similar to: CONNMARK problem

Hello all, this is my first post here. Sorry for my english. Gentoo LAN router, 2.4.26-hardened-r2 There are 2 WAN links, one LAN link. I am doing some iptables/routing/tc magic in my scripts. What''s interesting is marking packets traveling from all IP''s in LAN. Interesting commands are: ------------- for ip in `seq 50`; do $IPTABLES -t mangle -A FORWARD -o eth2 -d

I was trying to install iproute2-2.2.4. I get an error when i run the makefile. I get a parse error in /usr/include/arpa/inet.h. Can someone help me? Thanks. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Dear all, I know this is not imq mailing list. But many of the users over here have done exactly what i want. Requirement:- I want to tight bound eth1 for 100 kbps but after i want to create many classes of 64 kbps or 50 kbps and others. But the total sum of classes is more than 100 kbps so my eth1 is not restrciting total bandwidth at 100kbps. According to search on google imq is the solution.

Hi folks. Let''s say I would like to make some bandwidth control on my network using HTB. I have 2 clients: PC1: 192.168.100.2 PC2: 192.168.100.3 Server: 192.168.100.1 This has 2 NIC''s eth1 is local and eth2 is connected to the internet. It could be nice to have a script, where you could specify, how much bandwidth you want for a specific host on a network, like, PC1 has

Hello! Maybe someone needs connmark and connbytes working together? See attached file compatible with pom-ng-20040621 (I called it connmarkbytes :)). Kind Regards, Tomasz Chilinski

Hi All, Does anyone know of a way to limit the speed of *individual* TCP sessions, but without placing any overall bandwidth limits, and without requiring an explicit QoS entry for every ip address the machine is communicating with ? The scenario is a mailserver - say you want to limit individual TCP sessions (pop3, smtp etc) to no more than 512Kbit so that an individual session

I saw this snippet from Daniel Chemko dchemko@smgtec.com Mon, 31 May 2004 09:30:43 -0700 # Egress marking (mostly for QOS operations) iptables -t mangle -A POSTROUTING -j CONNMARK --restore-mark iptables -t mangle -A POSTROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A POSTROUTING -o ${if_inet} --dport 21 -j MARK --set-mark 0x111 iptables -t mangle -A POSTROUTING -j CONNMARK

I am trying to get IPP2P working on my router. Thus far I can see connections being marked (see below), but they don''t seem to get saved or something. When looking at /proc/net/ip_conntrack, nothing has anything other than 0 for mark. The iptables commands for this are: iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j

Hi there, i have some questions regarding CONNMARK and STRING modules for netfilter. I have a stateful firewall doing contraking, because i have two dsl connections doing load balancing. I have found a way to discriminate KaZaA traffic flowing via port 80 from normal HTTP traffic using the string match. I want to mark a kazaa connection and filter ir to a specific qdisc. I have been looking

Hi, as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html ), it says "Use of this feature requires that your kernel and iptables include CONNMARK target and connmark match support (Warning: Standard Debian™ and Ubuntu™ kernels are lacking that support!)." it means MultiISP wont work properly if i am using Ubuntu server. if yes whats the

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

https://bugzilla.netfilter.org/show_bug.cgi?id=1128 Bug ID: 1128 Summary: ip6_tables connmark or connlabel never matches Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: SuSE Linux Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel)

Hi, is there a good howto for a Linux VPN-Gateway using racoon and IPSec provided with the actual kernel 2.6.9? Also one for how to set up a connection to the gateway using Windows XP and the client shipped with it? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi All, It''s an old problem and still isn''t fixed :( I need the connection marking support to enable the triplet of ISP''s we use. However, I downloaded the latest 2.6.22.1 kernel, made an RPM and installed it. I see the following kernel modules (which looks promising): /lib/modules/2.6.22.1/kernel/net/netfilter xt_connmark.ko xt_CONNMARK.ko Which yields the

What I need to do: shape every user on my LAN to 256Kbit -- class for web trafiic with rate X ceil 256Kbit -- class for other(p2p) traffic with rate 1Kbit ceil 200Kbit This is good because even if they have p2p programs running they will always have fast web surfing. I can do it with bash scripts - one class per ip with 2 children. But I wonder if something like this would work: # class

-----Original Message----- From: Salim S I [mailto:salim.si@cipherium.com.tw] Sent: Thursday, May 10, 2007 5:22 PM To: ''Francis Brosnan Blazquez'' Subject: RE: [LARTC] Load balancing using connmark "I think the main advantage of shorewall solution is that it applies connmark to incoming packets from the wan as you point, leaving load balancing to outgoing connections to the

Correct me if I''m wrong, I just want to help my friend who needs a tc solution with fairness to hosts on a 512K/s DSL line, but few of them should be restricted to 64K/s I thought about htb + esfq (sfq with ip based fairness, not connection) parent class with CEIL=500Kbit (no RULE? see *1) and attached esfq to this parent class, now child class with CEIL=64Kbit and RULE=10.0.0.1

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hi, I want to classify with ipp2p packets that I''ve captured with tcpdump. I send the packets with tcpreply. I had to create a bridge interface in order to enable the listening interface in promiscous mode and to classify the traffic mirrored to that. In this mode the traffic pass through the prerouting chain of the mangle table (on bridge). I want to used connmark for recognized flows,