Re: [LARTC] incoming traffic

> Hello, > > i made this script : > tc qdisc add dev eth0 handle : ingress > The main goal is to limit incoming traffic from 138.96.20.23 to 15000kbit > and the incoming traffic from 138.96.20.10 to 1kbit. But the total must > not exceed 2kbit. Does it work? Afair, such setup is pos

[LARTC] Local server unreachable by remote lan in dual isp configuration

hi all, i have this situation: isp1 | dmz - FW linux - isp2 |--- vpn concentrator - various ipsec lan-2-lan | LAN In lan i have "pc zone" and "server zone", same net

[LARTC] extern trigger for pfifo?

hi, I have think about my TCP-Pacing (look at my posting: how dynamic...) and an other possibility is to trigger the sending-procedure of a queue by a external 'signal'. But I can't find an trigger or so in the tc_fifo sources, which is responsibility for packet-sending. Sure I'm not really firm

[LARTC] incoming traffic

Hello, i made this script : tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 138.96.20.0 police index 1 rate 2kbit burst 2kbit drop flowid :1 tc filter add dev eth0 parent :1 protocol ip prio 1 u32 match ip src 138.96.

[LARTC] incoming traffic

Hello, i made this script : tc qdisc add dev eth0 handle : ingress tc filter add dev eth0 parent : protocol ip prio 1 u32 match ip src 138.96.20.0 police index 1 rate 2kbit burst 2kbit drop flowid :1 tc filter add dev eth0 parent :1 protocol ip prio 1 u32 match ip src 138.96.

Re: [LARTC] Unnumbered GRE tunnel

Hi' I'm using few ways to achieve a ip tunnel option 1 ppp over ssh option 2 ipip: modprobe ipip iptunnel add tundev mode ipip remote ${REMOTEIP} ifconfig tundev $IP or u can use gre like your email above, hope it helps Sew On 9/23/07, Pullus Cuetlachtli <[EMAIL PROTECTED]> wrote: > Hi! >

Re: [LARTC] How to delete DSCP setting using iptable command.

Raghuvendra Kumar wrote: Hi, Can anybody tell me how to delete DSCP or TOS setting using iptable command. iptables --line-numbers -t mangle -vL OUTPUT to verify rule numbers, then just delete whatever you need with -D, i.e. iptables -t mangle -D OUTPUT 12 ___

Re: [LARTC] DNAT PREROUTING issue with IPTABLES

On 9/25/07, Aleksander Kamenik <[EMAIL PROTECTED]> wrote: > > Indunil Jayasooriya wrote: > > >SECOND Firewall's default route (gateway) is NOT the FIRST firewall. > > BOTH firewall's default route (gateway) is the router given by our ISP. > > Ok, so you understand your problem now? > > Assumin

Re: [LARTC] DNAT PREROUTING issue with IPTABLES

Indunil Jayasooriya wrote: SECOND Firewall's default route (gateway) is NOT the FIRST firewall. BOTH firewall's default route (gateway) is the router given by our ISP. Ok, so you understand your problem now? Assuming the packet arrives at 1.2.3.4 from random external ip (eg. 5.5.5.5), is

Re: [LARTC] DNAT PREROUTING issue with IPTABLES

On 9/25/07, Aleksander Kamenik <[EMAIL PROTECTED]> wrote: > > Indunil Jayasooriya wrote: > > > > I have not added it to prerouting chain. I added just > > now. Forward, input and output chains have it. > > PREROUTING must not have it. Only the three filter chains and only if > you use the

Re: [LARTC] DNAT PREROUTING issue with IPTABLES

Indunil Jayasooriya ha scritto: Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail

Re: [LARTC] How to delete DSCP setting using iptable command.

Hello, You can just add --line-numbers at the end of the command you use to see the results you posted and then use iptables -D tableName ruleNumber, i.e. iptables -D OUTPUT 5 HTH, -Nikolay Raghuvendra Kumar wrote: > > Hi, > > Can anybody tell me how to delete DSCP or TOS setting using iptable

Re: [LARTC] DNAT PREROUTING issue with IPTABLES

Indunil Jayasooriya wrote: I have not added it to prerouting chain. I added just now. Forward, input and output chains have it. PREROUTING must not have it. Only the three filter chains and only if you use the state machine. telnet 2.3.4.5 25 it accepts, It wor

Re: [LARTC] DNAT PREROUTING issue with IPTABLES

On 9/25/07, Aleksander Kamenik <[EMAIL PROTECTED]> wrote: > > Indunil Jayasooriya wrote: > > FIRST firewall (its internet ip address - 1.2.3.4/29 > > ) I have addes below rule. > > > > iptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 > > --dport 25 -j DNAT

[LARTC] How to delete DSCP setting using iptable command.

Hi, Can anybody tell me how to delete DSCP or TOS setting using iptable command. iptables --list OUTPUT --table mangle Chain OUTPUT (policy ACCEPT) target prot opt source destination DSCP tcp -- anywhere

Re: [LARTC] DNAT PREROUTING issue with IPTABLES

Indunil Jayasooriya wrote: FIRST firewall (its internet ip address - 1.2.3.4/29 ) I have addes below rule. iptables -t nat -A PREROUTING -p tcp -i eth0 -d 1.2.3.4 --dport 25 -j DNAT --to-destination 2.3.4.5:25 That should forward port 2