my linux: iptables -A

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

Hello everybody. I would like to do some kind of shaping inside an ipsec tunnel implemented by Openswan and linux 2.6.18.x with xfrm (no KLIPS): for example, to limit outbound smtp traffic inside the tunnel. Question: where should I attach the qdisc to? Eth0? I''m asking this, because tcpdump only see the ESP packet on the eth0 and not the ''clear'' packet. TIA This is my

Hi everybody, I''m trying to set up routing for 2 links to the internet on a box which produces traffic itself (e.g. DNS) and will route all our local traffic. AS one route is quick and expensive and the other one slow and cheap, I want to be able to route packets for some high-level protocols to the second link. If I correctly understood table 3-2 in

i''ve read your http://lartc.org/howto/lartc.rpdb.multiple-links.html article as well as Advanced IP Routing (esp. chapter 10.4) and still unable to make this thing work. am i that helpless? :) is there anyone to guide me through the multiple ISP setup? into details. i got 2 dsl connections from different ISPs (A and B), both connections use PPPoE, both got assigned with dynamic IPs

Hello! I have an internet connection of 64kbps garanteed in a channel of 256kbps. On this connection the metropolitan speed is 10Mbps and in the provider''s network the speed is 100Mbps. I have a few clients behind my linux box and i want to set up some limitations because some of them are using it irrational. I am marking the packets with 0 for internet; 1 for metropolitan 2 for

Hello, I''m trying to get my shaper to work, but have only a partial success. Can someone help me with that. My setup unfortunately is not so trivial, but I think some people could have similar one... 1. There is a router connected to the internet line via interface eth0 2. There are users connected to the router via two interfaces : eth1 and wlan0 3. All users are assigned private IP

how can I check whether packets are being marked as per my tcrules file? 4 0.0.0.0/0 202.37.230.93 udp 500 4 fw 0.0.0.0/0 udp 500 also can someone confirm what ports are needed to be opened for ipsec? 1701,1723,47,500 ??? P.

Hi all, Below is my network diagram: - eth0 (adsl 1) eth1 (adsl 2) | | | | | | | | ----------------- | | | Gateway | | | ----------------- | | | tun0 Below is my iptables scripting to mark certain ports: -

i am trying to do some traffic classification using the PRIO qdisc and i am having a few problems. I have a root htb class: tc qdisc add dev imq0 root handle 1: htb default 255 r2q 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 768kbit and a child PRIO tc class add dev imq0 parent 1:1 classid 1:99 htb rate 96kbit ceil 600kbit prio 0 tc qdisc add dev imq0 parent 1:99 prio tc filter

Hi gurus, I need a way to do SNAT based on source mac before routing. This is because hosts attached to my gateway can have duplicate IP addresses, and I have to distinguish over them. I tried to use the nat tool that comes with iproute2, but this force to make a mapping only address to address, and I wanted to do it by mark (I also use iptables to do that). For example, I tried to

Hello, my linux show me that: server2 root # ip route add default scope global nexthop via 192.168.5.1 dev eth2 weight 1 nexthop via 192.168.160.1 dev eth0 weight 1 RTNETLINK answers: Invalid argument What can I do???? Thanks Matias --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.726 / Virus Database: 481 - Release Date: