similar to: How do I make the MARK target terminate in Iptables?

Greetings, I want to setup bandwidth restrictions for a few clients that use openvpn to connect to my server. I''m using iptables to mark the packets in the mangle table (PRE/POSTROUTING) on eth0 before they get sent via the tunnel. Will the mark survive even if the packets then get routed via an openvpn tunnel (tunX) out the box or does openvpn change it removing the mark ? damnit,

Hi All, I want to create chains to mark bag packets. my firewall has 3 network cards. eth0 - connected to internet. eth1 - connected to DMZ eth2 - connected to LAN eth0 only accepts SSH (tcp -port 22) and ICMP for pinging.. If it gets anything other than that, I want to create a new chain and log and DROP . what are the suitable rules for it? what about the below rule? iptables -A

Hi all, Short question: what happens with the mark on a packet once it''s out of the box? Is is usable in another computer in the network or the mark is only valid in the same box you''ve marked the packet? Thank you, Alex _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hello, I have a LINUX server with two internet connections available. I want all the traffic to go over the default route, but HTTP traffic to go over ISP2 line. Interfaces: eth1 192.168.2.254 - LAN 192.168.2.x ppp0 x.x.x.106 - remote gateway x.x.x.6 - ISP1 (default route) eth0 192.168.164.254 - remote gateway 192.168.164.113 - ISP2 (a hardware router) I have the following configuration: echo

This is more of a NF question but it is tightly related to LARTC as well. In the following example: -t mangle -A PREROUTING -i eth0 -j MARK 0x1 .... -t mangle -A INPUT -i eth0 -j MARK 0x2 Since MARK is a non-terminatring target, what would be the resulting mark on a packet comming from the outside and destined for a local process? Thanks P.S. I agree, the example looks stupid, but on the

hi all At last i got sucess !.. but am confused y it didnt work earlier..the difference today was that i reinstalled RH7.2 & complied kernel 2.4.16(not 17).. rest was same..... & the bandwidth too is under control!.. is it normal for to get more than said bandwidth--i mean i restricted a network with 8Kbit(with same script as below) but still was able to get a download(ftp) of

I have a lot question about tc-command because now i''m doing research to compare performance between HTB and HFSC so i''m doubt a lot thing and your reply are so very helpful me ... my question is 1. I''m use opensource (Mastershaper) for help to config traffic control but when i''m try to config HTB, I''m doubt about in each chain must identify

I have a lot question about tc-command because now i''m doing research to compare performance between HTB and HFSC so i''m doubt a lot thing and your reply are so very helpful me ... my question is 1. I''m use opensource (Mastershaper) for help to config traffic control but when i''m try to config HTB, I''m doubt about in each chain must identify fallback

1. HFSC have 4 curve such sc, rc, ls, ul and 1.1 In leaf class can specify rc for guarantee service (bandwidth and delay) and If want to sharing fairness exceess service, we must specify ls and ul curve too (ls curve with paramater m2 specify at lease sharing bandwidth in that class will receive and ul curve mean maximum bandwidth in that class will receive) so i''m doubt .. about if i

I have many iptables setmark commands, but as soon as there is one match, I would like to skip all the rest. How to do this. -------not-working-not-mark-zero-is-not-accepted--------- iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A

I have a lot question about tc-command because now i''m doing research to compare performance between HTB and  HFSC so i''m doubt a lot thing and your reply are so very helpful to me ... My question is In HTB tc command question 1. I''m use opensource (Mastershaper) for help to config traffic control but when i''m try to config HTB, I''m doubt about

Hello, I''m trying to configure a machine to send mail traffic out on eth0 and web traffic, via Squid, out of eth1, with the default gw on the eth0 interface. After spending most of the day of trying this and that and reading docs until my eye hurts, I have had zero luck making anything work expect for standard routing. The Advance Routing Howto makes it seams easy to do this, but I fear

Hello, my FLAC plugin to VDR is now running, but the decoder runs into an endless loop at the end of the song. Usually, blocks of 4608 samples are decoded, the last block only has 2220, so I assume this is really the end of the file: Samples decoded: 2220, current time: 292290, bits per sample: 16 Obtaining the decoder states after decoding this last block still looks like decoding should go

Hello list members, Finaly I''m here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don''t work at all for me. Let me explain a bit more in

Hi, I am trying to relate the lended and borrowed statistics to the others and, in particular, compare them with the assigned rates for each class. My understanding is that the lended and borrowed stats are expressed as a number of packets but over what time period do the numbers refer? In addition, for a particular class why do the lended and borrowed figures add up to the sent value? That

hi all, just wondering what everyone would think about iptables --append POSTROUTING or OUTPUT --table nat --jump rt_lookup this would ask for a new route lookup as a packet traverses the nat table (done once) and would enable the effective marking/routing of locally generated packets, as well as determining a potentially new out-interface, etc, after natting. can anyone comment on potential

Hi.... Help me please!!! I am using Linux Redhat as router of the my network. I am to making NAT and firewall. In my iptables script, I need make 3 MARKs for the same packet, as following # It marks the packets that will go for link ADSL (I have 2 links - adsl 2Mb and ''dedicate link'' 256Mb ) # I am using ''ip rule / ip route'' to make this iptables

Hi folks, I have a strange situation. When I add branches to the tree, everything goes to the default class. The error might be obvious, but I cannot find it. I would really appreciate your help. this works, nothing goes to "1:9999": ############################################################################# /sbin/iptables -F -t mangle /sbin/tc qdisc del dev eth1 root >

Brian The following (which is new to rw1030) occurs with both Windows 98 & Windows ME. I have not tested behaviour under Unix or Linux, but I expect it is no different. text.rpart() prints unwanted NAs (presumably in the splitting criterion position) on terminal nodes. Criterion <- factor(paste("Leaf", 1:5)) Node <- factor(1:5)

Hi, Host A has two interfaces: eth0, tap0. I want that all locally generated traffic from user 1004 goes through tap0. This is what I did: iptables -A OUTPUT -t mangle -m owner --uid-owner 1004 -j MARK --set-mark 2 echo 202 bigmac.out >> /etc/iproute2/rt_tables ip rule add fwmark 2 table bigmac.out ip route add default via 10.0.0.1 dev tap0 table bigmac.out ip route flush cache