similar to: Questions regarding CONNMARK

I do not how to use match string to deny kazaa traffic, if I put the word kazaa only http content is deny but the kazaa aplication is running, are there special commands to match string? thanks _________________________________________________________________ Charla con tus amigos en línea mediante MSN Messenger: http://messenger.microsoft.com/es

Dear. folks I want to shaping FTP traffic. I can get following information from Stef Coene's Homepage, www.docom.org. "Ftp uses random ports, so matching the data traffic is not easy. However it can done if you use iptables to mark ftp-data packets and use that mark with the fw filter. For more info see http://home.regit.org/connmark.html. " General information about the conntrack

Hi all! On http://lartc.org/howto/lartc.adv-filter.html I read that a classifiers available bases the decision on how the firewall has marked the packet and on http://lartc.org/howto/lartc.qdisc.filters.html the following example: "tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:1" "iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6" My

Hi, as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html ), it says "Use of this feature requires that your kernel and iptables include CONNMARK target and connmark match support (Warning: Standard Debian™ and Ubuntu™ kernels are lacking that support!)." it means MultiISP wont work properly if i am using Ubuntu server. if yes whats the

Hello everybody. i have the folowing problem: i have this in the top of PREROUTING chain in mangle table iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 0 # rule 1 iptables -t mangle -A PREROUTING -m connmark --mark 5 # rule 2 iptables -t mangle -A PREROUTING -m connmark --mark 6 # rule 3 i think when packet is passing trough my POSTROUTING in mangle table

I saw this snippet from Daniel Chemko dchemko@smgtec.com Mon, 31 May 2004 09:30:43 -0700 # Egress marking (mostly for QOS operations) iptables -t mangle -A POSTROUTING -j CONNMARK --restore-mark iptables -t mangle -A POSTROUTING -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A POSTROUTING -o ${if_inet} --dport 21 -j MARK --set-mark 0x111 iptables -t mangle -A POSTROUTING -j CONNMARK

Hi guys, I have a mail server running qmail with two network interfaces. All packages comes from the first one and I want to mark outgoing packages to route them using the second interface (ADSL). I have write this script, but it ins''t work. All packages are returning by the first interface... :-( x-x-x # Tables, networks, interfaces, addresses and gateways IF1=eth0 T1=100

Hello In the LARCT how-to subitem: 4.2.2. Load balancing the following phrase says: "" Instead of choosing one of the two providers as your default route, you now set up the default route to be a multipath route. In the default kernel this will balance routes over the two providers. It is done as follows (once more building on the example in the section on split-access): ip

I am trying to get IPP2P working on my router. Thus far I can see connections being marked (see below), but they don''t seem to get saved or something. When looking at /proc/net/ip_conntrack, nothing has anything other than 0 for mark. The iptables commands for this are: iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

Hi, I''ve been implementing a load balancing solution using CONNMARK, based on solution described by Luciano Ruete at [1]. Gracias por el post y por apuntar en la dirección correcta Luciano! Once implemented, I''ve found that due to some reason packets aren''t properly marked (or improperly remarked) and sent out using the wrong interface. My topo setup is:

https://bugzilla.netfilter.org/show_bug.cgi?id=1128 Bug ID: 1128 Summary: ip6_tables connmark or connlabel never matches Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: SuSE Linux Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel)

Hello! Maybe someone needs connmark and connbytes working together? See attached file compatible with pom-ng-20040621 (I called it connmarkbytes :)). Kind Regards, Tomasz Chilinski

Using R v. 1.7.0 on Windows 2000 I would like to plot the fitted values of a model as a function of a continuous covariate, augmented with data (e.g., augPred) grouping by combinations of fixed effects. I have not been able to use augPred effectively, and am wondering if it does not handle unbalanced data (3 out of 192 missing). I include below the model and an xyplot that almost does the

Hi all && happy new Year ;) I''m try to made a script for shaping my outgoing traffic, but it doesn''t work fine. The script work good if all packets go thru the default class, but, if I try to send packets by other class, the packes doesn''t go by this class go also by the default class. This script is installed in a router linux with ip masquerading for the

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hi All, It''s an old problem and still isn''t fixed :( I need the connection marking support to enable the triplet of ISP''s we use. However, I downloaded the latest 2.6.22.1 kernel, made an RPM and installed it. I see the following kernel modules (which looks promising): /lib/modules/2.6.22.1/kernel/net/netfilter xt_connmark.ko xt_CONNMARK.ko Which yields the

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Im getting into tc. How can I control P2P (peer to peer) traffic??? which filters??? any ideas??? Hugonik

I'm trying to config Samba PDC using: The Unofficial Samba HOWTO but error apeared: The following error occurred attempting to join the domain MYDOMAIN: The specified network password is not correct I tried: Use Window's Group Policy Editor (gpedit.msc) to make the following changes in the Local Computer Policy\ Computer Configuration\ Windows Settings\ Security Settings\ Local