m.a.t.e.o
2007-12-12 16:30:35 UTC
Hey Marek,
IÂŽknow that i must to works whith the INGRESS (instead of EGRESS), iÂŽve well
formed my kernel. My others TC rules for source IP address (not for MAC
address) does work fine...!!!, the problem is whith the MAC because is a not
"IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it,
and if i make an analogy from my others INGRESS rules applied to Src IP
address, to Src MAC address using the scripts below, did not work too.
Im not shure that i am doing...!!!, please "give a hand" !!!
Regards, mateo.-
IÂŽknow that i must to works whith the INGRESS (instead of EGRESS), iÂŽve well
formed my kernel. My others TC rules for source IP address (not for MAC
address) does work fine...!!!, the problem is whith the MAC because is a not
"IP PROTOCOL" and for that i must to use the "u32/u16 match" to solve it,
and if i make an analogy from my others INGRESS rules applied to Src IP
address, to Src MAC address using the scripts below, did not work too.
Im not shure that i am doing...!!!, please "give a hand" !!!
Regards, mateo.-
Send LARTC mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of LARTC digest..."
1. MAC filter (m.a.t.e.o)
2. Re: MAC filter (Marek Kierdelewicz)
3. ixp400 (jerry)
4. PAT HOW to - IPTABLES (Indunil Jayasooriya)
5. Re: PAT HOW to - IPTABLES (Alexandre J. Correa - Onda Internet)
6. Re: PAT HOW to - IPTABLES (Indunil Jayasooriya)
----------------------------------------------------------------------
Message: 1
Date: Sun, 9 Dec 2007 12:24:27 -0300
Subject: [LARTC] MAC filter
Content-Type: text/plain; charset="utf-8"
I did search a lot of post in this list and other, but never have a
solution
that works...
I want to filter the INGRESS by MAC address...please, any help?
#######
for the MAC address: M0M1M2M3M4M5
tc filter add dev eth1 parent 1: protocol ip prio 5 u32 match u16 0x0800
0xffff at -2 match u16 0x4455 0xffff at -4 match u32 0x00112233 0xffffffff
at -8 flowid 1:40
#######
Thx, a lot.-
-------------- next part --------------
An HTML attachment was scrubbed...
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071209/acbe85f3/attachment-0001.html
------------------------------
Message: 2
Date: Sun, 9 Dec 2007 16:47:57 +0100
Subject: Re: [LARTC] MAC filter
Content-Type: text/plain; charset=US-ASCII
Hi,
What you sent works for egress not ingress.
http://www.linux-foundation.org/en/Net:IFB
There's an example how to shape traffic in ingress.
cheers,
Marek Kierdelewicz
------------------------------
Message: 3
Date: Sun, 09 Dec 2007 11:57:59 -0800
Subject: [LARTC] ixp400
Content-Type: text/plain
Hello
I am encountering what I believe is a deadlock state when I am
transferring traffic via an embedded linux device that only kills
traffic with a combination of the Intel ixp400_eth.ko driver and the
sch_htb.ko queuing discipline. If I use any other qdisk - including the
complex cbq module I encounter smooth sailing. Any suggestions?
Thanks
Jerry
------------------------------
Message: 4
Date: Mon, 10 Dec 2007 15:50:31 +0530
Subject: [LARTC] PAT HOW to - IPTABLES
To: "Mail List - Linux Advanced Routing and Traffic Control"
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I have a box running with iptables and iproute2. it has 3 ethernet cards.
One for the internet. another for LAN and yet another for DMZ.
@ DMZ ZONE I have 3 web servers. But I have only one real ip on my
firewall.
Now , I want to forward port 80 to theese 3 web servers.
How can I do it?
I searched a lot from google. But, still no luck.
--
Thank you
Indunil Jayasooriya
-------------- next part --------------
An HTML attachment was scrubbed...
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/7146d379/attachment.html
------------------------------
Message: 5
Date: Mon, 10 Dec 2007 08:32:18 -0300
From: "Alexandre J. Correa - Onda Internet"
Subject: Re: [LARTC] PAT HOW to - IPTABLES
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
you can use squid as reverse proxy ..
see cache_peer !!
squid can load balance between 3 servers and cache it !!
run squid on your box with real ip..
here you can see examples
http://under-linux.org/7964-squid-atuando-como-proxy-reverso.html
(pt-br)
Sds.
Alexandre Jeronimo Correa
Onda Internet - http://www.ondainternet.com.br
OPinguim Hosting - http://www.opinguim.net
Linux User ID #142329
UNOTEL S/A - http://www.unotel.com.br
------------------------------
Message: 6
Date: Mon, 10 Dec 2007 16:09:52 +0530
Subject: Re: [LARTC] PAT HOW to - IPTABLES
To: "Alexandre J. Correa - Onda Internet"
Advanced Routing
Content-Type: text/plain; charset="iso-8859-1"
in that case, What can I do?
Hope to hear form you.
--
Thank you
Indunil Jayasooriya
-------------- next part --------------
An HTML attachment was scrubbed...
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/4fc3208e/attachment.htm
------------------------------
_______________________________________________
LARTC mailing list
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
End of LARTC Digest, Vol 34, Issue 12
*************************************
To subscribe or unsubscribe via the World Wide Web, visit
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of LARTC digest..."
1. MAC filter (m.a.t.e.o)
2. Re: MAC filter (Marek Kierdelewicz)
3. ixp400 (jerry)
4. PAT HOW to - IPTABLES (Indunil Jayasooriya)
5. Re: PAT HOW to - IPTABLES (Alexandre J. Correa - Onda Internet)
6. Re: PAT HOW to - IPTABLES (Indunil Jayasooriya)
----------------------------------------------------------------------
Message: 1
Date: Sun, 9 Dec 2007 12:24:27 -0300
Subject: [LARTC] MAC filter
Content-Type: text/plain; charset="utf-8"
I did search a lot of post in this list and other, but never have a
solution
that works...
I want to filter the INGRESS by MAC address...please, any help?
#######
for the MAC address: M0M1M2M3M4M5
tc filter add dev eth1 parent 1: protocol ip prio 5 u32 match u16 0x0800
0xffff at -2 match u16 0x4455 0xffff at -4 match u32 0x00112233 0xffffffff
at -8 flowid 1:40
#######
Thx, a lot.-
-------------- next part --------------
An HTML attachment was scrubbed...
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071209/acbe85f3/attachment-0001.html
------------------------------
Message: 2
Date: Sun, 9 Dec 2007 16:47:57 +0100
Subject: Re: [LARTC] MAC filter
Content-Type: text/plain; charset=US-ASCII
Hi,
What you sent works for egress not ingress.
http://www.linux-foundation.org/en/Net:IFB
There's an example how to shape traffic in ingress.
cheers,
Marek Kierdelewicz
------------------------------
Message: 3
Date: Sun, 09 Dec 2007 11:57:59 -0800
Subject: [LARTC] ixp400
Content-Type: text/plain
Hello
I am encountering what I believe is a deadlock state when I am
transferring traffic via an embedded linux device that only kills
traffic with a combination of the Intel ixp400_eth.ko driver and the
sch_htb.ko queuing discipline. If I use any other qdisk - including the
complex cbq module I encounter smooth sailing. Any suggestions?
Thanks
Jerry
------------------------------
Message: 4
Date: Mon, 10 Dec 2007 15:50:31 +0530
Subject: [LARTC] PAT HOW to - IPTABLES
To: "Mail List - Linux Advanced Routing and Traffic Control"
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I have a box running with iptables and iproute2. it has 3 ethernet cards.
One for the internet. another for LAN and yet another for DMZ.
@ DMZ ZONE I have 3 web servers. But I have only one real ip on my
firewall.
Now , I want to forward port 80 to theese 3 web servers.
How can I do it?
I searched a lot from google. But, still no luck.
--
Thank you
Indunil Jayasooriya
-------------- next part --------------
An HTML attachment was scrubbed...
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/7146d379/attachment.html
------------------------------
Message: 5
Date: Mon, 10 Dec 2007 08:32:18 -0300
From: "Alexandre J. Correa - Onda Internet"
Subject: Re: [LARTC] PAT HOW to - IPTABLES
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
you can use squid as reverse proxy ..
see cache_peer !!
squid can load balance between 3 servers and cache it !!
run squid on your box with real ip..
here you can see examples
http://under-linux.org/7964-squid-atuando-como-proxy-reverso.html
(pt-br)
Hi,
I have a box running with iptables and iproute2. it has 3 ethernet
cards. One for the internet. another for LAN and yet another for DMZ.
@ DMZ ZONE I have 3 web servers. But I have only one real ip on my
firewall. Now , I want to forward port 80 to theese 3 web servers.
How can I do it?
I searched a lot from google. But, still no luck.
--
Thank you
Indunil Jayasooriya
------------------------------------------------------------------------
_______________________________________________
LARTC mailing list
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
--I have a box running with iptables and iproute2. it has 3 ethernet
cards. One for the internet. another for LAN and yet another for DMZ.
@ DMZ ZONE I have 3 web servers. But I have only one real ip on my
firewall. Now , I want to forward port 80 to theese 3 web servers.
How can I do it?
I searched a lot from google. But, still no luck.
--
Thank you
Indunil Jayasooriya
------------------------------------------------------------------------
_______________________________________________
LARTC mailing list
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Sds.
Alexandre Jeronimo Correa
Onda Internet - http://www.ondainternet.com.br
OPinguim Hosting - http://www.opinguim.net
Linux User ID #142329
UNOTEL S/A - http://www.unotel.com.br
------------------------------
Message: 6
Date: Mon, 10 Dec 2007 16:09:52 +0530
Subject: Re: [LARTC] PAT HOW to - IPTABLES
To: "Alexandre J. Correa - Onda Internet"
Advanced Routing
Content-Type: text/plain; charset="iso-8859-1"
see cache_peer !!
squid can load balance between 3 servers and cache it !!
run squid on your box with real ip..
Thanks for your quick answer. I know about reverse proxy. I wanted to
knowsquid can load balance between 3 servers and cache it !!
run squid on your box with real ip..
Thanks for your quick answer. I know about reverse proxy. I wanted to
that without squid, whether iptables it self can handle this situation.
as before?in that case, What can I do?
Hope to hear form you.
--
Thank you
Indunil Jayasooriya
-------------- next part --------------
An HTML attachment was scrubbed...
http://mailman.ds9a.nl/pipermail/lartc/attachments/20071210/4fc3208e/attachment.htm
------------------------------
_______________________________________________
LARTC mailing list
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
End of LARTC Digest, Vol 34, Issue 12
*************************************