similar to: Re: Help in understanding routing/tables/chains

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

Hello, I have set up a multipath gateway. System is a linux 2.4.29 kernel, iproute 20010824, iptables 1.2.11. here is the setup: firewall:/# ip rule 0: from all lookup local 100: from all lookup main 152: from all fwmark 10 lookup wan1 153: from all fwmark 20 lookup wan2 201: from 213.223.96.121 lookup wan1 202: from 82.236.230.217 lookup wan2 1000: from

Hi! I have read all informations i could find, but some things are still not clear. My setup is: ---INTERNET1(eth0)-\ /- Local net1 (eth2) GW ---INTERNET2(eth1)-/ \- Local net2 (eth3) I have NAT and a working setup using HTB,SFQ, classifying with the iptables -j CLASSIFY way. I shape only the traffic coming from the internet heading to the intranet. I would like

Hello, I am using the IMQ with iptables (latest versions) and asking all packets to be enqueued to IMQ0 from both prerouting and postrouting (using different iptables rules to mark different streams). When I do this I get the kernel saying: "Dead loop on netdevice imq0, fix it urgently!" and communications stop intermittently. If I remove the jump from either preroute or postroute it

Howzit guys, I have a question that has been boggling my mind: i have 2 servers( firewalls) 1 server connected to main ISP and another to another ISP( only certain traffic 195.0.0.0/8) Server 1 to main ISP: lan: eth0 192.168.1.0/24 outside: eth1 196.15.203.194/30 gw 196.15.203.193 DMZ: eth3 196.16.202.209/28 (mailservers etc ) private: eth4 10.0.10.2/24 Server 2 to second ISP (

Hi, i am running imq + htb on my router , the situation is like this eth0 = uplink to my provider eth1 = 1st customer eth2 = 2nd customer eth3 = 3th customer eth0 has limit 512 and i want to share this between eth1 eth2 and eth3 , but not working , this is the script i used, \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ #!/bin/sh

Hi Tom, After two weeks of nightmares I decided ask You (and anyone reading this mail). Context is as follows: I try to update system on my central router from kernel 2.6.29.6 and Shorewall 4.2.6 (old) to kernel 2.6.31.6 and Shorewall 4.4.4.2 (new). This is LiveCD image boot (Devil-Linux distribution compiled by me), so config is this same. I have established ten OpenVPN tunnels and two

I have a gentoo 2.6.14 box with 4 nics, LAN/DMZ/PUB1/PUB2 LAN and DMZ have a 1918 /22 each, PUB1 and PUB2 have a /29 each of which 5 ips are assigned. Using the mangle table, I give all packets a mark (according to local policies) in the range 1-10. Using ip rule, i pass marks 1-5 through the pub1 route table, and marks 6-10 through the pub2 routing table. Using the nat table, I SNAT to one

Hi, I''m with a problem here on configuring our server to use multiple uplinks with different providers. The packet goes though on my way, but there is some lost packets that I don''t known where it''s going and causing my link to goes slow and stop sending/receiving data. Here i''m listing the route tables and the rules. It''s only for 1 IP.

Hi List, i have a realy strange problem with no solution yet, i''m using iproute together with the iptables mangle option, in a dmz network is a cisco pix present with another inet link behind, therefore i''m using the mangle option to split traffic on a protocol base like: iptables -A PREROUTING -t mangle -i eth1 -s 192.168.1.5 -p tcp --dport 80 -j MARK --set-mark 3 and add the

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hello all, After many time reading a lot of stuff I am quite confident using LARTC to route my trafic. I am still working on QoS (by package type and so on) but it will stay in my studing class for a long time... ;) So lets go to my question... I mounted a router that makes my conections throug 2 external interfaces. Its working fine and my default gateway for entire network behind

Hi all, I want to divide the incoming traffic between what should go to the firewall and what should be forwarded to the local network behind it. I started with the IMQ example config, but added an extra htb class right below "10:1" to get the two sfq''s to borrow each other''s bandwidth. However, I can''t figure out how to set the two marks. According to this

Hi, I am new in LARTC list. I had intermediate skills in networking. What I tried to do: Use 2 links with loadsharing + falt toletant (to add bandwitdh) ok ! I am use Debian Etch in router/fw With kernel debian default + routes-2.6.17-12.diff patch The Problem: The iproute2 just route thought the last gateway of nexthop rule. I was running tcpdump in 2 terminals, tcpdump -nni eth0 ...

Hello all, I am trying to configure a linux box to make some QoS into my netowork and, at the same box, control my clients bandwidth. I have this classes created: ---------------------------------------------------------------- UP="eth0" # wan infocontabil DL01="eth2" # lan clientes $TC qdisc del dev $DL01 root 2> /dev/null >

Hi, I am trying to set up a linux box to act as a router for my college. There are two different types of users; students and conference guests, and they have IPs statically assigned by DHCP, from separate ranges (but they are on the same subnet). The students go out onto an academic connection (via eth0), and conference guests go out on an ADSL line (via eth3). eth1 and eth2 are configured for

Hi, I been trying on ip rule fwmark and iptables MARK. I will show my testing in detail, but my ultimate question is why ONLY marking in Mangle OUTPUT tables works, but not others? Network Diagram ------------ 192.168.250.197 eth0 LINUX ROUTER eth1 192.168.8.88 ------------------ 192.168.8.112 eth0 Windows XP Client Steps (performed on LINUX ROUTER) (1) Delete route to 192.168.8.0 from

Hi, I have a problem with my script. I have a debian with a kernel 2.6.8 patched with patch-2.6.8-ja1.diff of nano.txt site. I have 3 internet connections : - eth1 : - ip : 192.168.8.75 - gw : 192.168.8.73 - eth2 : - ip : 192.168.1.200 - gw : 192.168.1.2 - eth3 : - ip : 192.168.2.200 - gw : 192.168.2.1 and my eth0 for

Hello, I''m trying to achieve the following. 2 ISP''s and 1 LAN with failover. So, when 1 internet connection fails the other need to take over. I''m aware of the restrictions. The current sessions are lost. I did this before, one and a half year ago or something. But at that router wasn''t failover. Now i''ve read the nano howto and followed it.

I have 2 connections to the internet. 1 is an ADSL the other is a 3MB link over satellite. This is a portion of my firewall script ip route flush table 3 2> /dev/null ip rule delete table 3 2> /dev/null ip route add table 3 127.0.0.0/8 dev lo scope link ip route add table 3 89.0.0.0/8 dev eth0 scope link ip rule add fwmark 3 table 3 ip route add table 3 default via $isp2_ip dev eth3 ip