Re: lug-bg: zor sas SQUID
ne razbrah za kakvo pravilo govorish ako prenatna localnata mreja da moje da izliza prez GW3 shte ima problem kogato usera mahne proxy-to niama da moje da izlezne prez default GW g. --- Momchil Ivanov [EMAIL PROTECTED] wrote: On 6/9/05, ggg [EMAIL PROTECTED] wrote: zdraveite, imam linux box sas 3 GW-s (3 LAN-s): GW1 - default GW2 - locale net GW3 - BTK aDSL jelanieto mi e da napravia squida da minava vinagi prez GW3,t.e. prez aDSL-a tcp_outgoing_adress ne mi raboti , dori i ne prashta paketite kam GW3 (proverih s tcpdump-a) Á ÉÍÁÛ ÌÉ ÐÒÁ×ÉÌÏ, ËÏÅÔÏ ÄÁ ËÁÚ×Á: ÐÁËÅÔÁ Ó ÉÚÔÏÞÎÉË IP ÁÄÒÅÓÁ ÎÁ gw3 ÄÁ ÉÚÌÅÚÅ ÐÒÅÚ gw3, Á ÎÅ ÐÒÅÚ default. ÍÉÓÌÑ ÞÅ ÚÁ ÔÏ×Á ÎÅ ÔÉ ÒÁÂÏÔÉ ÔÏÚÉ ×ÁÒÉÁÎÔ. ÄÏÂÁ×É ÓÉ ÔÁËÏ×Á ÐÒÁ×ÉÌÏ. o4akvam ideite vi s netarpenie. georgi __ Discover Yahoo! Stay in touch with email, IM, photo sharing and more. Check it out! http://discover.yahoo.com/stayintouch.html __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250
Re: lug-bg: zor sas SQUID {to Evgeni Genchev}
idejata mi haresa,ja dai primer kak da hvana koi paketi sa na squida za da markiram i prenaso4a tiah kam GW3 .dai primer s iptables. g. --- Evgeni Gechev [EMAIL PROTECTED] wrote: ggg wrote: niamam kirilica na toja komp sorry. GW1 e real IP ot dostav4ika. GW2 - local mreja 192.168.250.0/24 GW3 - aDSL BTK 192.168.1.2 triabwa mi kogato iskam da polzvam DSL da sloja proxy (Squid) i to da me prekara prez GW3,a kogato ne iskam BTK da si mahna proxito i da varvia prez GW1,koito e default. da razbira se s policy routing moga da hvana port 80 na 192.168.250.1 ,kadeto e squida, i da go pratia na GW3 sled kato go premaskiram/nat-na, no kato mahna proxyto ot browsera - stava losho s tova policy r. nadiavam se sega da rabirash kakuv mi e problema. abe s dve dumi idejata e slednata : proxy - BTK (GW3) no-proxy - default GW1 georgi Ìàðêèðàø ïàêåòèòå íà squid-à ñ iptables -m owner ... Ïðàâèø rule çà òàêà ìàðêèðàíèòå èçõîäÿùè ïàêåòè, ñ êîéòî ãè ïðàùàø íà GW3, à âñè÷êî îñòàíàëî ñè ìèíàâà ïðåç GW1. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
lug-bg: ip_conntrack dropping packet
, , , - . , /proc/sys/net/ipv4/ip_conntrack_max, , ( 100 ) - . , , , - . ! -- Nikola ANTONOV, Linux for Bulgarians -- Public GnuPG key at http://wwwkeys.pgp.net ftp://ftp.logos-bg.net/pub/Linux-BG.org/GPG_Keys/ Fingerprint: AD64 2468 0AB4 B298 E7E3 92DA 15F5 7AC5 A05E 0F63 -- pgpQGOaEJ6lDx.pgp Description: PGP signature
Re: lug-bg: zor sas SQUID {to Evgeni Genchev}
ggg wrote: idejata mi haresa,ja dai primer kak da hvana koi paketi sa na squida za da markiram i prenaso4a tiah kam GW3 .dai primer s iptables. g. --- Evgeni Gechev [EMAIL PROTECTED] wrote: ggg wrote: niamam kirilica na toja komp sorry. GW1 e real IP ot dostav4ika. GW2 - local mreja 192.168.250.0/24 GW3 - aDSL BTK 192.168.1.2 triabwa mi kogato iskam da polzvam DSL da sloja proxy (Squid) i to da me prekara prez GW3,a kogato ne iskam BTK da si mahna proxito i da varvia prez GW1,koito e default. da razbira se s policy routing moga da hvana port 80 na 192.168.250.1 ,kadeto e squida, i da go pratia na GW3 sled kato go premaskiram/nat-na, no kato mahna proxyto ot browsera - stava losho s tova policy r. nadiavam se sega da rabirash kakuv mi e problema. abe s dve dumi idejata e slednata : proxy - BTK (GW3) no-proxy - default GW1 georgi squid- iptables -m owner ... rule , GW3, GW1. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com squid- (user nobody): iptables -t mangle -A OUTPUT -m owner --uid-owner nobody -j MARK --set-mark 0x01 ip r a via GW3 t 253 ip ru a from tcp_outgoing_address_NA_SQUIDA fwmark 0x01 t 253
Re: lug-bg: ip_conntrack dropping packet
On Saturday 11 June 2005 17:24, Nikola Antonov wrote: , , , - . , /proc/sys/net/ipv4/ip_conntrack_max, , ( 100 ) - . , , , - . dedicated firewall/nat-only machines , 2 : *, , abuse- ( p2p TCP client ip address / block connlimit ): * . ( printk-return- ENOMEM (out of memory) ENOSPC (no space left on device, )). .. ' ',. , abuse- ;-) conntrack_max hashsize : ' mem - X' [1] / , /, X - ( squid (4 86) , ;-). [1] http://www.wallfire.org/misc/netfilter_conntrack_perf.txt / / -- pub 4096R/0E4BD0AB 2003-03-18 danchev.fccf.net/key pgp.mit.edu fingerprint1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB
Re: lug-bg: zor sas SQUID {to Evgeni Genchev}
aa tui dobre ama az imam oshte procesi deto sa sobstvennost na nobody i imat trrafik (apacha naprimer - toi ima paketi ot vsi4ki GWs kum i ot nego) kakvo shte stane s tiah ? g. Ако squid-а е с натройките по подразбиране (user nobody): iptables -t mangle -A OUTPUT -m owner --uid-owner nobody -j MARK --set-mark 0x01 ip r a via GW3 t 253 ip ru a from tcp_outgoing_address_NA_SQUIDA fwmark 0x01 t 253 __ Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html
Re: lug-bg: zor sas SQUID {to Evgeni Genchev}
ggg wrote: aa tui dobre ama az imam oshte procesi deto sa sobstvennost na nobody i imat trrafik (apacha naprimer - toi ima paketi ot vsi4ki GWs kum i ot nego) kakvo shte stane s tiah ? g. squid- (user nobody): iptables -t mangle -A OUTPUT -m owner --uid-owner nobody -j MARK --set-mark 0x01 ip r a via GW3 t 253 ip ru a from tcp_outgoing_address_NA_SQUIDA fwmark 0x01 t 253 __ Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html user- squid- , ?:)