I'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :
Rule 1 : Mark all packet coming from 192.168.2.0/25 with number 1
Rule 2 : Drop all packets which has been mark with number 1
I have setup debian lenny as router - kernel 2.6.26, iptables 1.4.4 and compiled xtables-addons 1.17 There are these rules in:
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -m ipp2p --bit -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m mark --mark 1 -j CONNMARK --save-mark
iptables -t mangle -A POSTROUTING -m mark --mark 1 -j ACCEPT
Unfortunatelly if I try dowload something via router by ktorrent, then there are minimum of packets with id 1 (I find that at the last rule). There are only a few 100B packet with id 1 eventhought I downloaded a few MB with k torrent
[Code]...
I have a router which makes two ppp connections. PPP0 is my default route and is an uncapped ADSL. PPP1 is a Local Only (South Africa) account which has DNS resolving to its IP. PPP1 allows certain connections in. I want all packets coming in on PPP1 to be marked so that after they have been routed through our local servers they can go back out over PPP1. Both connections use dynamically assigned ip addresses. I want to use PPP0 to make a connection to one of our stores, but when our stores connect to us they will be using PPP1. All packets from these incoming connections will need to be routed back over PPP1.
View 14 Replies View Relatedi'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.
View 1 Replies View RelatedThis is what I have currently running.
Code:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
[code]...
How do I add this to the ruleset, without doing the whole thing over again?
Code:
iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
I wanted to get away from windows, because of the helll lot of issues it gave me. I installed ubuntu in my machine, and i am facing lot of issues to activate internet. May be I am fool number one. So need some help from experts. FIrst my hardware details :-
01:00.0 Network controller: Broadcom Corporation BCM4312 802.11b/g (rev 01)
Subsystem: Hewlett-Packard Company Device 1508
Flags: bus master, fast devsel, latency 0, IRQ 16
[code]....
I have gone thru lot of websites and forums to try to enable the wireless connections. Till now I have installed the ndisgtk_0.8.5-1_i386.deb, ndiswrapper-utils- .9_1.54-2ubuntu1_i386.deb & ndiswrapper-common_1.54-2ubuntu1_all.deb. Then I was able to install the windows driver for my wireless card. But still the status is showing as disabled for the wireless adaptor. Please help to make it working.
I got a NetGear wireless router recently. Attached it to my Huawei (pardon the spelling) modem. I have a HP 540 laptop running Ubuntu 10.04 The wireless gets connected. But there's an exclamation mark almost all the time. Very frequently these days, the connection gets bogged down or websites just don't open at all. But the icon (with the exclamation mark) shows Active Connection. I don't know where to start looking for bugs. Seems odd. Wireless is connected, I can connect to sites, but there's the exclamation.. and sooner or later, connection goes off but the icon still stays the same with "active" label.
View 7 Replies View Relatedi have the following system in my lan.
firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2
squid server at 192.168.2.10
my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47
There was a necessity of creation cluster file system on a basis gfs.Prompt how better to mark a disk 500 gb. Means how many better to allocate /root, LVM and so on.Or throw the reference on sensible manual.
View 4 Replies View RelatedI use Debian Jessie + KMail on desktop side. My mail server has Spamassassin installed. My problem is that I receive some spam and it goes though the server-side filtering.
I mark all messages as SPAM in KMail but neither KMail or the server learn that those are spam and should not enter the inbox.
How to get rid of the messages? Unsubscribing is not an option - I don't want to click on any link contained in the mails.
HW:ACER ASPIRE 4920G with ATI Mobility Radeon HD 2400 XT. I installed debian sid from latest daily testing businesscard the day before yesterday. I did a fresh install,I select LXDE for desktop and checked standard & desktop packages while installing. I got a complete blank screen with broken color when I restart pc while I finished installing. I did a web search and add radeonhd.nomodeset=0 to grub and I run into LXDE. But I still get a problem. I tried to install gnash & gnash-common. I got E: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
[code]....
How do you mark a thread as solved?
View 5 Replies View RelatedWith Synaptic I can not "Mark for Removal". In terminal I tried "sudo synaptic", "gksudo synaptic", it doesn't work. What is wrong?
View 1 Replies View RelatedRecently, when trying to update, a red triangle appears in the top tool bar. Here is the message in full... The repository may no longer be available or could not be corrected because of network problems. If available an older version of the failed index will be used. Otherwise the repository will be ignored. Check your network connection and ensure the repository address in the preference is correct
Failed to fetch cdrom://Ubuntu 10.04 LTS_Lucid Lynx_-Release i386 (20100429)//dists/lucid/main/binary-i386/Packages.gz. PLease use apt-cdrom to make this CDROM recognised by Apt.apt-get update cannot be used to add new CD-ROMs. Failed to fetch cdrom://Ubuntu 10.04 LTS_Lucid Lynx_-Release i386 (20100429)/dists/lucid/restricted/binary-i386/Packages.gz. PLease use apt-cdrom to make this CDROM recognised by Apt.apt-get update cannot be used to add new CD-ROMs. Some index files failed to download, they have been ignored, or old ones used instead.
Even as root when running Nautlis, it won't let me mark as executable, when the file in question is in a partition that is not / - that is, on my win7 partition. I check the box, and it unchecks immedietly. It has no problem doing so when it's on /. What do I do to make it happen?
View 9 Replies View RelatedMy problem has been solved in another thread but I cannot figure out how to mark it as solved.
How do I do this?
Using a GUI file browser, I would like to be able to mark files with an emblem or something similar as quickly as possible, with a single click. I'm currently using Gnome Nautilus in my Ubuntu 10.04, which doesn't seem to offer the functionality. I'm not keen on trying the extension Nautilus-Actions as it doesn't seem to be open source. I've set up some scripts though, but accessing them through the pop-up submenu is just clunky enough to still have me searching for a faster solution. Does a file browser exist that would let me set up a toolbar button for marking files? Or a button for launching scripts, which would amount to the same thing.
View 2 Replies View RelatedI can't type an exclamation mark with my keyboard. I can type other symbols that require the shift key (~ @ # $, etc) but Shift + 1 does not give an exclamation point. Here's the intriguing part: following a tip from another thread, I changed my Visual Effects setting (System > Preferences > Appearance > Visual Effects tab) from the default "Normal" to the setting "None". Immediately after doing this, I was able to type exclamation points. Problem solved, right?
experiment to make sure the Visual Effects setting was really the culprit. So I flipped my Visual Effects back to the default "Normal", and sure enough, I stopped being able to type exclamation marks. Having verified the (apparent) cause of the issue, I tried my solution of changing the Visual Effects to "None". Of course the "solution" didn't work this time (so much for my great idea) and I am left unable to type an exclamation point.
I have concluded that the fault must lie within my user's configuration (I can type as many exclamations as I want when logged in as other users).
Quote:
Originally Posted by Yarui: If you think it's something going on with your user account, you could try renaming your home folder from your name to something else temporarily.That way the next time you log in none of your config files will be loaded. If this fixes the problem you will know that it has something to do with your config files in your home folder. You could then try to narrow it down by testing out your config files in the same way one by one, if you have the patience for that.
I have problems with iptables :
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --set
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --update --seconds 10 --hitcount 30 -j DROP
iptables: Unknown error 18446744073709551615
[root@server7 ~]#
I need stopping a SYN ddos attack... but iptable rule don't work...
I'm installing Debian for the first time on a MacBook but each time I use the ISO I only get a blinking folder with question mark on startup. This occurred with both the small and large ISO from Debian.org. I think it's a known GRUB issue. I can boot using refit off HD but I still can't get into full install.
View 3 Replies View RelatedI'm running Debian sid on a 64 bits system. I need to install ia32-libs to install 32 bits packages (especially for skype).The problem is the following:
root@debian:/home/pierre# apt-get install ia32-libs
Reading package lists... Done
Building dependency tree
[code]....
I have a laptop of which a large part of the screen is broken (shows garbage). Fortunately the broken area is a clean rectangle, the bottom 1/3 of the screen or so.
The laptop is running Ubuntu 8.04, but I plan to reinstall it with 10.10. The graphics are provided by an Intel 915GM or something in that direction.
Knowing this, do you know of a way to tell the system about the broken part of the screen, so it will simply not use it? I don't really care whether it's done at the hardware, X or window manager level, though as low as possible is preferred.
Open synaptic. Type in the word "Game". Then you have to scroll down through the list of results and mark each one, individually. Is there any way that I can simply mark ALL the results of the search? There is an "Unmark all" button. Can we get a "Mark all" button? It would have to mark only those packages that currently appear in the right hand box.
View 3 Replies View RelatedI just started having a problem with my ubuntu Jaunty.When I try installing Gimp and VLC through Synaptic I get the following error Could not mark all packages for installation or upgrade The following packages have unresolvable dependancies. Make sure that all repositories are added and enabled in the preferences
gimp:
Depends: libgimp2.0 (>=2.6.10) but 2.6.6-0ubuntu1.1 is to be installed
Depends: libatk1.0-0 (>=1.29.3) but 1.26.0-0ubuntu2 is to be installed
Depends: libc6 (>=2.11) but 2.9-4ubuntu6.2 is to be installed
I get similar message for VLC as well
I installed Amarok after this problem started and it installed properly.
In Xubuntu, I can't seem to mark files as executable. I go into the properties, but there is no option to do this. Is there a way to mark .exe and .jar files as executable in XFCE?
View 4 Replies View Relatedrecently i have installed fedora13 on my laptop okey and when i logged on i t provides two option first with user name and second with other so what is tha purpose of other option
also,when i go to mycomputer file system then at that point i found that there is cross[x] mark on root folder why this is so.
successfully installed a HP Deskjet f2420 to work for both computers through ASUS router WL-500gP V2. Suddenly, it won't work anymore, and trying to install it like I did the time before through HPAppSocket/JetDirect gives me a warning sign telling that the CUPS-server is somehow wrong and that during the CUPS-operation "client-error-not-possible" there was some kind of a fault and whatever...
View 2 Replies View Relatedmy ubuntu 8.04 is GNOME based.I am using kpdf 0.5.10 (using kde 3.5.10)
In find dialog box > options
only case sensitive is available to mark/unselect while
find backwards ,
[code]....
In every other e-mail program that I have encountered in my years upon this Earth, including previous version of Evolution, when you open a message, the message in the main displays stops being displayed in bold, so that you can see it has been opened and read. In my new version, 2.32.3, the message header stays bold, even once you have opened the message. In order to make it stop being bold, you have to manually "Mark As Read" in the context menu.
I cannot see any option in the preferences that needs to be switched on so that this (until now) default behaviour of marking read messages as Read automatically, can resume. A Google of this problem just brings up messages on other forums, asking the same question but getting no answer. Has anyone on LinuxQuestions come across this Evolution feature before? Is this an Evolution bug, or is there a way of having opened messages Marked as Read automatically, which virtually every other e-mail application does anyway?!
In bash, what does an exclamation mask followed by a question mark mean?
View 1 Replies View Related