Comments for bits | andy smith's blog

Comment on IPTables: Fun with MARK by Ferry

Ferry — Mon, 26 Mar 2012 03:27:26 +0000

Hai,

i want to limit bandwidth and route to 3 gateway, my rules show like this:
ip rule add fwmark 11 table $TABLE_1
ip rule add fwmark 12 table $TABLE_2
ip rule add fwmark 14 table $TABLE_3

iptables -t mangle -A PREROUTING -m state –state new -j MARK –set-xmark 0×1
iptables -t mangle -A PREROUTING -m state –state new -m statistic –mode random –probability 0.3 -j MARK –set-xmark 0×2
iptables -t mangle -A PREROUTING -m state –state new -m statistic –mode random –probability 0.3 -j MARK –set-xmark 0×4

for tc:

iptables -t mangle -A FORWARD -o eth0 -p tcp –sport 80 -j MARK –set-xmark 10
iptables -t mangle -A FORWARD -o eth0 -p udp –sport 80 -j MARK –set-xmark 10
iptables -t mangle -A PREROUTING -p tcp –dport 80 -j MARK –set-xmark 10

it’s that mean if packet goes to port 80 and table1 will marked 11? If I have a lot of port marking rule, do i have to write complex ip rule?

Do you have something more simple? or it really have to be complicated like that?

Comment on Authenticating Active Directory users on Linux with Likewise Open by Delicious Bookmarks for December 18th from 02:49 to 10:16 « Lâmôlabs

Delicious Bookmarks for December 18th from 02:49 to 10:16 « Lâmôlabs — Sun, 18 Dec 2011 16:02:34 +0000

[...] bits | andy smith’s blog » Authenticating Active Directory users on Linux with Likewise … – December 18th ( tags: likewise linux activedirectory ad setup howto guide tutorial ) [...]

Comment on IPv6 for a Linux generation by Andy Smith

Andy Smith — Mon, 12 Dec 2011 13:46:53 +0000

Sorry Dave – apologies for not replying sooner…

I’ve not had much of a play with DDNS or DHCPv6 – I’ve got radvd running on my network which is pretty straightforward, except for the DNS stuff :-/

Comment on IPv6 for a Linux generation by Andy Smith

Andy Smith — Mon, 12 Dec 2011 13:45:14 +0000

You’re absolutely right – I messed up editing my real config and accidentally swapped the interfaces. Good spot!

Comment on IPv6 for a Linux generation by leeand00

leeand00 — Fri, 02 Dec 2011 06:50:11 +0000

Given the following prefixes:

- LAN – 2001:470:90d3:1::/64
- DMZ – 2001:470:90d3:2::/64

Shouldn’t this:

# Allow all outbound from our networks
ip6tables -A FORWARD -i dmz -s 2001:470:90d3:1::/64 -j ACCEPT
ip6tables -A FORWARD -i lan -s 2001:470:90d3:2::/64 -j ACCEPT
ip6tables -A FORWARD -i wlan -s 2001:470:90d3:3::/64 -j ACCEPT

Be this?
(switched lan and dmz prefixes)

# Allow all outbound from our networks
ip6tables -A FORWARD -i lan -s 2001:470:90d3:1::/64 -j ACCEPT
ip6tables -A FORWARD -i dmz -s 2001:470:90d3:2::/64 -j ACCEPT
ip6tables -A FORWARD -i wlan -s 2001:470:90d3:3::/64 -j ACCEPT

Please let me know if I am mistaken or not.

Comment on IPTables: Fun with MARK by Andy Smith

Andy Smith — Fri, 04 Nov 2011 11:53:56 +0000

I wasn’t aware of that – thanks!

For anyone else: http://ipset.netfilter.org/

Andy.

Comment on IPTables: Fun with MARK by Andy Smith

Andy Smith — Fri, 04 Nov 2011 11:53:09 +0000

Hi Carl,

Just had a quick look and –set-xmark is mentioned in the iptables manpage – it states that it zeroes out the bits given by the mask and XORs in the value given.

Andy.

Comment on PXE booting a Debian Squeeze install by Andy Smith

Andy Smith — Fri, 04 Nov 2011 11:50:16 +0000

Hi Dieter,

Apologies for taking so long to reply…

Looks like Debian have changed the DHCP server they use, so try replacing ‘dhcp3-server’ with ‘isc-dhcp-server’.

Andy.

Comment on IPTables: Fun with MARK by Iptables MARK

Iptables MARK — Wed, 02 Nov 2011 15:44:37 +0000

[...] to this: http://andys.org.uk/bits/2010/01/27/…fun-with-mark/ It says: "The MARK target lets us set a 32-bit value (or 0xFFFFFFFF) on a packet, which we [...]

Comment on PXE booting a Debian Squeeze install by Dieter

Dieter — Fri, 28 Oct 2011 20:23:42 +0000

On
“service dhcp3-server restart”

error:
“dhcp3-server: unrecognized service”

dhcp3-server is installed. Dont now what todo????