I´know that i must to works whith the INGRESS (instead of EGRESS), i´ve well formed my kernel. My others TC rules for source IP address (not for MAC address) does work fine...!!!, the problem is whith the MAC because is a not "IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it, and if i make an analogy from my others INGRESS rules applied to Src IP address, to Src MAC address using the scripts below, did not work too.
Im not shure that i am doing...!!!, please "give a hand" !!!
Regards, mateo.-
2007/12/10, lartc-request@xxxxxxxxxxxxxxx
<lartc-request@xxxxxxxxxxxxxxx>:
Send LARTC mailing list submissions to
lartc@xxxxxxxxxxxxxxx
To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
or, via email, send a message with subject or body 'help' to
lartc-request@xxxxxxxxxxxxxxx
You can reach the person managing the list at
lartc-owner@xxxxxxxxxxxxxxx
When replying, please edit your Subject line so it is more specific
than "Re: Contents of LARTC digest..."
Today's Topics:
1. MAC filter (m.a.t.e.o)
2. Re: MAC filter (Marek Kierdelewicz)
3. ixp400 (jerry)
4. PAT HOW to - IPTABLES (Indunil Jayasooriya)
5. Re: PAT HOW to - IPTABLES (Alexandre J. Correa - Onda Internet)
6. Re: PAT HOW to - IPTABLES (Indunil Jayasooriya)
----------------------------------------------------------------------
Message: 1
Date: Sun, 9 Dec 2007 12:24:27 -0300
From: m.a.t.e.o < drumlesson@xxxxxxxxx>
Subject: [LARTC] MAC filter
To: lartc@xxxxxxxxxxxxxxx
Message-ID:
< 823158cf0712090724o1f0e9100x8c3432a1e1eaf650@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"
I did search a lot of post in this list and other, but never have a solution
that works...
I want to filter the INGRESS by MAC address...please, any help?
There are a "solution" that supposedly works, but did not work for me:
#######
for the MAC address: M0M1M2M3M4M5
tc filter add dev eth1 parent 1: protocol ip prio 5 u32 match u16 0x0800
0xffff at -2 match u16 0x4455 0xffff at -4 match u32 0x00112233 0xffffffff
at -8 flowid 1:40
#######
Thx, a lot.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20071209/acbe85f3/attachment-0001.html
------------------------------
Message: 2
Date: Sun, 9 Dec 2007 16:47:57 +0100
From: Marek Kierdelewicz <marek@xxxxxxxxx>
Subject: Re: [LARTC] MAC filter
To: lartc@xxxxxxxxxxxxxxx
Message-ID: <20071209164757.0fd8c33d@catlap>
Content-Type: text/plain; charset=US-ASCII
Hi,
>There are a "solution" that supposedly works, but did not work for me:
What you sent works for egress not ingress.
Look here:
http://www.linux-foundation.org/en/Net:IFB
There's an example how to shape traffic in ingress.
cheers,
Marek Kierdelewicz
------------------------------
Message: 3
Date: Sun, 09 Dec 2007 11:57:59 -0800
From: jerry <geraldwalden@xxxxxxxxxxxxxxx >
Subject: [LARTC] ixp400
To: lartc@xxxxxxxxxxxxxxx
Message-ID: <1197230279.3410.4.camel@xxxxxxxxxxxxxxxxxxxxx >
Content-Type: text/plain
Hello
I am encountering what I believe is a deadlock state when I am
transferring traffic via an embedded linux device that only kills
traffic with a combination of the Intel ixp400_eth.ko driver and the
sch_htb.ko queuing discipline. If I use any other qdisk - including the
complex cbq module I encounter smooth sailing. Any suggestions?
Thanks
Jerry
------------------------------
Message: 4
Date: Mon, 10 Dec 2007 15:50:31 +0530
From: "Indunil Jayasooriya" <indunil75@xxxxxxxxx>
Subject: [LARTC] PAT HOW to - IPTABLES
To: "Mail List - Linux Advanced Routing and Traffic Control"
<lartc@xxxxxxxxxxxxxxx>
Message-ID:
<7ed6b0aa0712100220n57ea0e54x628d539621cb6b35@xxxxxxxxxxxxxx >
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I have a box running with iptables and iproute2. it has 3 ethernet cards.
One for the internet. another for LAN and yet another for DMZ.
@ DMZ ZONE I have 3 web servers. But I have only one real ip on my firewall.
Now , I want to forward port 80 to theese 3 web servers.
How can I do it?
I searched a lot from google. But, still no luck.
--
Thank you
Indunil Jayasooriya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/7146d379/attachment.html
------------------------------
Message: 5
Date: Mon, 10 Dec 2007 08:32:18 -0300
From: "Alexandre J. Correa - Onda Internet"
<alexandre@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [LARTC] PAT HOW to - IPTABLES
To: lartc@xxxxxxxxxxxxxxx
Message-ID: <475D23C2.2090300@xxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
you can use squid as reverse proxy ..
see cache_peer !!
squid can load balance between 3 servers and cache it !!
run squid on your box with real ip..
here you can see examples
http://under-linux.org/7964-squid-atuando-como-proxy-reverso.html
(pt-br)
Indunil Jayasooriya wrote:
> Hi,
>
> I have a box running with iptables and iproute2. it has 3 ethernet
> cards. One for the internet. another for LAN and yet another for DMZ.
>
> @ DMZ ZONE I have 3 web servers. But I have only one real ip on my
> firewall. Now , I want to forward port 80 to theese 3 web servers.
>
> How can I do it?
>
> I searched a lot from google. But, still no luck.
>
>
> --
> Thank you
> Indunil Jayasooriya
> ------------------------------------------------------------------------
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
--
Sds.
Alexandre Jeronimo Correa
Onda Internet - http://www.ondainternet.com.br
OPinguim Hosting - http://www.opinguim.net
Linux User ID #142329
UNOTEL S/A - http://www.unotel.com.br
------------------------------
Message: 6
Date: Mon, 10 Dec 2007 16:09:52 +0530
From: "Indunil Jayasooriya" <indunil75@xxxxxxxxx>
Subject: Re: [LARTC] PAT HOW to - IPTABLES
To: "Alexandre J. Correa - Onda Internet"
<alexandre@xxxxxxxxxxxxxxxxxxx>, "Mail List - Linux Advanced Routing
and Traffic Control" < lartc@xxxxxxxxxxxxxxx>
Message-ID:
<7ed6b0aa0712100239j7591a4e3pd484c70baeb2d668@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"
>
>
>
> see cache_peer !!
>
> squid can load balance between 3 servers and cache it !!
>
> run squid on your box with real ip..
>
> Thanks for your quick answer. I know about reverse proxy. I wanted to know
> that without squid, whether iptables it self can handle this situation.
Suppose, I have 3 mail servers @ DMZ zone with one real ip. the situation
as before?
in that case, What can I do?
Hope to hear form you.
--
Thank you
Indunil Jayasooriya
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/4fc3208e/attachment.htm
------------------------------
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
End of LARTC Digest, Vol 34, Issue 12
*************************************
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
