Displaying 20 results from an estimated 200 matches similar to: "NAT & tc filter addresses"
2006 Apr 08
4
source routing does not work with extra ip addresses
I set up this config:
+------+
-+ ISP1 +--+
+------+ | +-------+
+--+ linux |
+------+ | +-------+
-+ ISP2 +--+
+------+
No problem. Standard setup with two ISP''s. Both routed subnets. Default
gateway is ISP1. No magic here.
Now I put a server behind the Linux box. I want the server to be
reachable on an /extra/ IP in the routed subnet of ISP2.
+------+
-+ ISP1
2004 Jan 15
3
Shaping Device Aliases
Hi.
I understand that device aliases (e.g. eth2:3) are not shapeable. Does
anybody know if this functionality is planned in the future?
Anyway, for the time being the only option that seems to leave is to
fwmark packets differently for each device alias and then shape based
on that.
Is it possible to set multiple marks on the packets? Alternatively, is
it possible to check for a specific
2004 Jan 29
1
RE: LARTC digest, Vol 1 #1564 - 6 msgs
Martin,
If I understand whay you are suggesting, there is a problem in your
design: It will only work if you use Hide NAT. The problem is that the
ip_src == IP0 rule is wrong: The ip_src is not changed by the router and
it is not equal to the IP of any of the machine interfaces.
Can you think of a solution that will work in the following reasonabl
scenario:
Lets say I have two T1 internet
2004 Jan 28
1
Problems with multipath routing.
Hi all, I have setup two multipath route tables on my system for doing
failover routing, What I want it''s that if GW at route1 of the MP is dead,
traffic goes by route2, for doing that I have created the multipath routes as
follows:
ip route add table mail.traffic proto static nexthop via ${GW1} dev eth1
weight 1 nexthop via ${GW2} dev eth1 weight 250
But it does not run as I
2004 May 06
3
tcng ingress policing question
Hi all
I started playing with tcng to generate my tc rules, but I have some
difficulty implementing my rules...
The script below generates an error:
# Device eth0
tc qdisc add dev eth0 ingress
beginner.tc:2: don''t know how to build meter for this
The script is below, I changed the real IP numbers for XXs and YYs,
since it doesn''t really matter what they are. eth0 is the
2005 Jul 13
6
tbf initial burst
I am using tbf to do bandwidth limitation. i found that when i start passing traffic there is a burst and then the rate goes down to what is configured. is this a known issue or do i need to change some parameters?
thanks.
---------------------------------
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
_______________________________________________
LARTC mailing list
2007 Jul 01
1
FW filter unused/unloaded ???
Hi all.
I''ve written a small htb script that uses U32 and FW (marked by IPTABLES) filters, but TC doesn''t seem to be using the "cls_fw.o" module !!!
I''m using redhat v9.0, kernel 2.4.8-20, iproute 2.4.7-7.
Here is my script:
==========================================================
#####################
#Interface definition
#####################
2004 Apr 20
1
[patch] Raw sockets in jails
Although RAW sockets can be used when specifying the source
address of packets (defeating one of the aspects of the jail)
some people may find it usefull to use utilities like ping(8)
or traceroute(8) from inside jails.
Enclosed is a patch I have written which gives you the option
of allowing prison-root to create raw sockets inside the prison,
so
2004 Aug 05
6
TC-ng questions/problems
Hi all,
We have 2 class C networks that are connected by a Linux router with the internet. We want to apply traffic control (bandwidth control). For that we wrote the tcc script below. We have 2 problems:
1. To establish a 2 megagit download we must actually set the value to 2500kbps. Is there a possible reason for that?
2. If we enable the WAN device we get very hight ping times (they change
2004 May 20
1
tcng configuration question??
Greetings all,
OK - just started playing around with traffic shaping - have imq and htb
and (I think) everything else I need in the kernel and running well. My
initial lab task was to protect a H.323 session over a simulated half T1
while adding bulk traffic - got that accomplished after slogging through
learning tc and decided in short order that a more intuitive interface
would be
2004 Jan 22
4
Problems with netfilter
Hi,
I have 2 internet connections (1 adsl/1 cable). I am try to route all
outgoing mail from the mail server (on the same box), through the ADSL
connection routing through the cable will mean mail will get rejected by AOL
:( I am using qmail as the mail server.
The configuration is:
eth0 : cable connection
ppp0 : adsl connection
eth2 : internal lan connection
I have configured split access as
2006 Feb 24
1
Multiple providers routing
HI folks,
I have a linux router connected to two separate internet
connection from an ISP. There is a third interface ( ip ->
192.168.1.1 ) in the router connected to the local network.
Configured the routing tables and added the rules and everything
seems to be working fine from the routing box. Traceroute to
external internet sites reveal that traffic is being routed
correctly and
2007 Jul 02
8
Kernel Packet Traveling Diagram
Hi,
I find this diagram which details the kernel packet traveling :
http://www.docum.org/docum.org/kptd/
Is it up to date ?
I made some test and I put a DNAT rules in the PREROUTING table of an
interface and I attach it a ingress policy, the dst IP wasn''t changed. the
DNAT it isn''t yet make.
I''ve another question (I''m not sure is it the good mailing list), for
2006 Feb 20
2
question about traffic control
Hi,
I have the following situation:
1 gateway box with 2 WAN interfaces (eth1 and eth2).
1 LAN interface eth0
default gateway is eth2
I want to route all traffic with destination protocol tcp 22 (ssh) NOT
over the default gateway eth2 but force them to find it''s route over
eth1.
All other traffic must go the normal way over eth2.
Is this possible with tc or an other tool?
--
2004 Apr 08
4
First Post: Question on Ip Aliasing
Hi All,
I did a google search on this and didn''t find exactly what I was looking
for. Suppose I have a machine that has an IP alias eth0:0. I have set
up HTB.init so that it properly throttles bandwidth on eth0, however
when I use eth0:0, it doesn''t work. I read elsewhere that it should
work at the PHYSICAL device layer, and should therefore work for both at
once. This is not
2004 May 05
3
Simple HTB setup with tcng
Hello all,
I am trying to set up a simple htb based system, where packets with
source ip 10.0.0.1 should have their own class.
I plan to use tcng to set it up easier.
Is there something wrong in my tcng file ?
~/tcng$ cat htb
/*
*/
#include "fields.tc"
#include "ports.tc"
dev eth0 {
htb ( ) {
class ( rate 600kbps, ceil 600kbps )
{
2004 Aug 09
4
Duplexing
The recent thread titled:
working ftp shaping, i think
provided a script example where 100Mbps was specified as the rate for a
typical NIC.
If that NIC is connected to a switch, chances are that it runs at
100Mbps in each direction concurrently - duplexed Writing a rule that
specifies a 100Mbps rate and thereby a 100Mbps ceil, limits the
connection to half the available bandwidth.
I
2006 Apr 10
2
I dont want to shape a host
Hello all,
I am still reading about my QoS rules and I need that one of my
servers (that is into my LAN but has an routing ip address) did not get
into the qos rules I have. So I want that all traffic coming or going to
that specifc host did not get shapped by any traffic control and do not
get even into a QoS class. How can I do this?
Att,
Nataniel Klug
2006 Apr 14
3
Shaping per IP in PPPoE borrowing or sharing Uplink or Downlink
helo again. I think this question i am asking is worth:
we know that pppoe-server creates a pppX device on each connection done
to it.
So, when i have to shape, i have to shape each pppX connection device on
itself alone.
What i know is that the borrowing method on one device by itself, e.g.
ppp0, alone using HTB or the like. this means that i have to create for
another device, e.g. ppp1,
2004 Aug 05
1
marking passive ftp and shaping
I am trying to mark outbound passive ftp traffic with iptables and shape
it to 35KBytes. I am using the following script on the computer that
runs the ftp server.
It is not working correctly, it seems to limit ALL traffic. Cant file
share or anything.
Anyone might know what is wrong?
#!/bin/bash
#shaping passive ftp traffic
# mark the outbound passive ftp packets on ports 50000-51000