similar to: [Bridge] NAT on a bridge (solved sortof)

Hi Having a problem trying to figure out how to shape local services running on the debian box (asterisk, squid etc) as currently the voice only seems to be getting shaped one way when making external calls. For example I have the rules below (these are the matching rules only not the actual policy rules): #Create Chain for local traffic (outbound) /sbin/iptables -t mangle -A match-all -m

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

Due to a critical dracut bug, and a strong dev focus on F16, we're dropping all F15 recipes. Signed-off-by: Mike Burns <mburns at redhat.com> --- recipe/ovirt15-install.ks | 1 - recipe/ovirt15-minimizer.ks | 1 - recipe/ovirt15-pkgs.ks | 2 - recipe/ovirt15-post.ks | 145 ------------------------------------------ recipe/ovirt16-install.ks | 2 +-

Having a problem with classid and prio and position. Wondering if someone could help? Below I have pasted a part of my current rules, now it consists of one chain and two pipes. If they both use 60Kbit which one would get priority? Would it be the one with the better prio or the one with the lower classid or would it be the one which is first on the list? /sbin/tc class add dev eth1 parent

whenever i try to run warcraft 3 via wine it comes up with a large amount of error messages but still runs... any idea on how to fix these messages? i am running it forcing opengl > > err:ole:CoCreateInstance apartment not initialised > fixme:advapi:SetSecurityInfo stub > fixme:win:EnumDisplayDevicesW ((null),0,0x33f3b8,0x00000000), stub! > fixme:win:EnumDisplayDevicesW

first thing: I''m not on the mailing list so please reply to eyall@fitracks.com now i have a linux workstation inside the office''s LAN, from some reason i cannot establish connections from the machine to the internet with those settings. i''ve been trying to change prefs and read almost all the docs but still don''t know what''s the problem so i have

Thanks for reading, I need certain shell scripts to email me after they are done running. I've installed ssmtp to forward to my internal SMTP server. I have a working ssmtp config on a Gentoo system that works just fine, but on CentOS it's not working. Here's a bounce message: Date: Thu, 13 Jul 2006 13:33:22 -0700 From: Mail Delivery Subsystem <MAILER-DAEMON at

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Happy New Year. Finally got my fw and tc rules down pat for the bridge, now interested in introducing a third nic to have nat on the box as well. Does anyone have a idea of a good place to start reading up on the subject, mainly interested in how to setup the flow direction to start with as to get a overall understanding of the flow, found that help best. Internet --- eth0 --- eth1 ---

Dear all, I have running a DOM-0 on debian squeeze with the most recent kernel: Linux 2.6.32-5-xen-amd64 #1 SMP On 30% of all reboots the system hangs and only a reset helps. acpi=off as an additional kernel parameter solves this problem, but the usb keyboard of the installed ip-kvm is not found then. with acpi=off Ican find a lot stuff like: [ 7.098747] uhci_hcd 0000:00:1d.2: UHCI Host

All, For a production environment, I'd like to setup CentOS XEN guests as lightweight as possible. I'd like the XEN guests to be able to send nightly email as all CentOS servers do, but there is no reason to run a mail server as the CentOS Dom0 already has an email server running that can act as an email smart host. The options that seem most appealing to me are either ssmtp or sendmail

Hi, I'm not sure but I think I suffer under the same problem with a bit different setup with squeeze testing and xen 4.0rc5. In fact I'm using bridges in the dom0 and the connections to the domU get lost sporadically. In don't see where's a solution to the problem... Is it now a bug? When it's an iptables bug, where's the corresponding bug in the iptables bugtracker

I've run into a problem on my KVM host where a single guest will be unreachable to other guests on the same host. This host has 2 bridged devices and guests assigned to each have the same issue. I've noticed that when I can't reach the problematic guest, the ARP entry for that system is incorrect. This issue seems to only be a problem about 75% of the time when making connections

Package: xen-utils-common Version: 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5 Severity: important Tags: patch security -- System Information: Debian Release: 9.4 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),

Problem still not solved, or any idea whats wrong. here are some msgs: device vif1.0 entered promiscuous mode alloc irq_desc for 1246 on node 0 alloc kstat_irqs on node 0 brI: port 2(vif1.0) entering learning state device vif1.1 entered promiscuous mode brE: port 2(vif1.1) entering learning state physdev match: using --physdev-out in the OUTPUT, FORWARD and POSTROUTING chains for

A note to confirm that "-m physdev --physdev-is-bridged" in the iptables command does enable iptables to work in a bridged environment. I was fighting the same problem and this indeed solved it. Below is my test script running on a two NIC Debian 3.1 266MHz bridge. Before adding the physdev flag, only the "tc filter" commands worked but now the iptables commands also

https://bugzilla.netfilter.org/show_bug.cgi?id=1143 Bug ID: 1143 Summary: physdev extension not working Product: iptables Version: 1.4.x Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee: netfilter-buglog at

Hello list, I''m using xen2.6 with a 2.6.11 kernel my config: kernel = "/boot/vmlinuz-2.6.11-xenU" memory = 1280 name = "s51" nics=1 vif = [ ''ip=82.149.232.51,mac=00:E0:81:29:71:3D'' ] disk = [ ''file:/home/xen/51/diskimage,sda1,w'', ''file:/home/xen/51/swapimage,sda2,w'',

I recently encountered this in the logs of a new Debian Xen Dom0, and having now spent the better part of a day researching and testing, I've come to the conclusion that this is not a bug in xen-utils-common or even iptables; it's merely the consequence of structural changes to the core netfilter code starting in the 2.6.20 kernel. This is rather long, but the issue is complicated. Please