[LARTC] IMQ on 2.6.x + iptraf = problem
bety1@poczta.onet.pl
bety1@poczta.onet.pl
Tue, 24 Aug 2004 16:19:22 +0200
This is a multi-part message in MIME format...
------------=_1093357162-22068-8
Content-Type: text/html; charset="iso-8859-2"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
<META name="GENERATOR" content="onet.poczta">
<STYLE TYPE="text/css"><!--P {margin:0px}--></STYLE>
</HEAD><BODY>
<P>Does anybody have the following problem?</P>
<P><BR>Affected:<BR>IMQ interfaces with --todev target on PREROUTING chain<BR>appear only on 2.6.x kernels (2.4.x working good)<BR><BR>Counters on PREROUTING chain working good (with iptraf sniffing on any interface), but imq interfaces lost TCP packets which are forwarded from the internet to the network behind router (only TCP; the rest of traffic like icmp, udp is ok).<BR><BR>Try to make two imq interfaces on your internet interface and download file<BR>(via ftp, www or somtging else), NOT from your internet router but from<BR>computer behind NAT (behind router) and then enable iptraf. Because for<BR>router traffic everything working fine.<BR><BR>your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 ---<BR>internet interface --- Internet<BR><BR>configuration:<BR> iptables -F<BR> iptables -X<BR> iptables -Z<BR> iptables -F -t nat<BR> iptables -X -t nat<BR> iptables -F -t mangle<BR> iptables -X -t mangle<BR><BR> iptables -P FORWARD ACCEPT<BR> iptables -P INPUT ACCEPT<BR> iptables -P OUTPUT ACCEPT<BR><BR>iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to<BR>$INTERNET_IP<BR><BR> # Download<BR> iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0<BR><BR> # Upload<BR> iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1<BR><BR>ip link set imq0 up<BR>ip link set imq1 up</P></BODY></HTML>
------------=_1093357162-22068-8
Content-Type: text/plain; charset="iso-8859-2"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Does anybody have the following problem?
Affected:
IMQ interfaces with --todev target on PREROUTING chain
appear only on 2.6.x kernels (2.4.x working good)
Counters on PREROUTING chain working good (with iptraf sniffing on any
interface), but imq interfaces lost TCP packets which are forwarded from the
internet to the network behind router (only TCP; the rest of traffic like
icmp, udp is ok).
Try to make two imq interfaces on your internet interface and download file
(via ftp, www or somtging else), NOT from your internet router but from
computer behind NAT (behind router) and then enable iptraf. Because for
router traffic everything working fine.
your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 ---
internet interface --- Internet
configuration:
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to
$INTERNET_IP
# Download
iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0
# Upload
iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1
ip link set imq0 up
ip link set imq1 up
------------=_1093357162-22068-8--