similar to: [Bridge] ARP spoofing.

Hi, I tried sending this earlier, but it didn't come through. Apologies if this appers twice on the list. I'm running bridging using the brouter setup described on this page: http://ebtables.sourceforge.net/examples.html "Making a brouter". The setup described there is like this: ifconfig br0 0.0.0.0 ifconfig eth0 172.16.1.1 netmask 255.255.255.0 ifconfig eth1 172.16.2.1

Hi, Sorry to bother you all. I have a typical problem sharing DSL upstream bandwidth with users. I have 3 types of traffic high-priority, medium-priority and low priority. My upstream rate is 960kbits. Traffic (any priority) can vary in bandwidth from 0 to 960kbits. I have a test setup where I can pump 600kbit of high priority sustained and I have 400kbit of low priority traffic sustained. I

https://bugzilla.netfilter.org/show_bug.cgi?id=1316 Bug ID: 1316 Summary: ebtables-nft support for broute Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables over nftable Assignee: pablo at

Hi, [sorry for the crosspost, I don''t know whether this is a routing or ebtables problem] I want to redirect all HTTP traffic passing through my bridge to a squid proxy on another machine. However, setting up brouting as suggested in the ebtables examples doesn''t work and the packets get dropped on the floor completely. /\/\/\/\/\/\/\/\ +----------------------+

I think I may have fixed my memory leaks, and it may be that it was nothing to do with xen... the machine has been up for 10 days now which is the longest it has lasted in quite a while. I changed the way the bridges and vlans worked together, previously I had it configured thus: trunk = renamed Ethernet interface br0 = bridge of trunk and any domU I wanted on vlan1 br0.2 = vlan 2 on trunk br1 =

Still learning Xen, and would like to know if it''s possible to run Squid in D0 when running in bridging mode. I have iptables and ebtables going, and am able to log packets with those, but can''t seem to get any traffic out of the bridge into Squid in D0 (or through iptables in D0, for that matter). Information I''ve gathered so far is that I need

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

Hi Michal, Am 17.01.2012 09:19, schrieb Michal Privoznik: On 16.01.2012 23:04, Marko Weber wrote: Hi Michal, i cant say the USEFLAGS, cause i removed at end the package, heres a cut of logfile /var/log/libvirt/libvirt.log 2012-01-15 19:48:11.960+0000: 21586: error : virCommandWait:2192 : Interner Fehler Child process (/sbin/iptables --table mangle --insert POSTROUTING --out-interface virbr0

Hi installed Debian with bridging enabled then I install squid. Squid work if I manually enter proxy setting in firefox. Then I ran the following to make it transparent: echo 1 > /proc/sys/net/ipv4/ip_forward ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPT iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80

Hi Rahul, If you're certain that your problem isn't as Stephen suggested, you might want to have a look at this: --- (From http://ebtables.sourceforge.net/brnf-faq.html <http://ebtables.sourceforge.net/brnf-faq.html> ) How do I let vlan-tagged traffic go through a vlan bridge port and the other traffic through a non-vlan bridge port? Suppose eth0 and eth0.15 are ports of br0.

Hello all, I am having some trouble getting a firewall filter to work with TC. I am actually setting the mark via EBTables (which is working as far as I can tell, I am also logging the packet and my syslog reports lots of marks): ebtables -t broute -A BROUTING -p ipv4 -i eth1 -s 08:00:46:60:B3:57 -j mark --set-mark 7 --mark-target CONTINUE --log --log-level debug --log-prefix "EBFW Mark

Hi all, This is my first post to this list. I hope someone can help me, I have been getting grey hairs trying to make this work! I have a bridge setup on a debian sarge box. The bridge is called br0 and sits between my cable modem and a non-name brand router/switch: [cable modem]----[eth1]---[br0]----[eth2]-----[no-name brand router] I have squid setup on the linux box and it works, I have

In the past when I said: ebtables -A INPUT -p 0x828 -j DROP !!DOES NOT WORK!! ebtables -A INPUT -p 0x800 -j DROP !!WORKS!! Group members told me that: > What you need to do is register your function > on the existing NF_BR_PRE_ROUTING hook, with a priority number lower than > that of the ebtables nat PREROUTING chain (prio=NF_BR_PRI_NAT_SRC). ebt INPUT | | ebt

Hi, First, some software versions, just to get them out of the way: - CentOS 5.x through Centos 6.2 - Ruby 1.8.5 - 1.8.7 - Puppet 2.7.19 - Facter 1.6.11 Just a note - we''re working from the EPEL repos almost exclusively. I am working with the firewall module, and so far I am unable to use firewallchain. Some digging suggests that it''s not completely user error (though I

Hi All, I have a program that does ARP spoofing (not for hacking purposes!), and I experienced occasional crashes in my switch (Cisco UBR7200). Does anyone else had a similar problem? Maybe with other switches/routers? Can this be the results of two machines trying to register the same IP? Send invalid ARP packets? Thanks, Yuval.

My firewall is using shorewall 3.0.x and CentOS Recently, I found that firewall is attaching from ARP spoofing.. There are a lot of "out of socket memory" in messages log ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and

Hi! The Netfilter project proudly presents: libnftnl 1.2.6 libnftnl is a userspace library providing a low-level netlink programming interface (API) to the in-kernel nf_tables subsystem. This library is currently used by nftables. This release includes meta broute support. See ChangeLog that comes attached to this email for more details on the updates. You can download it from:

Hi I need to run libvirt without ebtables support as it results in following error while running VM.... sudo virsh start instance-0000000b error: Failed to start domain instance-0000000b error: Error while building firewall: Some rules could not be created for interface tapf733e054-fe: Failure to execute command '$EBT -t nat -A libvirt-J-tapf733e054-fe -j J-tapf733e054-fe-mac' :

Hi! I have a problem with current wine (from CVS). An application, Dynatext DOC browser from EBT, stopped working. It just opens a dialog box saying that the DYNATEXT.INI file was not found and that it has to be either in the windows directory or in the Dynatext directory. I verified it and it really is in the Dynatext directory, as it used to always be, it's readable and its contents is OK.

hi- i''ve been trying to setup an outgoing queue that prioritizes traffic depending on whether it recognizes the MAC address the packet is destined to -- and i''ve not been having any luck. i think my ebtables rule is correct as the packet count when i do an --Lc is increasing in an expected way, but when i look at the tc statistics, i don''t think the packets are