similar to: iptables

Hello Iam using RH 7.1 and want to control the down stream bandwidth the set up is --------------------------- eth2 | Linux | eth0 Internet -----------------------| box | ---------------------------- LAN 172.16.1.185 |

Hi all iam trying to deploy loadbalance and failover My setup description --Fedora Core 4 --Linux 2.6.12.3 #1 SMP Mon Jul 25 22:37:34 IST 2005 i686 i686 i386 GNU/Linux --tc utility, iproute2-ss050314 --ip utility, iproute2-ss050314 --iptables v1.3.0 And i had deployed Following configuration #table main with priority 50, the highest one ip rule add prio 50 table main #table 201 ip rule add

Hi all and tc Gururs i have patched the IMQ and htb to kernel, but when i do egress filtering, iam not able to see any traffic and excusted the following the commands modprobe imq numdevs=1 tc qdisc add dev imq0 handle 1: root htb default 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 100kbit tc qdisc add dev imq0 parent 1:1 handle 10: htb default 1 tc class add dev imq0 parent

Hi iam running FEDORA, i have installed Source of iptable 1.2.9 with the patch layer7-iptables patch done with out any errors and i applied patch in kernel to the layer 7 patch and i have select the required option by doing make menyconfig done make dep make bzImage make modules make modules_install make install and rebooted with customer kernel when i type iptables -t mangle -A

Hi all!! I was trying to figure out how iptables marks work. I thought that a packet could just be marked once into a chain (if the packet matchs the criteria, then it the action is applied, and that''s all for the packet into this chain), but I was wrong: I did iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 7 iptables -t mangle -A INPUT -i eth0 -j MARK --set-mark 8 and then

Hi, I been trying on ip rule fwmark and iptables MARK. I will show my testing in detail, but my ultimate question is why ONLY marking in Mangle OUTPUT tables works, but not others? Network Diagram ------------ 192.168.250.197 eth0 LINUX ROUTER eth1 192.168.8.88 ------------------ 192.168.8.112 eth0 Windows XP Client Steps (performed on LINUX ROUTER) (1) Delete route to 192.168.8.0 from

Hi all Iam running FC1 with htb and tc, with iptables my setup with vlan trunking with linux box, and using cisco switch with fc1 iam able to run this config with b/w control well now i have upgraded to fc2 and tried fc3 also with out any b/w restrictions iam able to browse the sites very smoothly and able to access all the sites with out any problem when i introduce the Qos rule with 1 PC

Hi folks, I have a strange situation. When I add branches to the tree, everything goes to the default class. The error might be obvious, but I cannot find it. I would really appreciate your help. this works, nothing goes to "1:9999": ############################################################################# /sbin/iptables -F -t mangle /sbin/tc qdisc del dev eth1 root >

I just wrote this to assist some Red Hat folks understanding what libvirt does with iptables, and thought it is useful info for the whole libvirt community. When I have time I'll adjust this content so that it can fit into the website in relevant pages/places. Firewall / network filtering in libvirt ======================================= There are three pieces of libvirt

Hi I have tested with FC3 but iam not able get any good results on that. in the list some one recomend me that > 3.17 HTB should work I saw latest FC4 test2 has the HTB 3.17 with iptables 1.3.0 i have install in my P4 box, and trying to test when iam uploading its working perfect, but when iam downloading its going to default class can some one experinced the same problem below is the my

I have the need to modify the behavior of the virtual network driver's behavior and how it deals with routed networks. I'm running libvirt-0.8.3-2.fc14. According to http://libvirt.org/firewall.html, the following is automatically added to the FORWARD chain of iptables when a network type of "routed" is started up: "Allow inbound, but only to our expected subnet.

Hi all, I am having a small problem with netfilter on Linux kernel 2.6.11.4. It seems not all packets are hitting the pre-routing chain. In pre-routing, I have the following rules: $IPTABLES -t nat -A PREROUTING -i $IF_OUT -d 10.50.18.22 -j DNAT --to-destination 192.168.1.22 $IPTABLES -t nat -A PREROUTING -i $IF_OUT -d ! 10.50.18.21 -m limit --limit 5/second -j LOG --log-prefix

dear all iam newbie , i have 256 kbits of down link and 64 kbits of up link iam using squid and htb i have got this while browsing the net , there are some few issues i need help while running the script i want browsing to be as fast as possible , uplink especially kaaza should not eat my band width. eth1 got public ip address and eth0 is internal with network 10.0.0.0/24 iam also using nat

I''ve compiled my kernel (2.6.12.3) and iptables (1.3.3) and now -m layer7 option from iptables works (i don''t get any error when run the iptables command with -m layer7). The problem is that no packet is matched. For example iptables -A INPUT -p tcp -m layer7 --l7proto http -j ACCEPT doesn''t match http packets. The same for dns and ssh. So, what am I doing wrong? Is this

Run this as one process: #!/bin/sh while [ 1 = 1 ]; do iptables -t mangle -F chain1 iptables -t mangle -X chain1 iptables -t mangle -N chain1 || exit 1 done Run this as another process: #!/bin/sh while [ 1 = 1 ]; do iptables -t mangle -F chain2 iptables -t mangle -X chain2 iptables -t mangle -N chain2 || exit 1 done and you get: iptables: No chain/target/match by that

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=467 mateusz@kaduk.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From mateusz@kaduk.net 2006-10-01

Hi All, I want to create chains to mark bag packets. my firewall has 3 network cards. eth0 - connected to internet. eth1 - connected to DMZ eth2 - connected to LAN eth0 only accepts SSH (tcp -port 22) and ICMP for pinging.. If it gets anything other than that, I want to create a new chain and log and DROP . what are the suitable rules for it? what about the below rule? iptables -A

Hi all Its been long time i have sending this message to this news group but i could not get proper responce from the authors or any experts that, is that bug or only the problem with my ssytem iam tryin this config with FC iptable 1.3.0 and latest TC tc utility, iproute2-ss050330 htb 3.17 iam trying past 2 weeks and digging all googles but could not able to come to conclusion whats wrong

Hi Is there a program which allow me to see how "my" traffic goes through my iptables rules? Which accept it, which deny? Right now my router has a little bit of traffic and its hard to see only mine traffic. -- Miłego Dnia Krystian Antoni _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

I have many iptables setmark commands, but as soon as there is one match, I would like to skip all the rest. How to do this. -------not-working-not-mark-zero-is-not-accepted--------- iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A PREROUTING -m MARK ! --mark 0 -j ACCEPT iptables -t mangle -A PREROUTING ..... -j MARK --set-mark ..... iptables -t mangle -A