Jump to content

diptanu

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

About diptanu

  • Rank
    Noob

Previous Fields

  • Distribution
    RHEL5 kernel 2.6.18-8.el5
  1. I am downloading from a internet explorer after deleting the cache from browser.Also I am downloading a video from the Youtube which I have never seen before for testing, which means that If i have not visited that video, then there is no question of being cached.
  2. Hi Dave, just to inform you all that I have solved the problem.Here is how:- iptables -t mangle -A PREROUTING -i eth1 -p tcp -m quota --quota 100000 -j ACCEPT iptables -t mangle -A PREROUTING -i eth1 -p tcp -j LOG --log-prefix "quotaover " --log-level 4 iptables -t mangle -A PREROUTING -i eth1 -p tcp -j DROP But one strange thing is for example I m have fixed the quota to 3000bytes, and then i randomly doewnload video to exceed the quota,and once i exceed the quota i again and again (very fast)execute the command below to check the status for the quota iptables -t mangle -L -v then I see that the left out quota (usually 0 bytes as I have exceeded the defined quota of 3000) keeps on changing automatically and randomly.sometimes it comes to again the original value(3000) and then again reverts to 0 value.it keeps on fluctualting between 3000 and 0.But one good thing is I am not able to surf the internet once the I have crossed the quota (though the value keeps on changing) Thanks a lot for your help.. Will dig further to know why this value keeps fluctuating
  3. Hi Dave Thanks a lot for your support. I will try out your trick by moving eth1 to some other B/C network.See I will tell you what I have done to setup my router initially(after installation of OS) so as to understand better. 1. Defined the eth0 as 10.10.56.23 2. Define eth1 as 10.136.15.197 3. enabled ip forwarding in the sysctl.conf Controls IP packet forwarding net.ipv4.ip_forward = 1 4. applied the below for firewall rules (after flushing all the iptable rules) iptables -A FORWARD --in-interface eth1 --out-interface eth0 --source 10.136.0.0/24 -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE
  4. Hi Dave, Thanks for your help.Please find the responses below. 1. both the NICS are in diff network. eth0:-10.10.56.23 Bcast:10.10.56.127 Mask:255.255.255.128 eth1:-10.136.15.197 Bcast:10.136.15.255 Mask:255.255.255.0 I cannot change the eth0 ip as that has been static private IP allocated from my ISP. 2. I modified the iptable file like this below:- (I m giving the modified snippets, only for the section :RH-Firewall-1-INPUT - [0:0]) where i have put the rules to test if its working(i mean that I had moved the rules up) and restarted the iptables. :RH-Firewall-1-INPUT - [0:0] -A INPUT -s ! 192.168.3.0/255.255.255.248 -i eth0 -p tcp -m tcp --dport 2222 -j LOGDROP -A INPUT -i eth1 -p tcp -m quota --quota 10000 -j ACCEPT -A INPUT -i eth1 -p tcp -j DROP -A FORWARD -s 10.136.0.0/255.255.255.0 -i eth1 -o eth0 -m state --state NEW -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A LOGDROP -j LOG --log-prefix "LOGDROP " -A LOGDROP -j DROP But it didnot work.Let me explain.. from customer side (10.136.x.x) which is connected to eth1, when I try to access the pages of website whose ip is 10.10.56.23 (eth0),the quota is working properly,which means that after using the quota of 10000 bytes, I am not able to access the http:10.10.56.23(eth0),which means that packests are getting dropped.But at the same time If i try to access the you tube video, thye same is working (i m ablke to doenload the video. So in summary I want to mean that quota is working till I access the limit of eth0(where my personal website is hosted), but when i try to access the internet which is after eth0 is not working Please help... Please donot hesitate in case of any confusion
  5. Dear All, I read this topic and was very exited to understand the same.Thanks a lot for bringing these kind of stuffs. However I have a problem with this. My linux box is working as a router with two NIC. a) eth0=10.10.56.23 (which is connected to internet via NATING) eth1=10.136.15.197 (which is connected to internel N/w). The box is acting as a gateway to the internet where customers connect to eth1 and by iptable forward rule the same gets out to eth0 to internet. below is my iptable file from /etc/sysconfig ============================================================= # Generated by iptables-save v1.3.5 on Mon Apr 19 23:22:06 2010 *mangle :PREROUTING ACCEPT [35:5022] :INPUT ACCEPT [35:5022] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [12:1734] :POSTROUTING ACCEPT [12:1734] COMMIT # Completed on Mon Apr 19 23:22:06 2010 # Generated by iptables-save v1.3.5 on Mon Apr 19 23:22:06 2010 *filter :INPUT ACCEPT [10:1578] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [12:1734] :LOGDROP - [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -s ! 192.168.3.0/255.255.255.248 -i eth0 -p tcp -m tcp --dport 2222 -j LOGDROP -A FORWARD -s 10.136.0.0/255.255.255.0 -i eth1 -o eth0 -m state --state NEW -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A LOGDROP -j LOG --log-prefix "LOGDROP " -A LOGDROP -j DROP COMMIT # Completed on Mon Apr 19 23:22:06 2010 # Generated by iptables-save v1.3.5 on Mon Apr 19 23:22:06 2010 *nat :PREROUTING ACCEPT [6:1020] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [2:153] -A POSTROUTING -j MASQUERADE COMMIT # Completed on Mon Apr 19 23:22:06 2010 =========================================================== but when i apply(add) the iptable rule iptables -A INPUT -i eth1 -p tcp -m quota --quota 10000 -j ACCEPT iptables -A INPUT -i eth1 -p tcp -j DROP it blocks the http traffic from client (eg 10.136.15.196/customer to 10.136.15.197/eth1),till the limit of 10000 which is fine, but my forward traffic which is also going to eth0(wan) and then to internet from eth1(customers), is not getting blocked(remains unlimited). So in summary I want to mean that traffic destined till eth1 is getting blocked, but traffic destined to internet via eth0 is not getting blocked. Any help in this regard will be highly appeciable. Thanks
×
×
  • Create New...