Search found 101 matches

by legume
Tue Feb 14, 2012 2:36 am
Forum: Firmware
Topic: UDPXY and IPTV question...
Replies: 1
Views: 3258

Re: UDPXY and IPTV question...

I know nothing about udpxy, but if you have set up a separate lan group for the iptv you may not need to use it if you can use route to change the multicast route from br0 to br1, after which hopefully the wireless won't get flooded any more. I haven't used route for years - but google + trial and e...
by legume
Sat Aug 06, 2011 12:41 pm
Forum: Firmware
Topic: RouterTech Firmware 2.96 Discussion
Replies: 150
Views: 56150

Re: RouterTech Firmware 2.96 Discussion

I am glad it helps. I don't think it's quite right to talk of DSLAMS and rwin as such as they are not really relevant. DSLAMS really only care about low level things upto ATM layer, maybe AAL5. Setting mss is way higher layer than that and is between you and every different server you connect to. Th...
by legume
Fri Aug 05, 2011 4:41 pm
Forum: Firmware
Topic: RouterTech Firmware 2.96 Discussion
Replies: 150
Views: 56150

Re: RouterTech Firmware 2.96 Discussion

I think paaja has answered your question (as far as one can understand what you're saying). If you are not satisfied with the answers, then do your own testing with the setting on and off, and you will see what difference it makes. I see that ping -f -l and with disabled "enforcement" is restricted...
by legume
Thu Jul 02, 2009 9:01 pm
Forum: Firewall/Security
Topic: IP QoS doesn't seems to work
Replies: 9
Views: 6220

I've played about a bit with this and had a look at the sources, so I now know that TI have modified the u32 match, so it's not buggy and I can get ports to go to high OK. I am still a bit curious about how your torrent client can choose src port for outbound connections is it linux rtorrent from ht...
by legume
Mon Jun 29, 2009 5:22 pm
Forum: Firewall/Security
Topic: IP QoS doesn't seems to work
Replies: 9
Views: 6220

Linux QOS sees traffic closer to the wire than iptables, so if you are doing NAT then it will only see the public address. On a full Linux setup the workaround is to use iptables to mark the packets, then use tc to match those marks. Unless things have changed, you can't do that with routertech kern...
by legume
Sat Jun 27, 2009 6:19 pm
Forum: Firewall/Security
Topic: IP QoS doesn't seems to work
Replies: 9
Views: 6220

The built in TI QOS doesn't see local addresses when it is applied to outgoing traffic on the internet connection, so you are best to make rules just based on ports/protocols. If you are right regarding local addresses, what is the reason to have fields with IP address ports available for outgoing ...
by legume
Mon Jun 22, 2009 8:33 pm
Forum: Firewall/Security
Topic: IP QoS doesn't seems to work
Replies: 9
Views: 6220

The built in TI QOS doesn't see local addresses when it is applied to outgoing traffic on the internet connection, so you are best to make rules just based on ports/protocols. Unfortunately just using ports doesn't really work on torrents as many of the connections will not be on the listening port....
by legume
Thu Jun 11, 2009 11:00 pm
Forum: Firmware
Topic: iptables rules syntax
Replies: 8
Views: 2383

davidedrury wrote:Thanks - I'll watch that space!
You need two dashes

--reject-with

works for me, but then I am using an old version.

You can see the targets and matches you have with -

cat /proc/net/ip_tables*
by legume
Tue Mar 31, 2009 1:45 am
Forum: Firmware
Topic: Uplink through ethernet with RT firmware
Replies: 2
Views: 1411

I don't think it will be very easy to do vlans, but it may be possible to do what you want just using ifconfig, route and iptables. I don't know the precise rules you would need - it depends on your exact setup and I've hardly ever used ifconfig and route (I use ip, which rtech doesn't have). It sho...
by legume
Tue Jan 13, 2009 2:06 am
Forum: Firmware
Topic: MSS-Clamping?
Replies: 15
Views: 5687

I guess if you really need it, then you could run an older version of the firmware. I don't know when it changed, but my 8meg router has tcpmss clamping. As Legume said perhaps try earlier versions of the firmware - maybe he will post back the version he's using ? Jim I am way out of date, still us...
by legume
Sun Jan 11, 2009 6:40 pm
Forum: Firmware
Topic: MSS-Clamping?
Replies: 15
Views: 5687

I guess if you really need it, then you could run an older version of the firmware.

I don't know when it changed, but my 8meg router has tcpmss clamping.
by legume
Thu Jan 08, 2009 10:40 pm
Forum: General
Topic: IGMP snooping on D-Link 504T
Replies: 17
Views: 11642

Yea I guess you are right, if it's using multicast macs then filtering by mac isn't going to work. I wonder if it's possible to remove nas1 from the bridge and then use it as a routed interface - I can't think how to do it at the moment. Another think to consider is whether there is a way to modify ...
by legume
Thu Jan 08, 2009 10:23 pm
Forum: General
Topic: IGMP snooping on D-Link 504T
Replies: 17
Views: 11642

I was thinking something like - brctl showmacs br0 workout the macs for your wireless access point and for the iptv stream (in fact you already posted that one), then try and see if you can block traffic from iptv mac to wireless mac, hopefully without blocking any other traffic. brctl addfilter br0...
by legume
Thu Jan 08, 2009 9:00 pm
Forum: General
Topic: IGMP snooping on D-Link 504T
Replies: 17
Views: 11642

Hmm, I guess iptables isn't going to see anything from nas1 if it's bridged with eth0 under br0.

I wonder if you could make a filter with brctl that blocks the multicast traffic to the problem wireless router. I can't test this, but you could try, via telnet just type brctl to list all the options.
by legume
Thu Jan 08, 2009 7:17 pm
Forum: General
Topic: IGMP snooping on D-Link 504T
Replies: 17
Views: 11642

I would try

Code: Select all

iptables -t nat -I PREROUTING -i nas1 -p udp -d 239.255.0.0/24 -j DNAT --to 192.168.1.2
iptables -I FORWARD -i nas1 -p udp -d 192.168.1.2 -j ACCEPT