similar to: [Bug 1271] New: iptables-restore may double-lock when using --table

On 19.02.2015 11:58, Niki Kovacs wrote: > Hi, > > I just migrated my office's server from Slackware64 14.1 to CentOS 7. So > far everything's running fine, I just have a few minor details to work out. > > I removed the firewalld package and replaced it by a simple Iptables > script: > > > --8<---------------------------------------------------- >

Hi, I just migrated my office's server from Slackware64 14.1 to CentOS 7. So far everything's running fine, I just have a few minor details to work out. I removed the firewalld package and replaced it by a simple Iptables script: --8<---------------------------------------------------- #!/bin/sh # # firewall-lan.sh IPT=$(which iptables) MOD=$(which modprobe) SYS=$(which sysctl)

Hello, I have a problem with my GNU/Linux router. I mean, I am trying to configure a VPN conection for the clients of the LAN and allow to connect them to the Internet trought the router. I have installed in the server a QoS policy and I have configured the firewall for allowing all the clients to connect. I attach the script. The idea is that when a client connect this pc the dhcp gives him an

Hello guys I don''t know if this thing has been posted before (if it was , please forgive me). I have 7 computers at home and I want all of them to have access to the internet. In order to do that , I set up a linux router (2 network cards) as a usual router (eth0 : 82.77.69.75 - internet connection ; eth1 : 192.168.10.1 - local network) . The other computers have ips ranging from

OK - this is starting to get frustrating... Are there any known issues with 2.6.9 and traffic shaping? I am using 2.6.9 with geoip 20041115, and get odd oopses. The following script oopses my box: ----------------------------------------------------- #!/bin/sh -x IFOUT=''eth1'' IFIN=''eth0'' TC=''/sbin/tc''

Hello all, I am trying to configure a linux box to make some QoS into my netowork and, at the same box, control my clients bandwidth. I have this classes created: ---------------------------------------------------------------- UP="eth0" # wan infocontabil DL01="eth2" # lan clientes $TC qdisc del dev $DL01 root 2> /dev/null >

Hi all i have big problem,I am newbie and my english is bad,but i know you can help solve my problem. I have box with gentoo,I live in latvia and i have 2 ISP: One isp gives me ip range from 62.85.71.1-62.85.71.15 (62.85.71.1 is gateway) but there is only latvian trafik - no other countries (link is 2 mbit Asinhronus dsl) and other isp who gives me one ip from dhcp adn there ios no trafik

This is a SER/Polycom question, but I hoped we may have some SER guru's here... I have a series of Polycom phones that are tying to register with OpenSER. The phone sends a REGISTER message, and OpenSER replies with Unauthorised (all normal). The phone re-sends the REGISTER with the credentials, and OpenSER sends Ok. Here's where it goes downhill. The polycom's appearance display

Le 11/03/2018 ? 13:09, Leon Fauster a ?crit?: > It is not a good practice to place domain names into iptables rules. Define > a custom table, place this table into your rule list (to stick at the right > place) and feed that table with the resolved domain names. This can be altered > while running in the case of changes (check resolving results periodically). I admit I've never

Hi. -j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don''t return in parent chain??? cause -j ACCEPT action accept the packet in the child chain and don''t return it to parent... example: ipt="iptables -t mangle" $ipt -N HTTP $ipt -A HTTP -j IMQ // after this packet packets go to -t nat tables? or // it return to parent chain (PREROUTING) in mangle?

Hello all, I am having some difficults to make a routing rule work. I want that every P2P packages go to one interface (eth2 - cheaper link) nad the rest of the traffic go to another interface (eth0 - frame relay very expensive). I am using this script to make the mark and balance: ------- #!/bin/bash IPT="/usr/local/sbin/iptables" IP="/sbin/ip" #---- # Declara redes #----

Hi, Another idea - but this gets complicated and with that, prone to faults - use a simple shell script to resolve the desired domains and keep their IPs in an ipset, then use the ipset in your firewall rules, this way you can keep your iptables rules static, your squid config static and simply add or remove IPs from the ipset. -- Sent from the Delta quadrant using Borg technology! Nux!

Hello guys, I am still in doubt about this kind of server. So my question is about the "prio" at routing tables like: I have 3 tables in /etc/iproute2/rt_tables: 201 201 202 202 222 222 In table 201 there is the rules about my internet link (frame relay) that comes into eth0. So I made this route into it: [root@ns2 iproute2]# ip route show table 201 default via

I have a server that I have to reach from 2 different networks, the Internet and another private network called downtown and I also have to reach from the server both networks. If I have one of the set of rules running, it works fine, but if I put both set of rules on, it doesn't work. below are my set of rules. Can anyone tell me a how this can be done? Here is the setup. mynetwork

As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future. Final Rev of working script w/ asterisk support I'm not going to run alchemy on production machines until it is stablish. Remember to set your uplink properly and to set

Hi, I'm currently facing a quite tricky problem. Here goes. I have setup Squid as a transparent HTTP+HTTPS proxy in my local network. All web traffic gets handed over to Squid by an iptables script on the server. Here's the relevant section in /etc/squid/squid.conf: --8<------------------------------------------------------------- # Ports du proxy http_port 3130 http_port 3128

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505 ------- Additional Comments From mbr@cipherdyne.org 2007-03-24 06:01 MET ------- I've tested the proposed patch against the iptables-1.3.7 source, and find that it works in the reported broken case: # iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG # ./iptables-save > ipt.out # ./iptables-restore

Just responding in case this may be of help to somebody with firewalling issues. Not sure if this is off on a tangent to the original question... Here are three different forms of common firewall scripts and ways of getting SIP to work behind them. The third one has some additional stuff beyond just SIP although I can't remember why I wrote it that way. I've been having no fun using

Is there a way to get asterisk to send you a email when it looses or an extension doesn?t re-register Roger Workman Business Development Upperclassman/Universal Holdings LLC Voice: 304.324.3800 Fax: 304.324.3801 ICQ: 4447584 Website: http://www.upperclassman.net Billing Questions: billing at upperclassman.net Rental Questions: rentals at upperclassman.net Maintenance: help at

i''m trying to limit my egress bandwidth over 2 interfaces (eth1 and eth2) to 2 Mbit my script is something like this: tc=/sbin/ip ipt=/sbin/iptables $tc class add dev imq0 parent 2: classid 2:4 htb rate 1845Kbit quantum 3000 $tc filter add dev imq0 parent 2: protocol ip handle 4 fw classid 2:4 $tc class add dev imq0 parent 2:4 classid 2:40 htb rate 0.5Mbit quantum 3000 prio 5 $tc qdisc