| |
| |
| |
|
Page: 1 2
Comments:
<0> hello, is it a valid configuration to have two 2.6.x masquarading gateways being ipsec tunnel partners with each other?
<0> it works when i turn masq off
<1> http://www.valvehacks.zaccum.com/ - great cs dod hl2 (valve) hacks
<2> can anyone point me to some docs of how to use the new 4th arg in ip_rcv() in ip.h?
<3> gug
<4> I am trying to deal with a specific setup, but due to some annoying limitations with the REDIRECT target (namely it can't be used past PREROUTING, I can't figure it out)
<5> "gug
<5> Ikarus, after PREROUTING, a decision has to be made where the packet will go
<5> after that point it will be too late to do any suggestions (with REDIRECT) because the decision has already been made
<5> why would you like to do REDIRECT somewhere else ?
<4> xkr47: well, that is nice, but I need to do the following (let me C/P a few lines of description)
<4> traffic incoming on eth0 with destination port 80
<4> if this traffic is outgoing on interface internet has to be REDIRECTed to localhost port 80
<4> if it is outgoing on interface dmz has to simply be routed
<4> if the traffic is directed at the localhost (other then in the first case) it has to be rejected
<5> in that case I would create rules like this
<5> for each localhost ip: iptables -t nat -A PREROUTING -p tcp -d $localhostip --dport 80 -j DROP
<5> iptables -t nat -A PREROUTING -p tcp ! -d $dmznetwork --dport 80 -j REDIRECT --to-port 80
<5> or something
<5> you can also use "ACCEPT" in the nat table to indicate that you want no NAT to be done
<5> so the last line can be rewritten in two:
<5> iptables -t nat -A PREROUTING -p tcp -d $dmznetwork --dport 80 -j ACCEPT
<5> iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 80
<5> I agree that it would be nice to have a chain that comes after routing where you could use the outgoing interface already
<6> Hi all
<7> hi chentschel, how are you?
<6> hi gandalf! quite fine
<6> just back from vacations.
<7> chentschel: ah, nice
<6> yes,. but short :(
<6> and you what about u there!?
<8> I guess Gandalf's just enjoying the usual mild winter in Sweden :)
<8> greetings, BTW
<7> chentschel: everythings fine here, maybe a bit cold sometimes, working like always (at an ISP)
<7> hi Hidden
<8> hi Gandalf_
<6> hi hidden!
<7> chentschel: iirc you live in .ar, is that correct?
<6> yes!
<6> Argentina.. it's hot here!. now about 32 degrees. :S
<7> argh, be quiet, it's <0 here :(
<7> :)
<6> :)
<7> it's not the cold that starts to get annoying after a while during the winter, it's all the ice on the car in the morning that's annoying :)
<8> :)
<8> that's one of the problems I don't have -- not having a car has positive side effects sometimes :)
<7> :)
<6> jeje.. i agree
<7> maybe we should have the next workshop far up in the north of sweden during winter... I wonder how long you can have a laptop outside without the crystals in the lcd display freezing...
<8> I'd prefer summer :)
<7> :)
<6> jajaaj
<7> heh, I only use it :)
<6> hidden: why!?
<8> because of all kinds of disgusting interoperability problems :)
<6> with?!
<8> and I'm starting to feel that there won't be a single SIP-related project without those problems
<6> ahh but u mean sip-sip ?
<8> yes, now we have a project where the SIP implementation of the softswitch looks quite interesting
<8> they send Via headers without the 'branch' parameter
<6> and what's the project about!?
<8> installing SIP-capable firewalls for an organization
<6> interesting.
<6> and how's the sip capable solution!?
<8> it's a plugin for Zorp, our firewall software
<6> ahh i think we spoke about ..
<6> big implementation, an ISP or so!?
<8> unfortunately I'm not allowed to disclose that
<8> but yes, it's quite big (although 'big' is relative)
<7> probably bigger than the ISP I work for :)
<8> how many subscribers do you have?
<7> around 10k
<8> that's not that small
<7> mostly adsl
<9> For me is quite big :>
<8> especially here, where the percentage of the population using the net is relatively low compared to western europe and especially scandinavia
<8> an isp with 10k users is certainly considered medium size
<7> the competition between ISPs here in .se is pretty intense
<8> here the main problem is that 90% of the telephone lines is owned by a single company
<7> they are always lowering the price and increasing the bandwidth
<9> .pl have the same problem
<9> or the same nightmare
<7> same in sweden
<7> one company owns all the copper wires used for telephones
<8> and especially smaller ISPs are very vulnerable to policy changes of this telco giant
<7> same problem here :)
<7> we are fighting them every day
<8> and the majority of the people here think that 25 euro a month is too much for having internet access
<10> Gandalf_: your company is leasing copper wires from bigger telco , or have own wires?
<8> but there are _no_ cheaper services
<7> their technicans mess up the adsl install pretty often (rewiring in the telephone station in order to get the phoneline to go through our adsl equipment)
<7> dflow: leasing the copper wires from the telco that owns all the telephone copper wires
<8> experts say that internet usage would increase drastically if prices were around 10-15 euro per month
<8> Gandalf_: not unusual at all :)
<10> hehe
<7> Hidden: and then we complain and their technicians look at it again and still don't find the fault, then our technician looks at it and find the problem in 2 minutes :)
<8> :)
<10> :)
<8> oh, another funny thing here is switching over to a new ISP if you're using ADSL
<8> this usually means a couple of weeks without internet access
<8> because for some strange reason the the company owning the wires completely uninstalls the modem first
<8> then after a few weeks they come back and re-install it
<10> hehe
<10> they want to both company pays installation fees
<7> they did that here as well earlier
<8> and this pretty much means that few people are thinking about changing their ISP, even if the new one would provide cheaper services
<7> but now you can "move" an ADSL connection from one ISP to another with just a few minutes downtime
<8> needless to say, the biggest ADSL-based ISP is owned by the telco company itself :)
<7> just some rewiring in the telephone station
<7> same here :)
<10> yeah
<7> or the telco is actually split into two companies, one that plays ISP and one that owns all the copper wires
<7> but they go hand-in-hand most of the time
<8> and a third one lobbying at the government :)
<7> :)
<10> in .pl the biggers telco have some crazy ideas for makeing money, they cut down bandwidth for other company if they are using abroad uplinks
<8> sometimes I suspect this third one is the most dangerous :)
<8> dflow: ?
<10> Hidden: for example you are company A and you have connection to telia sonnera , (but not to tpsa), all traffic is comming back to tpsa via tranzit , bandwidth is produced by tpsa customers
<10> they cut you down becouse you have external connection , and you don't pay them
<10> and of course uplink to tpsa is very expensive , they have very high prices for connection biger >E1
<7> here in sweden it's the opposite, here we have to pay telia sonera in order to peer with them to avoid sending all traffic to them through transit (which is a little bit more expensive) :)
<7> telia sonera is a strange beast (they are the big telco here)
<8> :)
<8> all big telcos are strange beasts
<10> yes this is normal , most of the isp in .pl have local peering , to avoid sending traffic to tpsa
<7> jk-: hi jeremy
<11> hey Gandalf
<8> gug jeremy
<7> we peer with all other isps that want to peer with us (if it's a sane isp that is :)
<11> hiya Hidden
<10> strange indeed, strange and they are like the sleepy monster...
<8> jk-: back from linux.conf.au?
<11> Hidden: yerp, got back on Sunday
<8> I've seen davem's pictures today, it must have been a spectacular event :)
<7> jk-: how was lca?
<11> Gandalf: awesome!
<11> :)
<11> had a great time, some really cool stuff happening at the moment.
<11> esp. Van Jacobson's net channels :)
<8> I've only read about those in davem's blog
<8> are the slides for the talks available somewhere?
<7> Hidden: davem has a link to the slides in his blog now
<7> just saw the link
<8> oh, it wasn't there a couple of hours ago
<8> I'll check it
<7> rusty looks weird without his moustache
<8> indeed :)
Return to
#netfilter
or
Go to some related
logs:
#mysql
cedega depends on xlibs (>> 4.1.0); however:
Package xlibs is not installed.
#fedora
taspring manual
dsp0 dsp1 ubuntu udev
#iptables
#php
Suse Online Update Configuration does nothing
how to check lamp working fine or not with ubuntu
#linux
|
|