https://linzeyan.github.io/categories/iptables/Recent content in Iptables on RickyHugo -- gohugo.ioenWed, 04 Dec 2019 11:08:04 +0800https://linzeyan.github.io/posts/2019/20191204-ip-tables-rule-load-balance/Wed, 04 Dec 2019 11:08:04 +0800https://linzeyan.github.io/posts/2019/20191204-ip-tables-rule-load-balance/<ul> <li><a href="https://blog.outv.im/2019/ip-tables-rule-load-balance/" target="_blank" rel="noopener">Load Balancing with iptables and ip rule</a></li> </ul> <h4 id="steps">Steps</h4> <p>This example uses an Arch Linux device with two Internet uplinks: eth0 and eth1. The mapping is:</p> <ul> <li>Mark 10 (0xa) - Routing table #110 - use eth0</li> <li>Mark 11 (0xb) - Routing table #111 - use eth1</li> </ul> <p>We decide which uplink to use based on the packet mark. First, use ip rule to map each mark to its routing table.</p> <p>The default routing table priority is 32768. To ensure our tables are used, set a higher priority (for example 31000).</p>https://linzeyan.github.io/posts/2019/20191007-fuck-cmcc/Mon, 07 Oct 2019 10:41:08 +0800https://linzeyan.github.io/posts/2019/20191007-fuck-cmcc/<ul> <li><a href="https://v2c.tech/Article/FUCK-CMCC" target="_blank" rel="noopener">Fighting ISP Cache Hijacking Again with iptables</a></li> </ul> <h5 id="cause">Cause</h5> <p>The fight against the carrier cache problem started two years ago. The carrier even cached cnpm data. Worse, their cache servers were not only slow like a turtle in a marathon, they also crashed frequently, so I just wanted to write code but had to face a wall of red errors.</p> <h5 id="fix">Fix</h5> <p><code>iptables -I FORWARD -p tcp -m tcp -m ttl --ttl-gt 20 -m ttl --ttl-lt 30 -j DROP</code></p>