similar to: Ingress policing (matching netfilter marks)

Hello All, I have a strange problem regarding samba 3.0.37 I have samba server installed in the local network behind NAT, the router iptables are configured as follows: #samba $IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV $IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport

I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new CentOS 6.3 system. In the olden days, I successfully used the attached iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this doesn't seem to be quite working on the new system. Specifically, while it seems to be routing ok, you cannot connect to anything on the inside net (e.g., with ssh or

Can you list more than one interface in the 'interfaces' config option? I have two interfaces, one that does nmbd and smbd to my LAN, and another that will browse-sync with a remote samba machine with the same configuration of two network cards. I'm looking to do something like this: interfaces = eth1 $LAN_IP/24 127.0.0.1/24 eth0 $INET_IP/24 bind interfaces only = yes Thanks,

Hi all i have big problem,I am newbie and my english is bad,but i know you can help solve my problem. I have box with gentoo,I live in latvia and i have 2 ISP: One isp gives me ip range from 62.85.71.1-62.85.71.15 (62.85.71.1 is gateway) but there is only latvian trafik - no other countries (link is 2 mbit Asinhronus dsl) and other isp who gives me one ip from dhcp adn there ios no trafik

Hello i''m having some issues trying to match packets using iptables mark, iproute filter and tc filter.- i mean, when i do iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 10 iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1 --dport 25 -j MARK --set-mark 10 $TC qdisc del dev $INET_IFACE root $TC

I found the problem! It was me and it was dumb... This was the network layout: 10.10.10.0/24 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11

Hi there, I have a little problem. I had this some months ago but didn''t solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too. Now I inserted this line in my firewall script on my router for testing purpose: $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP It works, BUT only if the

Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal

Hi all, When we create a custom chain in iptables, should we specifically create a rule to 'jump back' to the previous chain? For example: iptables -A INPUT -j CUSTOMCHAIN iptables -A CUSTOMCHAIN rule1 iptables -A CUSTOMCHAIN rule2 Should we add: iptables -A CUSTOMCHAIN -j INPUT ? Or, it will automatically go back to CHAIN when there's no more rule? Thank you very much, -- Fajar

Here are some notes I have about Linux bridging. I''ll try to separate what I know I know from what I think I know. Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP Address of, say, 1.2.3.2. This is how to do it: echo "Setting up br0 to bridge eth0 with eth1 and eth2" /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0

I put a bridging firewall together last winter (with some help) and have it= in production in front of a couple windows web and mail servers for going = on 6 months now. I used Fedora C1 with 2.4.22 kernel and 0.9.6 bridge-utils= . The bridge has solved a lot of security headaches. I use a modified start= up script written by David Whitmarsh that has worked really well. http://ww=

Hello - What I want to do seems very simple - I want to make sure any H.323 traffic gets processed before anything else entering or leaving this network. The network has a videoconferencing device on the LAN at 192.168.16.4. A Linux firewall NATs an external IP Address to this internal address and I have appropriate SNAT and DNAT rules that work. The NAT and connection tracking rules all work

Hi I am trying to implement a simple Samba server on a Slackware 10.1 machine running for a bunch of Windows users that also have unix accounts on the machine. Using webmin, I did convert the unix users to samba users (smbpasswd is located in /etc/samba/private). A possible problem is that I have very little experience using windows (haven't used any windows version regularly since

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

https://bugzilla.netfilter.org/show_bug.cgi?id=1077 Bug ID: 1077 Summary: New traffic reduces conntrack timeout Product: netfilter/iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: nf_conntrack Assignee: netfilter-buglog

Hi, If this is a redundant post I apologize. I am running 2.4.20 on what has been a very stable Athlon machine for months, tried to move a 2 GB file from an ext2 partition to an ext3 and kjournald crashed. Here are the last reminants of my shell scrollback: [*ROOT* mofo /mnt/sda1/mysql/fd 641 ] ll oldmail/ total 2363288 -rw-rw---- 1 mysql mysql 2147483647 Jan 23 18:04 maillog.MYD

Hi, If this is a redundant post I apologize. I am running 2.4.20 on what has been a very stable Athlon machine for months, tried to move a 2 GB file from an ext2 partition to an ext3 and kjournald crashed. Here are the last reminants of my shell scrollback: [*ROOT* mofo /mnt/sda1/mysql/fd 641 ] ll oldmail/ total 2363288 -rw-rw---- 1 mysql mysql 2147483647 Jan 23 18:04 maillog.MYD