[LARTC] Little problem with ifb. How to catch server traffic on IFB...
I've network with NATed hosts. I want to catch only all traffic going from my server, but I don't want catch NATed traffic from LAN. I need only traffic going from/to my server (traffic from INPUT, OUTPUT chain in iptables) (like SSH, postfix, WWW or proxy). This is throw all traffic from my LAN to IFB: $TC qdisc add dev $iface_lan handle : ingress $TC qdisc add dev $iface_lan root handle 1:0 htb #Incoming traffic... $TC filter add dev $iface_lan parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.0/16 flowid 1:1 action mirred egress redirect dev ifb0 #Outgoing traffic... $TC filter add dev $iface_lan parent : protocol ip prio 1 u32 match ip src 192.168.0.0/16 flowid 1:1 action mirred egress redirect dev ifb1 I need some rules to throw all traffic from my server to ifb. This rules throw all traffic from my router, all with NATed LAN traffic... And there is no way to filter this traffic:/ $TC qdisc add dev $iface_wan handle : ingress $TC qdisc add dev $iface_wan root handle 1:0 htb #Incoming traffic... $TC filter add dev $iface_wan parent : protocol ip prio 1 u32 match ip dst $server_external_IP flowid 1:1 action mirred egress redirect dev ifb0 #Outgoing traffic... $TC filter add dev $iface_wan parent 1:0 protocol ip prio 1 u32 match ip src $server_external_IP flowid 1:1 action mirred egress redirect dev ifb1 I need some help... Is any possibility to do this? How to catch packets which is not from/to LAN - on WAN interface? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] [PATCH] HTB O(1) class lookup
Simon Lodal napisał(a): The patch is for 2.6.20-rc6, I have older ones for 2.6.18 and 2.6.19 if anyone is interested. It's working also on 2.6.20-rc7. I'm testing it and I'm impressed. Good work :) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] dev IFB, few questions
I've made some tests... eth2 is my internal interface, LAN is connected here. Before I had IMQ device in AB mode... PREROUTING [A]fter NAT, POSTROUTING [B]efore NAT. I want the same situation on ifb. I do this in this way: --- # incoming traffic here from LAN is before NAT tc qdisc add dev eth2 handle : ingress # outcoming traffic here from WAN is after NAT tc qdisc add dev eth2 root handle 1:0 htb tc filter add dev eth2 parent : protocol ip prio 1 u32 match ip src 192.168.0.0/24 flowid 1:1 action mirred egress mirror dev ifb0 tc filter add dev eth2 parent 1:0 protocol ip prio 1 u32 match ip dst 192.168.0.0/24 flowid 1:2 action mirred egress mirror dev ifb0 --- Everything is working fine. I can catch packets from and to users by they ip address. Of course in my script I'll use act_mirred redirect, but now I'm testing on mirror. But my question is... Am I doing this in right way? Anybody knows better rules? And another question, Is any possible to recognize if traffic is incoming or outcoming from device using u32? I'm doing this - ip src 192.168.0.0/24 or ip dst - but to do this I need to know IP addresses of my LAN. Is it possible to do this without this knowledge? Recognize incoming and outcoming traffic on device by filters (u32)... Thanks in advance :) Konrad Cempura (a.k.a. Lenthir) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] HFSC parameter
Thossapron Apinyapanha napisał(a): Can everybody tell me all 12 parameter ,what does it mean Nobody knows:) Is anybody here, who is using HFSC? ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc