[Firewall] Question

Gustin Johnson gustin at meganerd.ca
Thu Oct 16 00:19:51 CEST 2014


You probably want to read up on this here:
http://lartc.org/lartc.html#LARTC.QDISC

A basic shaping script can be found here:
http://lartc.org/wondershaper/

You probably want to have at least a basic understanding of what you can
and cannot do by reading that first link.

Hth,
__
Gustin

On Wed, Oct 15, 2014 at 4:01 PM, Morten <canislupusfamiliaris at gmail.com>
wrote:

> Hi again.
>
> Is it possible to set a speed limit to internet at traffic that comes from
> one of the NICs, or do I have to use something else then Arno to do that?
>
> Regards,
> Morten
> On 14 Oct 2014 10:23, "Morten" <canislupusfamiliaris at gmail.com> wrote:
>
>> Thank you very much!:-)
>> On 14 Oct 2014 07:50, "Arno van Amersfoort" <
>> arnova at rocky.eld.leidenuniv.nl> wrote:
>>
>>> This is a fairly simple setup. Just put all of your internal interfaces
>>> in INT_IF. INT_IF interfaces are shielded from each other by default. Put
>>> your external interface in EXT_IF (and configure EXT_IF_DHCP_IP etc.). You
>>> probably also want to enable NAT, enable NAT=1 for this. That's it.
>>>
>>> a.
>>>
>>> On 13-Oct-14 20:48, Gene Cooper wrote:
>>>
>>>> Hi Morten,
>>>>
>>>> You mean ETH1, right?
>>>>
>>>> In previous situations, I have added simple firewall rules to block
>>>> 10.0.0.0/8 from 10.0.0.0/8.  You might need to specify source or
>>>> destination interfaces, or whatever to make the rules more granular if
>>>> you need to, but that will mean you need more rules.
>>>>
>>>> Also, drop 192.168.0.0/24 from 10.0.0.0/8 plus 10.0.0.0/8 from
>>>> 192.168.0.0/24.
>>>>
>>>> There's probably a better way and I'm no firewall expert, but it's
>>>> simple and works.  If there is a better way, I'd like to know too.  ;-)
>>>>
>>>> Thanks,
>>>>
>>>> G
>>>>
>>>> On 10/13/2014 08:05 AM, Morten wrote:
>>>>
>>>>> Hi!
>>>>>
>>>>> I have six nics in a server that I will use as a firewall/router.
>>>>> They are setup like this:
>>>>>
>>>>> eth0: 192.168.1.0/24 <http://192.168.1.0/24>
>>>>> eth1: dhcp (external / internet)
>>>>> eth2: 10.0.0.0/24 <http://10.0.0.0/24>
>>>>> eth3: 10.0.1.0/24 <http://10.0.1.0/24>
>>>>> eth4: 10.0.2.0/24 <http://10.0.2.0/24>
>>>>> eth5: 10.0.3.0/24 <http://10.0.3.0/24>
>>>>> eth6: 10.0.4.0/24 <http://10.0.4.0/24>
>>>>>
>>>>> I don't want any of the internal networks to be able to reach each
>>>>> other, but they should be able to connect to internet through eth2.
>>>>>
>>>>> How should i setup the configuration file correct?
>>>>>
>>>>> Regards,
>>>>> Morten
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Firewall mailing list
>>>>> Firewall at rocky.eld.leidenuniv.nl
>>>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>>>> http://rocky.eld.leidenuniv.nl
>>>>>
>>>>>
>>>>  _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>>>
>>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20141015/c9512a95/attachment.html>


More information about the Firewall mailing list