similar to: RPDB && routing locally generated (and marked) traffic

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

Hello all, I do not read C very well (especially kernel C). Though I have tried to muddle my way through an understanding of what''s going on in fib_hash.c, fib_rules.c, and route.c, I have not succeeded to my satisfaction, hence my post. I''m trying to document the general process of route selection, and have come up with the following overview. Could somebody point out any

Hi all! I try to make port based routing, because a have two connections to the internet. My router is a "one disk floppy router for linux". It is a big router project www.fli4l.de. I try also to make a opt, it is like a plugin for this router. This project uses Kernel 2.2.19 compiled with libc5 (because it is small and you can use one floppy disk). At the moment, iproute2 is not

Hello all, I am going through the LARTC howto to understand how the iproute2 works. But some concepts like Policy Routing, RPDB etc are not clear to me. I am pretty new to iproute, beeing using route command for long... From what I understand 1. rules (ip rule) tell how to select packets for routing and route (ip route) tell where to route the selected packets. 2. A collection of rules is

Hello, everyone! I would like to solve the following problem. Btw, I''m terribly sorry about the pseudo-asciiart, but that''s all I can paint as a tropology. I''m hoping it''ll be enough. ----Internet---- | | | eth0 machine A routing+ipchains eth1 | ------------------ machine B So, given I''m running kernel 2.4.19 and using ipchains

Hello list members, I notice here that the --server option is listed as undocumented. http://rsync.samba.org/rsync/fom-serve/cache/88.html My question is that the --server option is not documented, and I'd like not to build functionality into one of my systems without trusting that it will be there in the future. I was able to find the --server option simply by watching the rsync entries

Martin, If I understand whay you are suggesting, there is a problem in your design: It will only work if you use Hide NAT. The problem is that the ip_src == IP0 rule is wrong: The ip_src is not changed by the router and it is not equal to the IP of any of the machine interfaces. Can you think of a solution that will work in the following reasonabl scenario: Lets say I have two T1 internet

Hello all, This is just a self-aggrandizing note to inform you all that my rather brief introduction to traffic control using tcng and HTB is available now on TLDP. http://tldp.org/HOWTO/Traffic-Control-tcng-HTB-HOWTO/ I welcome any criticism. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list /

Hello LARTC readers, I have completed a generic diagram of a linux traffic control scenario with HTB. I believe that the diagram is substantially accurate, although I''d like feedback from others. I will (eventually) be annotating the diagram in a separate HTML page, and would welcome any suggestions for annotations. Naturally, the annotation will have to cover some of the key

Greetings all, I have tried to find a discussion of the removal of support for the PROMISC interface flag with the iproute2 tools. - it used to work (iproute2-2.2.4-$ANCIENT) - there''s a comment about it in the iproute docs [0] - (un-)setting the flag with ifconfig still works Can anybody point me to the discussion (linux-net, maybe?) where support for setting the PROMISC flag

Hello all, Summary - - - - - - - - - - I am looking for suggestions, solutions, and assistance with a problem involving Windows XP in a samba-2.2.7a workgroup with domain logons and no PDC. Other WinXP clients don't seem to be affected, so I'm endeavoring to isolate what the problem could be. Detailed Notes - - - - - - - - - - - I have a windows XP client. It was once a Windows XP

Hello all, My question: - - - - - - - Does anybody know when the reverse path filtering occurs as the packet traverses the kernel? Does it happen before NF_IP_PRE_ROUTING (PREROUTING) or not? Does it only happen at route selection time? What I have tried to do to find the answer: - - - - - - - - - - - - - - - - - - - - - - I find a posting (from many years ago) [0], which suggests that this

I have two adsl lines on my linux firewall box and i want to do some load balance between them...i tried a lot of different things, but it isn´t working...Following the instructions of http://lartc.org/howto/lartc.rpdb.multiple-links.html i used the configuration above. using "iptraf" I can see some few packets using the ppp1 connection, but almost all the packets use ppp0 connection.

Newbie here... tcng version 10b I''m just learning about htb and using tcng. I am trying to make the example in Martin A. Brown''s Traffic Control with tcng and HTB HOWTO v0.5 example 2 /* * Simply commented example of a tcng traffic control file. * * Martin A. Brown <mabrown@securepipe.com> * * Example: Using class selection path. * * (If you are reading the

Hello all, Tomas Bonnedahl and I recently corresponded about a rather odd behaviour with routes in ancillary routing tables. We both receive a "Network is unreachable" error when we try to add gatewayed routes to ancillary tables and the main routing table does not contain an entry for the gateway IP. It seems that unless a route to the gateway IP exists in the main routing table, I

Hi Tinc Mailing-Group, I am a bit stuck with firewalling rules at the moment. Maybe someone could please advise me a good rc.firewall script to use on my setup. If anyone runs an ipchains firewall script on their linux box which is ALSO running tinc, could they please mail it to me, for my perusal. I have tinc pre3 set up and working on my systems, however I can only get it to work if I set the

Dear Tinc Experts, I have been struggling for some time now, with Tinc pre3, and firewall rulesets and routing. I did once manage to get Tinc to work okay in a test-bed environment. I then tried to set it up for a 'real-life' setup and cannot get it to work properly. My real-life setup looks like this: Network A: 192.168.1.0 / 255.255.255.0 192.168.1.7 tap1 device gateway >

To all those that wanted to know how I was filtering particular ICMP packets here is a few snippets from my firewall script which is based on one by Ian Hall-Beyer. I hope this helps you get started. Also note the output of the command: ipchains -h icmp Shawn Mitchell mentioned blocking all ICMP echos and especially broadcast echos. Perhaps he''d care to elaborate with a similar

Moat of the advanced persistent threats (APT) are initiated via e-mail. Opening an attachment or clicking on a web link starts the process. Why isn't Firefox and Evolution confined with SELinux policy in a way that APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux? I've discovered some guidance for sandboxing Firefox using the

Hi -- I originally posted the following message about 2 weeks ago -- I don't mean to annoy but really need to solve this problem - if anyone can shed any light on the issue I'd greatly appreciate it. Since the original post, we've run the application with its data on network drives shared from 95, NT, and Novell, and all work fine, as does saving locally. It only fails on a