[LARTC] IMQ on 2.6.x + iptraf = problem

[LARTC] IMQ on 2.6.x + iptraf = problem

[bety1]

[-- Attachment #1: Type: text/html, Size: 2135 bytes --]

[-- Attachment #2: Type: text/plain, Size: 1400 bytes --]

Does anybody have the following problem?


Affected:
IMQ interfaces with --todev target on PREROUTING chain
appear only on 2.6.x kernels (2.4.x working good)

Counters on PREROUTING chain working good (with iptraf sniffing on any
interface), but imq interfaces lost TCP packets which are forwarded from the
internet to the network behind router (only TCP; the rest of traffic like
icmp, udp is ok).

Try to make two imq interfaces on your internet interface and download file
(via ftp, www or somtging else),  NOT from your internet router but from
computer behind NAT (behind router) and then enable iptraf. Because for
router traffic everything working fine.

your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 ---
internet interface --- Internet

configuration:
      iptables -F
      iptables -X
      iptables -Z
      iptables -F -t nat
      iptables -X -t nat
      iptables -F -t mangle
      iptables -X -t mangle

      iptables -P FORWARD ACCEPT
      iptables -P INPUT ACCEPT
      iptables -P OUTPUT ACCEPT

iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to
$INTERNET_IP

      # Download
        iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0

      # Upload
        iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1

ip link set imq0 up
ip link set imq1 up

Re: [LARTC] IMQ on 2.6.x + iptraf = problem

[Andre Correa]

Hi Bety, a problem like this was reported on IMQ mailling list a couple 
of weeks ago. It is still pending review but it must be somehow related 
   to iptraf. :-|

I'm sorry for not being able to give you some "positive" advice on it 
for now.

Tks for reporting this issue. If you need assistance feel free to write 
me privately or to join our list at www.linuximq.net

Cheers

Andre



bety1@poczta.onet.pl wrote:
> Does anybody have the following problem?
> 
> 
> Affected:
> IMQ interfaces with --todev target on PREROUTING chain
> appear only on 2.6.x kernels (2.4.x working good)
> 
> Counters on PREROUTING chain working good (with iptraf sniffing on any
> interface), but imq interfaces lost TCP packets which are forwarded from the
> internet to the network behind router (only TCP; the rest of traffic like
> icmp, udp is ok).
> 
> Try to make two imq interfaces on your internet interface and download file
> (via ftp, www or somtging else),  NOT from your internet router but from
> computer behind NAT (behind router) and then enable iptraf. Because for
> router traffic everything working fine.
> 
> your computer --- router (with nat, imq and iptraf) --- imq0, and imq1 ---
> internet interface --- Internet
> 
> configuration:
>       iptables -F
>       iptables -X
>       iptables -Z
>       iptables -F -t nat
>       iptables -X -t nat
>       iptables -F -t mangle
>       iptables -X -t mangle
> 
>       iptables -P FORWARD ACCEPT
>       iptables -P INPUT ACCEPT
>       iptables -P OUTPUT ACCEPT
> 
> iptables -t nat -A POSTROUTING -s $i -o $INTERNET_ETH -d 0/0 -j SNAT --to
> $INTERNET_IP
> 
>       # Download
>         iptables -t mangle -A PREROUTING -i $INTERNET_ETH -j IMQ --todev 0
> 
>       # Upload
>         iptables -t mangle -A POSTROUTING -o $INTERNET_ETH -j IMQ --todev 1
> 
> ip link set imq0 up
> ip link set imq1 up
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/