[rofug] Re: Intrebare linux-unix

Alex Popa Sun, 26 Jan 2003 14:06:15 -0800

On Sun, Jan 26, 2003 at 11:33:01PM +0200, Mihai Tanasescu wrote:
> 
> merci punctul 2 l-am inteles oarecum
> pt 1 tre sa mai citesc ca nu prea ma prind ce reprezinta acel sis0 (daca
> este un fel de eth0..si daca da atunci in cazul tau toate pachetele o
> iau prin tunel ? si nu o mai ia niciunul prin interfata externa
> default? ) - eu avand nevoie sa aleg numai pachetele care vin de la
> ip-urile sa zicem 192.168.40.2 si 40.3 sa o ia prin tun...si restu sa o
> ia prin eth0 (echivalentul eth0 in freebsd).
> <Scuze dar am lucrat doar cu linux si imi vine greu sa pricep ce ai
> explicat cu sis0>


dmesg | grep sis
sis0: <SiS 900 10/100BaseTX> port 0xd800-0xd8ff mem 0xcfffd000-0xcfffdfff irq 10 at 
device 3.0 on pci0
sis0: Ethernet address: 00:d0:09:ee:09:73
miibus0: <MII bus> on sis0

so, da, este numele placii de retea.  aici sunt edX (placi ne2000), rlX
(realtek 8139), sis0 (placa mea de pe placa de baza cu chipset sis),
fxpX (intel ether express), etc.

partea cealalta:
pass out quick on sis0 to tun0:10.0.0.1 from any to 1.0.0.0/8
^^^^^   ^^^^^^
     ^^^       ^^^^^^^                  ^^^^^^^^^^^^^^^^^^^^^
      |           |   ^^^^^^^^^^^^^^^^^^      |
      `---------- +          |                |
                  |          |                |
                  |          `pe ce interfata |
                  |           iese, si gw     |
                  |                           |
                  `-----------v---------------'
                              `regula de firewall obisniuta

Adica: pachetele "out on sis0 from any to 1.0.0.0/8" sunt rutate catre
tun0, ca si cum ar fi gateway 10.0.0.1.

pass si quick sunt specifice ipfilter...

So, pentru ce ai descris:
pass in quick to interfata:adresa.de.i.p from 192.168.40.2/31 to any

Asta daca nu sunt adresele mele 40.2 si 40.3.  Daca sunt ale mele, le
interceptez pe interfata pe care ar fi trebuit sa iasa (la mine sis0 in
cazul respectiv) in momentul iesirii.

HTH
Alex

> ----- Original Message -----
> From: "Alex Popa" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, January 26, 2003 11:02 PM
> Subject: [rofug] Re: Intrebare linux-unix
> 
> 
> >
> > On Sun, Jan 26, 2003 at 10:27:57PM +0200, Mihai Tanasescu wrote:
> > >
> > > De exemplu...
> > > aveam in linux iptables -j MARK ..
> > > 1.pachetele pe care le marcam puteam sa le bag intr-o tabela (facuta
> cu
> > > ip route) si puteam sa le pun sa o ia prin alt gateway..
> >
> > man ipf.  pe ipfilter se poate:
> >
> > # ifconfig sis0
> > sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >         inet 1.2.3.4 netmask 0xff000000 broadcast 1.255.255.255
> >
> > Deci evident 1.2.3.5 ar trebui sa il incerce pe sis0... dar:
> > # ipf -f-
> > pass out quick on sis0 to tun0:10.0.0.1 from any to 1.0.0.0/8
> > ^D
> >
> > si acum pachetele care ar trebui sa iasa prin sis0 (ca de exemplu un
> > ping catre 1.2.3.5) pleaca de fapt prin tun0 (conexiunea mea ppp).
> >
> >
> > > 2. pachetele marcate le puteam baga intr-un tree de tip htb si sa le
> > > limitez ca viteza
> >
> > Well... aici e ceva mai ciudat.
> > Variante:
> > (a) ALTQ -> nu stiu daca merge acum pe FreeBSD 4.7, pe 4.5 parca
> mergea.
> > Adrian Penisoara are mai multe detalii.
> >
> > (b) ipfw + dummynet -> man ipfw, merge ok, dar nu stie decat limitari,
> > nu garantari de banda.
> >
> >
> > > ----- Original Message -----
> > > From: "Mihai Tonu" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Sunday, January 26, 2003 6:13 PM
> > > Subject: [rofug] Re: Intrebare linux-unix
> > >
> > >
> > > >
> > > > problema este ca eu nu prea inteleg ce ai in vedere prin
> "marcare". :(
> > > >
> > > > vezi pe link-urile de mai jos:
> > > >
> > >
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
> > > > http://www.sateh.com/articles/firewall/
> > > > http://renaud.waldura.com/doc/freebsd/firewall/
> > > >
> > > > mt
> > > >
> > > > On Sun, 26 Jan 2003 17:46:22 +0200
> > > > "Mihai Tanasescu" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > >
> > > > > Scuze ca intreb..dar poti sa-mi dai si mie un exemplu de marcaj
> ?
> > > > > cautand man ipfw pe net...nu am gasit nimic de marcat pachete...
> > > > >
> > > > > ----- Original Message -----
> > > > > From: "Mihai Tonu" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Sunday, January 26, 2003 4:19 PM
> > > > > Subject: [rofug] Re: Intrebare linux-unix
> > > > >
> > > > >
> > > > > >
> > > > > > daca nu ma insel aceasta se numeste ipfw
> > > > > >
> > > > > > On Sun, 26 Jan 2003 13:16:20 +0200
> > > > > > "Mihai Tanasescu" <[EMAIL PROTECTED]> wrote:
> > > > > >
> > > > > > >
> > > > > > > Salut.
> > > > > > > As dori sa stiu daca exista in freebsd o comanda echivalenta
> pt
> > > > > iptables
> > > > > > > .. -j MARK din linux.
> > > > > > >
> > > > > > >
> > > > > > > __________________________________________________________
> > > > > > > Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
> > > > > > >
> > > > > > >
> > > > > > __________________________________________________________
> > > > > > Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
> > > > > >
> > > > >
> > > > >
> > > > > __________________________________________________________
> > > > > Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
> > > > >
> > > > >
> > > > __________________________________________________________
> > > > Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
> > > >
> > >
> > > __________________________________________________________
> > > Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
> > >
> > ------------+-------------------------------------------------------
> > Alex Popa,  |  "Computer science is no more about computers than
> > [EMAIL PROTECTED]|     astronomy is about telescopes" -- E. W. Dijkstra
> > ------------+------------------------------------------------------
> > __________________________________________________________
> > Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
> >
> 
> __________________________________________________________
> Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe
> 
------------+-------------------------------------------------------
Alex Popa,  |  "Computer science is no more about computers than
[EMAIL PROTECTED]|     astronomy is about telescopes" -- E. W. Dijkstra
------------+------------------------------------------------------
__________________________________________________________
Send 'unsubscribe rofug' to [EMAIL PROTECTED] to unsubscribe

[rofug] Re: Intrebare linux-unix

Raspunde prin e-mail lui