similar to: Pb routing/fwmark

Hi, I use for a customer a Linux router/firewall with 1 internal interface connected to the LAN and 3 external interfaces connected to 3 different ISP. I use a kernel 2.6.17 with a routes patch from Julian Anastasov. I mark outgoing FTP traffic for the routing. With the rules below I do not have a problem with the active/normal FTP to connect on FTP server. But the passive FTP does not pass

i''m using one line on eth2 only for web traffic eth1 is my internal line and eth0 is my main line to internet . i''m marking packets like this i have default route on eth0 iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK --set-mark 66 iptables -t mangle -A PREROUTING -i eth1 -p tcp --sport 80 -j MARK --set-mark 66 iptables -t mangle -A PREROUTING -i eth1

I have 2 internet connections and i;m trying to use squid as transparent proxy but every time squid is using first internet line but i want to use second internet line . i have this settings and without squid it''s working i have default route on the first internet connection. iptables -t nat -I POSTROUTING -o eth2 -p tcp --dport 80 -s 192.168.0.0/24 -d ! 192.168.0.0/16 -j SNAT --to

Hi, I regularly have errors (kernel: dst cache overflow) and crash of a firewall under Linux 2.6.17 and the route patch from Julian Anastasov. With rtstat I see that the route cache size increases regularly without never decreasing. I have this parameters: fw:/proc/sys/net/ipv4/route# grep . * error_burst:1250 error_cost:250 gc_elasticity:15 gc_interval:60 gc_min_interval:0

Hello lartc maintainers and users! I have a router with two NICs. One NIC is connected to the Internet and the other to my internal LAN. I made a script for priorizing interactive traffic. The script matches TOS Minimize-Delay for priorizing interactive trafic, and fwmark for metropolitan packets. I have two root classes (simulating two circuits) : 1:1 for internet and 1:3 for metropolitan.

Hi all !! I would to like to mark and route some kind of traffic (ie: outbound www, now by simplicity) ---inet1--------eth0------------| | | linux | --eth1------- clientes ---inet2(90.0.0.1)--------eth2-| | I have eth0 and eth1 bridged (eth2 is not bridged). I would to route www outbound clients

Hi all !! I would to like to mark and route some kind of traffic (ie: outbound www, now by simplicity) ---inet1--------eth0------------| | | linux | --eth1------- clientes ---inet2(90.0.0.1)--------eth2-| | I have eth0 and eth1 bridged (eth2 is not bridged). I would to route www outbound clients

Hi all iam using Iptables+TC+HTB on Redhat 9 working fine with the bandwidth control I am taging my eth1 with Vlan interface with Cisco Switch when even though i have mention ceil, its crossing more than Ceil, when they are effected Virus in their network or DoS attacks, its should be control the mentioned Ceil right, why this uploads are increaing.. when the uploads are increased all the

Hi guys im trying to make a port redirecction using iproute together with iptables mangle option .. but for some strange reason is not working yet, I know i can do it in a diferent way, but the idea is using packet marking and redirect the packets with a rule. I have two computers PC1 and PC2 PC1: 192.168.0.1 this is the one connected to internet, and this machine make the redirection PC2:

i''ve read your http://lartc.org/howto/lartc.rpdb.multiple-links.html article as well as Advanced IP Routing (esp. chapter 10.4) and still unable to make this thing work. am i that helpless? :) is there anyone to guide me through the multiple ISP setup? into details. i got 2 dsl connections from different ISPs (A and B), both connections use PPPoE, both got assigned with dynamic IPs

Maybe a strange request, I''ll try to explain this as clearer as I can (forgive my bad english, please :-) ). I''m setting a linux box as a router. My router uses multiple routing tables, so I can address the traffic from specific ip addresses of my lan to distinct ISPs providers (specifying a different default gateway fo r each table), marking packets with iptables

Dear all Lartc, I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian sarge) 3 NIC router, I want all my users conneted with ISP1 and just some IP connected with ISP2 Here is my configuration: Internal network: 10.117.71.0/24 Interface eth0 ISP1: IP for my linux box: 1.2.3.4/29 Interface: eth1 Gateway: 1.2.3.5 ISP2: IP for my

Hello, people. I read iptables tutorial and lartc, but i''m still confused with one trouble. May be this question was discussed already, so forward me solution, if is. So, there''s a trouble. I have debian etch linux. 2.6.18-4 kernel. On this computer i have three interfaces: eth0 - my lan, eth1, eth2 - providers. By default all internet traffic routed through eth2. But i

Hi, I have the my gateway with load balancing traffic going out over two providers. Web browsing is fine...working great. But, my clients (office staff) complains that MSN keeps disconnecting (in 5 mins). Why? Please help me... Regards, ro0ot

HI All , I am running a FC6 box with two internet links with load balance . Every thing is working fine expect the MSN connection that failed and reconnect every time and SSL connections . I would link to know if with the nona howto I could fix that . I have been tried with no success to redirect that connection only to one link but its look like do not work . Here my configuration :

Hello to all people there . Can i guarantee ICMP respond time no metter how loaded is internet line . i have typical NATed enviroiment like External IP |linux router| LAN - 192.168.0.0/24 i have example setup with IMQ but is it possible to be done also if i attache htb to eth0 and eth1 for example . if i start shaper ping i better that without shaper but it''s not guarantted i mean

I try to shape traffic using HTB and mark packets within iptables using PREROUTING. But the filterrules seems to ignore the marks set with PREROUTING Only POSTROUTING marks are accepted. First my configuration I have a router connected to the internet via ADSL over interface ppp0. eth0 is a tunnel to ppp0 and eth1 serves the LAN. LAN is 192.168.57.0/24 on 10Mbit ppp0 is 80.126.16.44 on

Hi Here is a short description of my network: ppp0 (adsl) ppp1 (adsl) | | | | --------------------- | Router | | Firewall | | MASQUERAD | | DNAT | | | | eth0 | --------------------- | | | ---------------------- |

Hi all, I need to route local generated packages depending on which tcp or udp service I need to use. To accomplish this I have configured two routing tables: [root at lothlorien ~]# ip ru ls 0: from all lookup 255 32762: from all fwmark 0x2 lookup FirstLan 32763: from all fwmark 0x1 lookup SecondLan 32764: from 172.25.80.10 lookup SecondLan 32765: from 172.25.70.18 lookup FirstLan