similar to: nat on teql devices

Okay here is my setup: Gentoo Box running 2.6.4 w/ 4 NICs 1 NIC is for internal network 3 NICs are for external network The machine has a static address assigned to the internal network nic. This nic runs dhcp and dns forwarding. The other 3 nics have external dynamic IP addresses. All will have the same gateway. There are 3 NICs because this is a very large pipe, that will only allocate a

Suppose: ipchains -A forward -s inside_net -d 0/0 -j MASQ -m 100 (similar setup with iptables: iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j SNAT iptables -A PREROUTING -t nat -s inside_net -d 0/0 -j MARK --set_mark 100) eth0 = outside iface eth1 = inside iface now: tc filter add dev eth0 ... handle 100 fw should catch packets marked by the above rule in ipchains (iptables). Ok. When

Thanks in advance! Summary: when I load netem and teql together, teql doesn''t work correctly. (If I load teql only, everything is fine) I loaded both netem and teql. Netem is associated with eth0, and teql is associated with both eth0 and eth1. But traffic only goes out of eth1. Attached are the commands that I used to configure teql and netem (on machine 1), and commands to

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=55 Summary: ICMP translation problem with local NAT Product: netfilter/iptables Version: linux-2.4.x Platform: other OS/Version: other Status: NEW Severity: normal Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org

Hello, on my old system I''m using ipchains. Can anyone help me with converting rule /sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp to shorewall. I know that I can write eth0 source_addr to /etc/shorewall/masq file but I can''t found where I can specify the destination address. The reason for this is to allow one user (computer) access only to

Hi there, I have two ethernet connections of 2Mbit/s each and I''m trying to add them together to one 4Mbit/s connection but I cannot get more than approximate 1Mbit/s! My setup: I have a LAN (10.2.18.0/24), connected to a larger network (10.0.0.0/8) by two WAN-connections with 2Mbit/s each. On each end I have a Linux router. I first setup the routers to use TEQL with one of the

Dear Tinc Experts, I have been struggling for some time now, with Tinc pre3, and firewall rulesets and routing. I did once manage to get Tinc to work okay in a test-bed environment. I then tried to set it up for a 'real-life' setup and cannot get it to work properly. My real-life setup looks like this: Network A: 192.168.1.0 / 255.255.255.0 192.168.1.7 tap1 device gateway >

Hi! Progress is much better now with my new install with not many problems left! I just have a simple - I hope - question. I have a few users that need access to the net via masquerade rules. The rest have to go via squid on the firewall. That all works well. I also have two windows servers that also need access to the net but they have to each use a specific outgoing ip address. I add two

I am having problems making RTSP connections to a Windows Streaming Media Server (ie "connecting to media...." but WMP never connects). There are no error messages in /var/log/messages. It was suggested to me that SNAT might perform better than MASQ in this respect. I edited my shorewall/masq file as such: eth0 eth1 12.34.56.78 or should it be? eth0 10.0.0.0/24

Hi, All Sorry for English But I need new ideas for my problem I have a local network, server with 2 Internet channels Local computers connect to server via VPN. Task: some users go to Internet through first Internet channel other through second. System Suse 9.2, kernel 2.6.8. I read iproute documentaion and configured routes. Ping from server go through 2 channels. ping -I eth_inet1 www.ya.ru -

Hi all, I want to implement a "weighted" teql that can send packets to interfaces based on their "weights". To do this, I want to create multiple virtual network interfaces, and add them to teql. Since teql will send packets to each interface in a round-robin way, a weighted teql is achieved (my guess). I already have two physical network interfaces, eth0 and eth1. I

Hi Tinc Mailing-Group, I am a bit stuck with firewalling rules at the moment. Maybe someone could please advise me a good rc.firewall script to use on my setup. If anyone runs an ipchains firewall script on their linux box which is ALSO running tinc, could they please mail it to me, for my perusal. I have tinc pre3 set up and working on my systems, however I can only get it to work if I set the

Hi everybody, I want to do the following setup : | | Tun1 - Link 1 | Tun1 | | Router A | teql | INTERNET Link - | | teql |router B | | Tun2 - Link 2 | Tun2 | | This should permit to agregate Link 1 and Link 2 (less the cost of the encapsulation). The two tunnels are GRE ip tunnel. It seems to work fine

Hi, i have a following problem. Looks like this ROUTER --------------DEF.GWa aaa.aaa.aaa.aaa | DEF.GWb bbb.bbb.bbb.bbb | ---------------- -------------------

Hello list, I''d like to use teql with tap devices (two OpenVPN tunnels). This works, but the doc /usr/src/linux-<version>/net/sched/sch_teql.c says: "1. Slave devices MUST be active devices, i.e., they must raise the tbusy signal and generate EOI events. If you want to equalize virtual devices like tunnels, use a normal eql device." I can''t find if tap devices

Hi! We have 2 lines with 2 mbit each. I have to set up a configuration like the following: - if both lines work, grant 3 mbit to a web service running on a server in our DMZ - if one line fails, grant all the remaining 2 mbit to that service - if the service doesn''t need all the bandwidth, use the remaining for other services I read through the HOWTO, and figured out that I need TEQL to

Dear Gurus, Can you please help/guide me with the following: I have 3 NICs in my Linux RH 9 (kernel 2.4.20) machine. (eth0, eth1 and eth2). I want to setup a 'link equalizer' (teql) between eth0 and eth1. This I am able to do with the required commands (using the utilities 'tc' and 'ip'). Now I need to setup a bridge between eth2 and this new interface

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this release: 1) Dynamic Ipsec Zones now work. 2) Output Traffic Accounting by user/group is supported (thanks to Tuomas Jormola). 3) The following negative test options are added in /etc/shorewall/ipsec and /etc/shorewall/masq: reqid!=<number> spi!=<number> proto!=esp|ah|ipcomp mode!=tunnel|transport

Hi, My friend uses ipchains with kernel 2.4.21 :) It''s funny but it''s true. The problem is that he marks the packets and after this the tc filter doesn''t catch them. ipchains -A input -s 192.168.1.41/28 -j ACCEPT -m 0x2 -t 0xff 0x2 ipchains -A forward -s 192.168.1.41/28 -j MASQ -m 0x2 ipchains -A input -s 192.168.1.240 -j ACCEPT -m 0x3 ipchains -A forward -s