Hey Marek, I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well formed my kernel. My others TC rules for source IP address (not for MAC address) does work fine...!!!, the problem is whith the MAC because is a not "IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it, and if i make an analogy from my others INGRESS rules applied to Src IP address, to Src MAC address using the scripts below, did not work too.
Im not shure that i am doing...!!!, please "give a hand" !!! Regards, mateo.- 2007/12/10, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > Send LARTC mailing list submissions to > lartc@mailman.ds9a.nl > > To subscribe or unsubscribe via the World Wide Web, visit > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of LARTC digest..." > > > Today's Topics: > > 1. MAC filter (m.a.t.e.o) > 2. Re: MAC filter (Marek Kierdelewicz) > 3. ixp400 (jerry) > 4. PAT HOW to - IPTABLES (Indunil Jayasooriya) > 5. Re: PAT HOW to - IPTABLES (Alexandre J. Correa - Onda Internet) > 6. Re: PAT HOW to - IPTABLES (Indunil Jayasooriya) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 9 Dec 2007 12:24:27 -0300 > From: m.a.t.e.o <[EMAIL PROTECTED]> > Subject: [LARTC] MAC filter > To: lartc@mailman.ds9a.nl > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="utf-8" > > I did search a lot of post in this list and other, but never have a > solution > that works... > I want to filter the INGRESS by MAC address...please, any help? > > There are a "solution" that supposedly works, but did not work for me: > > > ####### > for the MAC address: M0M1M2M3M4M5 > > tc filter add dev eth1 parent 1: protocol ip prio 5 u32 match u16 0x0800 > 0xffff at -2 match u16 0x4455 0xffff at -4 match u32 0x00112233 0xffffffff > at -8 flowid 1:40 > > ####### > > Thx, a lot.- > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mailman.ds9a.nl/pipermail/lartc/attachments/20071209/acbe85f3/attachment-0001.html > > ------------------------------ > > Message: 2 > Date: Sun, 9 Dec 2007 16:47:57 +0100 > From: Marek Kierdelewicz <[EMAIL PROTECTED]> > Subject: Re: [LARTC] MAC filter > To: lartc@mailman.ds9a.nl > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=US-ASCII > > Hi, > > >There are a "solution" that supposedly works, but did not work for me: > > What you sent works for egress not ingress. > > Look here: > http://www.linux-foundation.org/en/Net:IFB > > There's an example how to shape traffic in ingress. > > cheers, > Marek Kierdelewicz > > > ------------------------------ > > Message: 3 > Date: Sun, 09 Dec 2007 11:57:59 -0800 > From: jerry <[EMAIL PROTECTED]> > Subject: [LARTC] ixp400 > To: lartc@mailman.ds9a.nl > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain > > Hello > > I am encountering what I believe is a deadlock state when I am > transferring traffic via an embedded linux device that only kills > traffic with a combination of the Intel ixp400_eth.ko driver and the > sch_htb.ko queuing discipline. If I use any other qdisk - including the > complex cbq module I encounter smooth sailing. Any suggestions? > > Thanks > > Jerry > > > > ------------------------------ > > Message: 4 > Date: Mon, 10 Dec 2007 15:50:31 +0530 > From: "Indunil Jayasooriya" <[EMAIL PROTECTED]> > Subject: [LARTC] PAT HOW to - IPTABLES > To: "Mail List - Linux Advanced Routing and Traffic Control" > <lartc@mailman.ds9a.nl> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > I have a box running with iptables and iproute2. it has 3 ethernet cards. > One for the internet. another for LAN and yet another for DMZ. > > @ DMZ ZONE I have 3 web servers. But I have only one real ip on my > firewall. > Now , I want to forward port 80 to theese 3 web servers. > > How can I do it? > > I searched a lot from google. But, still no luck. > > > -- > Thank you > Indunil Jayasooriya > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/7146d379/attachment.html > > ------------------------------ > > Message: 5 > Date: Mon, 10 Dec 2007 08:32:18 -0300 > From: "Alexandre J. Correa - Onda Internet" > <[EMAIL PROTECTED]> > Subject: Re: [LARTC] PAT HOW to - IPTABLES > To: lartc@mailman.ds9a.nl > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > you can use squid as reverse proxy .. > > see cache_peer !! > > squid can load balance between 3 servers and cache it !! > > run squid on your box with real ip.. > > here you can see examples > http://under-linux.org/7964-squid-atuando-como-proxy-reverso.html > > (pt-br) > > > Indunil Jayasooriya wrote: > > Hi, > > > > I have a box running with iptables and iproute2. it has 3 ethernet > > cards. One for the internet. another for LAN and yet another for DMZ. > > > > @ DMZ ZONE I have 3 web servers. But I have only one real ip on my > > firewall. Now , I want to forward port 80 to theese 3 web servers. > > > > How can I do it? > > > > I searched a lot from google. But, still no luck. > > > > > > -- > > Thank you > > Indunil Jayasooriya > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > -- > Sds. > > Alexandre Jeronimo Correa > > Onda Internet - http://www.ondainternet.com.br > OPinguim Hosting - http://www.opinguim.net > > Linux User ID #142329 > > UNOTEL S/A - http://www.unotel.com.br > > > > ------------------------------ > > Message: 6 > Date: Mon, 10 Dec 2007 16:09:52 +0530 > From: "Indunil Jayasooriya" <[EMAIL PROTECTED]> > Subject: Re: [LARTC] PAT HOW to - IPTABLES > To: "Alexandre J. Correa - Onda Internet" > <[EMAIL PROTECTED]>, "Mail List - Linux > Advanced Routing > and Traffic Control" <lartc@mailman.ds9a.nl> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > > > > > > > > see cache_peer !! > > > > squid can load balance between 3 servers and cache it !! > > > > run squid on your box with real ip.. > > > > Thanks for your quick answer. I know about reverse proxy. I wanted to > know > > that without squid, whether iptables it self can handle this situation. > > > Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation > as before? > > in that case, What can I do? > > > Hope to hear form you. > > > -- > Thank you > Indunil Jayasooriya > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/4fc3208e/attachment.htm > > ------------------------------ > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > End of LARTC Digest, Vol 34, Issue 12 > ************************************* >
_______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc