similar to: [Bridge] Problem with startup script

I'm replacing an ancient Solaris 'ipf' firewall/router with a brand new CentOS 6.3 system. In the olden days, I successfully used the attached iptables script (as /etc/rc.local) on Red Hat 5.x systems, but this doesn't seem to be quite working on the new system. Specifically, while it seems to be routing ok, you cannot connect to anything on the inside net (e.g., with ssh or

Hi all i have big problem,I am newbie and my english is bad,but i know you can help solve my problem. I have box with gentoo,I live in latvia and i have 2 ISP: One isp gives me ip range from 62.85.71.1-62.85.71.15 (62.85.71.1 is gateway) but there is only latvian trafik - no other countries (link is 2 mbit Asinhronus dsl) and other isp who gives me one ip from dhcp adn there ios no trafik

Hi, I''m having issues with policing my incoming traffic by matching packet marks made by iptables. I''ve checked as many sites and guides as I can find, and I seem to be doing the exact same thing as they all are, but there''s still no success. As such, I was wondering if anyone can have a quick look to see if I''ve done anything obviously stupid? Essentially, I

Hello, First I want to point out that I''m not so familiar with HFSC, since there not so much info online. But here is my script: ${TC} class add dev ${LAN_IFACE} parent 1:0 classid 1:1 hfsc ls rate 100mbit ul rate 100mbit ${TC} class add dev ${LAN_IFACE} parent 1:1 classid 1:2 hfsc ls rate 90mbit ul rate 90mbit ${TC} class add

Hello i''m having some issues trying to match packets using iptables mark, iproute filter and tc filter.- i mean, when i do iptables -t mangle -A INPUT -p tcp --dport 80 -j MARK --set-mark 20 iptables -t mangle -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 10 iptables -t mangle -A FORWARD -p tcp -i eth0 -o eth1 --dport 25 -j MARK --set-mark 10 $TC qdisc del dev $INET_IFACE root $TC

I found the problem! It was me and it was dumb... This was the network layout: 10.10.10.0/24 1.2.3.0/27 10.10.10.n internal hosts | <----+-----+--------+ +-------+------>to the Internet | | | | Proxied | | | H.323 device Firewall Router eth1 eth0 1.2.3.11

Hello All, I have a strange problem regarding samba 3.0.37 I have samba server installed in the local network behind NAT, the router iptables are configured as follows: #samba $IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV $IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport

Hi there, I have a little problem. I had this some months ago but didn''t solve it back then. I have patched my kernel with Layer 7 support and patched my iptables to support it, too. Now I inserted this line in my firewall script on my router for testing purpose: $IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7 --l7proto http -j DROP It works, BUT only if the

I have a router used as a gateway for a small lan, I want half the machines to use one IP and half to use another IP when using SNAT to reach the internet. Both IPs are from the same ISP, same account, just different IPs. Heres what I''m trying: ------------------ LAN_IP="10.0.0.1" LAN_IFACE="eth0" EXT_IP_1="x.y.246.186" EXT_IFACE_1="eth1"

I have a tc script which splits the bandwidth in 8 leaf classes based on IP filtering. The script looks like this: tc filter add dev $LAN_IFACE protocol ip parent 1:0 prio 1 u32 match ip dst 192.168.0.121 flowid 1:11 The separation works excellent for downloads, but for uploads, it is ignored... Can you tell me how to deal with it? Thanks in advance, Vlad Mihai

Woops - my fat fingers hit the send key before I could put in a subject a minute ago. Hello - I am using kernel 2.4.27 and running into behavior I don''t know how to explain. I have 2 relevant interfaces. eth0 is external, eth1 is internal. My internal LAN is 10.10.10.0/24. My External range is 1.2.3.0/27 (dummied up). I have an H.323 videoconference device inside my internal

Here are some notes I have about Linux bridging. I''ll try to separate what I know I know from what I think I know. Let''s say I want to bridge eth0, eth1, and eth2 together, all with an IP Address of, say, 1.2.3.2. This is how to do it: echo "Setting up br0 to bridge eth0 with eth1 and eth2" /usr/sbin/brctl addbr br0 /usr/sbin/brctl addif br0 eth0

Hello - What I want to do seems very simple - I want to make sure any H.323 traffic gets processed before anything else entering or leaving this network. The network has a videoconferencing device on the LAN at 192.168.16.4. A Linux firewall NATs an external IP Address to this internal address and I have appropriate SNAT and DNAT rules that work. The NAT and connection tracking rules all work

How I change my configuration to reduce this issue. I have this setting on my zapata.conf signalling=fxs_ks group=1 callgroup=1 pickupgroup=1 channel=1 signalling=fxs_ks group=2 callgroup=1 pickupgroup=1 channel=2; singalling=fxs_ks group=3 callgroup=1 pickupgroup=1 channel=3; singalling=fxs_ks group=4 callgroup=1 pickupgroup=1 channel=4 and for outbound calls I have this context on my

Currently my ethernet bridge has 2 intel 100mps NIC's that are both part of a bridge. ( I followed the sample setup on the bridge.sf.net page.) In addition to this I would like to access the internet from within the ethernet bridge and when using the sample instructions I have no gateway setup and no default route (0.0.0.0). I know this data has to be attached to the bridge device and not to

Hello list. I''ve configured a very simple script to slow down packets coming from a particular IP Address. I''ve used IPTABLES to mark traffic coming from this IP Address, but it does not appear to be working as expected. Let me first describe my system as maybe what I''m doing is beyond what NETFILTER can do. I have one machine that runs all my servers as

the files when you attempt to rename it. This is caused by Window's Media Player loading the file when you click on it. To work around this I had to go into Windows Explorer and change the folder options from "Enable Web Contents in Folders" to "Use Windows Classic Folders". This way, Windows Media player won't load the file when you click on it. Just trying to save