similar to: [Bridge] Strange, my transparent squid stoped working

Dear All, I''m using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and gentoo. I have a leased-line 64 kbps. I can see the counter works in iptables, but in the htb, it doesn''t go to the right class (it always go to the default class). Any help will be appreciated here''s my htb conf #!/bin/bash tc qdisc del dev eth1 root tc qdisc add dev eth1 root

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

Hi, Trying to figure out why I cannot get access to dell.com Their site is up because I can browse using a different firewall. Trying to find out where the logs are located and what log files it would write to if it were to deny browsing to a website. I can see the [UNREPLIED] when using the shorewall status. Was hoping to know what logfile it is writing it to. Thanks in advance, Elmer

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hi, I am experimenting a little bit with my firewall and I don''t seem to get my head round marks ... I try to mark p2p packets generated on the firewall in the output chain and then try to match that mark either in NAT OUTPUT or POSTROUTING I don''t seem to get the expected result. Any help or clue would be more than welcome. root@droopy:~/firewall > iptables-view -t

Hi, I have a proxy/firewall, I want to dnat requests for 193.205.140.106 on port 443 towards 10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389 towards 10.2.15.25, these rules must apply from internet, loc and fw (some client use a proxy on fw to reach these servers) I have tried with the following rules: DNAT net dmz:10.2.15.23 tcp 443 -

Hi all and tc Gururs i have patched the IMQ and htb to kernel, but when i do egress filtering, iam not able to see any traffic and excusted the following the commands modprobe imq numdevs=1 tc qdisc add dev imq0 handle 1: root htb default 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 100kbit tc qdisc add dev imq0 parent 1:1 handle 10: htb default 1 tc class add dev imq0 parent

Hello all, I’m currently trying to figure out how to forward ports to guests that are on a NAT Network. I have followed the directions on https://wiki.libvirt.org/page/Networking under the “Forwarding Incoming Connections” Section and get connection refused when attempting to connect. System: Ubuntu Server 18.04.1 Virsh / LibVirtd Version: 4.0.0 Here’s the contents of /etc/libvirt/hooks/qemu  

I have problem getting answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00

I am trying to get IPP2P working on my router. Thus far I can see connections being marked (see below), but they don''t seem to get saved or something. When looking at /proc/net/ip_conntrack, nothing has anything other than 0 for mark. The iptables commands for this are: iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j

Hi, I have a default class for my un-marked traffic (prio 5) and a prio 0 class for the important stuff, but I do not understand why my download traffic is duplicated in both. It work fine for my upload traffic (same setting except the red class but I have the same result if I create an esfq instead). Any comments/information will be appreciated. Below my config : tc commands from my scirpt :

Can you post your Tinc configuration too? El lun., 30 ene. 2017 a las 11:42, Dave Albert (<dave.albert at gmail.com>) escribió: > Here is an extract of my current iptables that are not working: > > iptables -L -n -v > > Chain INPUT (policy DROP 8 packets, 1120 bytes) > pkts bytes target prot opt in out source > destination > 0 0

Hi, I am using linux kernle-2.6.15, iptables-1.4 and bridge-utils-1.4. Everything intslled without any issue and i am able to enable the bridge and traffic is also flowing without any issue. But i did not see any traffic on the iptables forward chain due to which i am not able to control the traffic. Do i requie enable anything more to make the traffic pass through iptables forward chain.

Believe me: Read the FAQ Checked over and over This might be toooooo stupid to be documented. Please bear with me. Any help ? Situation: single card standalone "firewall" (used like a "personal firewall"). Have sshd running on the FW. Want the sshd daemon to be accessible only from 2 LANs: 1) My other home LAN machine 2) IBM intranet machines (9.0.0.0) Whatever I have

I have defined a Home zone and placed it before the Net zone. Defined a host 192.168.174.242 as a trusted host. Now if I ping from 242 to my fw it works just fine (also tweaked the norfc1918 file). Thing I do not understand is why if I try pinging or FTPing from FW to 242 I hit the all2all reject rule ! I tried reading the rules and from the INPUT chain I see a eth0_in chain which in turn

I''m trying to shape traffic on a Devil-Linux box. This note was originally sent to their maillist, because the LARTC list appears to have been down for the past few days. My mailbox was just flooded with a half dozen or so confirmation requests in response to my repeated attempts to subscribe to this list. ---------- Forwarded message ---------- From: drew einhorn

Martin Devera wrote: > If you read the manual, the algorithm will not work correctly > with {,c}burst < MTU ... > devik > I just tried to change {,c}burst to 1600, or leaving them by default but no visible result. here is the latest tc -s -d class show dev eth0 class htb 1:101 parent 1:1 prio 0 rate 40Kbit ceil 40Kbit burst 1599b/8 mpu 0b cburst 1599b/8 mpu 0b quantum 512 level

I have two VMs, both with firewalld installed. One on machine It this in the IN_public chain: Chain IN_public (2 references) pkts bytes target prot opt in out source destination 81 3423 IN_public_log all -- * * 0.0.0.0/0 0.0.0.0/0 81 3423 IN_public_deny all -- * * 0.0.0.0/0 0.0.0.0/0

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

https://bugzilla.netfilter.org/show_bug.cgi?id=1308 Bug ID: 1308 Summary: iptables -i + is broken in v1.8.0 Product: iptables Version: unspecified Hardware: x86_64 OS: RedHat Linux Status: NEW Severity: normal Priority: P5 Component: iptables Assignee: netfilter-buglog at