From: "박 정은" <again1004@hotmail.com>
To: lartc@vger.kernel.org
Subject: [LARTC] help! tc filter dose not work..
Date: Mon, 18 Nov 2002 02:45:29 +0000 [thread overview]
Message-ID: <marc-lartc-103758974711440@msgid-missing> (raw)
-------------- eth0------eth1 eth0------------
|211.241.219.xx | --- | ROUTER | --- |192.168.1.4 |
--------------- --------- ------------
when i send traffic from ROUTER to 211.241.219.xx or
192.168.1.4(masquraded),
the filter works fine...
In ROUTER, tc filter policy is like this:
tc filter add dev eth0 parent 1:0 protocol ip u32 match ip dport 80 0xffff
flowid 1:12
tc filter add dev eth1 parent 1:0 protocol ip u32 match ip dport 80 0xffff
flowid 1:12
but when i send traffic from 211.241.219.xx --> 192.168.1.4 or 192.168.1.4
--> 211.241.219.xx ,\
tc filter didn't recognize port80.
but when i tested another computer it works just fine(masqurade setting are
same with above)
maybe some setting or modules are needed. but I couldn't found what i
should do to work fine .
dose anyone know ? a slice hint can make me very very happy~~
In ROUTER port forwarding,and masqqurading policy are like this:
iptables -F
iptables -F -t nat
iptables -P FORWARD ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 20 -j DNAT --to
192.168.1.4
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 5001 -j DNAT --to
192.168.1.4
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 80 -j DNAT --to
192.168.1.4
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 21 -j DNAT --to
192.168.1.4
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 192.168.1.1
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 211.241.xx.xx
thanks in advance
_________________________________________________________________
상큼한 만남과 따뜻한 공동체 생활... 지금 MSN 커뮤니티에서 시작하세요!
http://groups.msn.com/?pgmarket=ko-kr
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
reply other threads:[~2002-11-18 2:45 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103758974711440@msgid-missing \
--to=again1004@hotmail.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.