Re: [Bridge] iptables

[Chris Ellsworth]

could you post more of what you are doing (code), it looks like you might be doing what i am trying to do limit the x-fer rates by ip addresses for my network ----- Original Message ----- From: alex To: [EMAIL PROTECTED] Sent: Saturday, April 13, 2002 7:02 PM Subject: [Bridge] iptables Hello!   First, I want to thank the developers of this bridge for they're work. It really really helped me.   Now, the problems :-)   When I only had the bridge with no iptables patch it worked flawlessly but I really needed to limit the traffic from one interface to another and I installed the bridge firewall.   I had something like this (perl):      system("$ipt -A internet -j internet_dn -d $ip -m limit --limit $viteza_dn/s --limit-burst $burst_dn  -c $i_p $i_b");      system("$ipt -A internet -j internet_up -s $ip -m limit --limit $viteza_up/s --limit-burst $burst_up -m mac --mac-source $m mac --mac-source $mac -c $o_p $o_b"); and it worked.   After the firewall code, it didn't worked anymore, and after 10 hours of trying possibilities I found that mac address was a lame fix (and unwanted but neccessary) and I changed the 2nd line in:      system("$ipt -A internet -j internet_up -s $ip -m limit --limit $viteza_up/s --limit-burst $burst_up  -c $o_p $o_b");   Well, it works now, but I can't limit the machine on mac address. Somebody would say that I sould use the arp daemon, but I only want to limit someone the access to the internet not on my machine (I also run samba there).   2nd problem is that Windows 2000/XP will not enter on a machine which is on the other side of the bridge with it's name (like \\machine) ... I have to type it's name: \\192.168.1.5 3rd is that I have another Inet server on the other side of the bridge and I can't use it's masquerading facility. It just don't work. The packets arrive at the machine but will not return. And this server reports that the packets comes from the bridging machine.   Any help would be apreciated. Thanks.   The forward chain is:   Chain FORWARD (policy DROP) target     prot opt source               destination DROP       tcp  -- !192.168.1.1          192.168.1.0/24     tcp dpts:61000:65095  // removing this line will not resove the 3rd problem internet   all  --  192.168.1.0/24      !192.168.1.0/24 internet   all  -- !192.168.1.0/24       192.168.1.0/24 intranet   tcp  --  192.168.1.0/24       192.168.1.0/24     tcp spt:139 intranet   tcp  --  192.168.1.0/24       192.168.1.0/24     tcp spt:445 DROP       tcp  --  192.168.1.0/24       192.168.1.0/24     tcp spt:139 DROP       tcp  --  192.168.1.0/24       192.168.1.0/24     tcp spt:445 ACCEPT     all  --  192.168.1.0/24       192.168.1.0/24 ACCEPT     udp  --  192.168.1.0/24       192.168.1.0/24 Chain internet_dn (14 references) target     prot opt source               destination ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          limit: avg 33/sec burst 38   Chain internet_up (14 references) target     prot opt source               destination ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          limit: avg 33/sec burst 38   Chain intranet (4 references) target     prot opt source               destination ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          limit: avg 250/sec burst 270