Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Iptables/TC: how to make masqueraded traffic go through an openVPN tun0?
Special Forums IP Networking Iptables/TC: how to make masqueraded traffic go through an openVPN tun0? Post 302229768 by angelinjones on Wednesday 27th of August 2008 11:46:21 PM
Old 08-28-2008
IP Tablets
Linux IPTables, Linux IPChains, BSD IPF and other packet filters do not prevent snort from seeing a packet that is present on the network wire. Even if an inbound packet is denied by the packet filter Snort will still see and analyze the packet if it is listening to that interface.

--------------------------------
Angelinjones


Get Website Traffic
 

10 More Discussions You Might Find Interesting

1. IP Networking

measuring traffic with iptables

i have a wireless network that is connected to internet over nat.there is ap that is connected to another ap in bridge mode, on ap is used for clients, and the other is connected to the machine that is doing masquerading. so i want to measure traffic of my clients and i thought about doing it with... (0 Replies)
Discussion started by: mdfk
0 Replies

2. IP Networking

Forwarding the IP packet from tun0 to/from eth0

Hi all, I am working on TUN/TAP for tunnelling IP packets from the application to the network. I am able to open the tun device and assign the IP address to tun0. The steps I followed are given, 1. Opened the tun device /dev/net/tun 2. Assigned a IP address to the tun0 using ifconfig... (5 Replies)
Discussion started by: johnniealan
5 Replies

3. Shell Programming and Scripting

Block incoming traffic FTP from internet using iptables

Hi everybody. I have the next scenary: eth0: WAN eth1: DMZ eth2: LAN I need to block all incoming trafic from the internet through my network LAN using iptables. I have squid but i need to do this using ipatbles. I have been listening about iptables -A FORDAWARD but I am stuck right... (0 Replies)
Discussion started by: edeamat
0 Replies

4. IP Networking

OPENVPN on FREEBSD

Hello gurus , I have a vmware machine on xp wich holds a FREBSD 8.0 BETA2 i386 my xp ip is 192.168.0.12 my freebsd le0 ( ext iface, vmware bridged ) is 192.168.0.105 ( can ping google; etc...) my freebsd le2 (int iface, vmware local only) is 192.168.141.5 my freebsd le1 is disabled as... (0 Replies)
Discussion started by: cozsmin
0 Replies

5. IP Networking

Traffic shaping with iptables

hello, I have a postfix & a local dns running on a single server. this server is connected to internet via a low bandwidth line(with fixed ip). we also have another high speed adsl (dynamic ip). i want to divert all dns request from the local dns & postfix from the server to the adsl... (0 Replies)
Discussion started by: coolatt
0 Replies

6. Ubuntu

Iptables forward traffic to forward chain!!!

Hi, I am new to linux stuff. I want to use linux iptables to configure rule so that all my incoming traffic with protocol "tcp" is forwarded to the "FORWARD CHAIN". The traffic i am dealing with has destination addresss of my machine but i want to block it from coming to input chain and somehow... (0 Replies)
Discussion started by: arsipk
0 Replies

7. IP Networking

Dividing traffic with u32 iptables filter

I would like to divide traffic between two squid servers. I have been thinking about using iptables u32 filter, to check last bit of ip address which is comming to gateway. Then I would like to direct even IP adresses to one squid host, and odd to the other. Is it reasonable ? Thank you for... (2 Replies)
Discussion started by: new_item
2 Replies

8. UNIX for Dummies Questions & Answers

iptables for openvpn

Hey all, I'm trying to get openvpn working on DD-WRT router. I can make a connection inside my lan, but outside the connection is yellow. I think yellow means it is close to making a connection, but it never completes the connection. So I believe there is a problem with my iptables since it... (0 Replies)
Discussion started by: sdnix
0 Replies

9. Debian

Linux outbound traffic filtering with: cgroups + tc + iptables

I spent a lot of time trying to implement outbound traffic filtering with: cgroups + tc + iptables on Debian Jessie. Unfortunately there is still something wrong. The biggest issue is: - cgroups install + config - net_cls subsystem implementation - packets marking with net_cls - appropriate... (0 Replies)
Discussion started by: Novi
0 Replies

10. Cybersecurity

Openvpn nat and iptables

good day good people hi first to tell that firewall and vpn is working as expected, but I notice something strange. I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn. I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies

LEARN ABOUT OSX

tc-tcindex

Traffic control index filter(8) 				       Linux					   Traffic control index filter(8)

NAME

       tcindex - traffic control index filter

SYNOPSIS

       tc filter ... tcindex [ hash SIZE ] [ mask MASK ] [ shift SHIFT ] [ pass_on | fall_through ] [ classid CLASSID ] [ action ACTION_SPEC ]

DESCRIPTION

       This  filter allows to match packets based on their tcindex field value, i.e. the combination of the DSCP and ECN fields as present in IPv4
       and IPv6 headers.

OPTIONS

       action ACTION_SPEC
	      Apply an action from the generic actions framework on matching packets.

       classid CLASSID
	      Push matching packets into the class identified by CLASSID.

       hash SIZE
	      Hash table size in entries to use. Defaults to 64.

       mask MASK
	      An optional bitmask to binary AND to the packet's tcindex field before use.

       shift SHIFT
	      The number of bits to right-shift a packet's tcindex value before use. If a mask has been set, masking is done before shifting.

       pass_on
	      If this flag is set, failure to find a class for the resulting ID will make the filter fail and lead to the next filter  being  con-
	      sulted.

       fall_through
	      This  is	the  opposite  of  pass_on  and the default. The filter will classify the packet even if there is no class present for the
	      resulting class ID.

SEE ALSO

       tc(8)

iproute2							    21 Oct 2015 				   Traffic control index filter(8)
All times are GMT -4. The time now is 10:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy