similar to: RE: RE: firewall

I saw this snippet from Daniel Chemko dchemko@smgtec.com Mon, 31 May 2004 09:30:43 -0700 # Egress marking (mostly for QOS operations) iptables -t mangle -A POSTROUTING -j CONNMARK --restore-mark iptables -t mangle -A POSTROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A POSTROUTING -o ${if_inet} --dport 21 -j MARK --set-mark 0x111 iptables -t mangle -A POSTROUTING -j CONNMARK

Здравствуйте lartc-request, Friday, October 03, 2003, 8:44:37 AM, you wrote: lrmdn> Send LARTC mailing list submissions to lrmdn> lartc@mailman.ds9a.nl lrmdn> To subscribe or unsubscribe via the World Wide Web, visit lrmdn> http://mailman.ds9a.nl/mailman/listinfo/lartc lrmdn> or, via email, send a message with subject or body ''help'' to lrmdn>

Hi, Partly because I never like straightforward solutions, I am looking to implement a non-standard failover system that owes its origins to mixing RAID 5 with some beer. The idea is to have machines A, B and C, configured as follows: 1) Any given process is running on TWO machines at the same time. If a process or machine fails, then a new backup is started on the third machine. There is thus

What about some sort of DNAT redirection with iptables? - Greg -----Original Message----- From: Tobias [mailto:medlor@web.de] Sent: Friday, April 19, 2002 8:18 AM To: lartc@mailman.ds9a.nl Subject: Re: [LARTC] Routing based on source port - Solution ? Hello bert I have the same problem and tried all possibities i know. "ip rule" in fact doesnt route based on port because IP

I have found this problem while trying to see the active rules on IPTABLES: [root@worf root]# iptables --list /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or resource busy Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters /lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/ip_tables.o: insmod

hi When compile kernel 2.6.8.1 with imq patch the following message is print: net/ipv4/netfilter/ipt_IMQ.c: In function `imq_target'': net/ipv4/netfilter/ipt_IMQ.c:19: error: structure has no member named `imq_flags'' what is that? when patch the kernel no problem message. the patch is linux-2.6.8-imq-3.diff i''m scan in google but nothing found Thanks

Hi all iam trying to setup Dual gate using Julian patch DGD, but when i try tp patch to my kernel with fedora iam getting the following eroor can some one suggest me what is wrong or i need a latest patch for fedora [root@linux-2.4.22-1.2115.nptl]# patch -p1 < /root/update/update/routes-2.4.20-9.diff patching file include/linux/netfilter_ipv4/ip_nat.h patching file

hi, i cant get the -j IMQ on netfilter. The module is loaded Module Size Used by Tainted: P ipt_IMQ 768 0 (unused) imq 1912 0 (unused) but i cant find the object in /usr/local/lib/netfilter/*imq.so i tryed recompiling manualy iptables but it didnt work to. what could it be? im using iptables 1.2.8, kernel 2.4.20. Thanks!

I have a linux box with kernel 2.4.22 and iptables 1.2.9 First, i patch linux kernel with Norbet Buckmuller''s .diff #cd \usr\src\linux #patch -p1 < imq-combo-debian-2.4.22.diff All correct Second, i -try to- patch iptables (following www.linuximq.net/faq.html) #cd /usr/src/linux/net/ipv4/netfilter I edit IMQ.pom-ng.patch and replace $KERNEL_DIR with /usr/src/linux #patch

hi i am running Debian/GNU Linux with 2.4.26 kernel and radius server my kernel conf looks like this <*> Packet socket [ ] Packet socket: mmapped IO < > Netlink device emulation [*] Network packet filtering (replaces ipchains) [*] Network packet filtering debugging [ ] Socket Filtering <*> Unix domain sockets [*] TCP/IP networking [*] IP: multicasting [*] IP: advanced

Hi; First, sorry if this question is mostly netfilter related, than lartc, but I think you guys may have a your opinion about this. I''m using Linux 2.4.x with netfilter packet filtering / NAT on our front-end firewalls (P500 with 1Gb RAM), which are filtering traffic going to our Public Web Sites. The traffic is growing very fast since several months.. The average traffic filtered by

lartc-request,hello! 　　 I find a line in tbf_change() in sch_tbf.c: ptab = xchg(&q->P_tab, ptab); Can I consider that the pointers are exchanged between q->P_tab and ptab? as following: prev=q->R_tab; q->R_tab = rtab; rtab = prev; Is my understanding righ? ======= 2002-03-23 12:01:00 you wrote:======= >Send LARTC mailing list

Firstly... sorry to those of you on both the netfilter and lartc list who''ll end up with this message twice... I am trying to find out what kind of latency I can expect when dNAT''ing UDP packets on (probably) a mid-range P3 server, 32-bit 33MHz PCI bus with Intel EEPro NICs. It''ll most likely be running whatever the latest 2.4 kernel will be at the time, unless there

Hi, First, never compare a linux box with a cheap and dumb broadband router. I''m not sure if i understand very well your scenario but I asume is like this: 192.168.0.1--------- -----------| ipsec | | --------- 128.X.X.X --------- 192.168.0.254 | ISP ----------| linux |------------------| --------- | ---------

Dear Friends, Does anyone know any kylix source which use netfilter API? what about some "simple" C examples? (I have seen libiptq man page ;) ) I want to write a program (with kylix if it is possible)to monitor the traffic of an IP address and whenever its credit is over (which will be calculated againts the traffic) simply reject any traffic to/from that IP, any idea or clue ? Thanks

Interesante !! lo probaste con 2.4 ? o 2.6 ? -> -----Mensaje original----- -> De: Esteban Ribicic [mailto:esteban@dejawu.com.ar] -> Enviado el: Lunes, 02 de Febrero de 2004 08:11 p.m. -> Para: ''ThE PhP_KiD'' -> Asunto: RE: [LARTC] limiting p2p -> -> -> Probaste layering 7 matching? -> -> -> -----Mensaje original----- -> De:

Howdy all, I posted this message to the netfilter mailing-list and didn''t get much response. I apologize if anyone here is getting this for a second time. Anyway, I recently migrated my firewall from a FreeBSD box running ipfilter, ipnat and dummynet to a Gentoo Linux box running netfilter and tc. I have to admit that I''m having problems visualizing tc in my head. So, I was

Hey everyone, OK, not sure if this is more appropriate on the netfilter mailing list, but here it goes. This is a weird setup that is out of my company''s control. We have a webserver setup which will be contacted by several clients with different ip. All of these client ip must be translated to the same ip. The problem is this all has to happen on the same box. So before the

hallo the patch described at http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.html#ss3.5 works for the FORWARD chain as well ? thanks, petre -- Petre Bandac Network Scientist - petre@kgb.ro _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hi, I''m trying to share internet on a LAN I''ve a linux router with SQUID (with ZPH support) + FAIRNAT The idea is: - fairness sharing internet - priorize interactive traffic - if a web object is on squid-cache (HIT), user can download it, with a rate = LAN rate I''ve: - Last Fairnat Script: www.metamorpher.de/fairnat/ - SQUID 2.5STABLE5 with ZPH patch