Hi Dudes! Nowadays im building highload NATbox with DPDK and VPP (Vector Packet Processing).
Building system on my VirtualBox installation (CentOS 7.2 x64) with 4Gb mem and 4 cpu cores.
Hello! Yesterday i wrote script on LUA to rewrite records before resolve the request.
Recursor has LUA scripting support if you are install it with lua feauture support and configure with lua-dns-script.
LUA script for this target:
Hello! Recently i found one beautiful solution – fork of RSS.
RPS Receive Packet Steering.
Hello! Yesterday i worked hard, and optimize iptables with mangle table, ipset and iproute.
We want mark addresses (located in ipset) which should routed to another host, and another packets via another gateway.
Thats rules give us minimal resourses to serve only online clients (dynamicaly walked in NAT server, not statical created in iproute2 – how it worked before).
After a half year we are found one solution to reject NTP amplified attacks with iptables and ipfw. Simple
I have a bug with tracerts using RAWNAT from xtables-addons – there are no tracerts after RAWNAT rules, work only tracepath.
Today i began installing oVirt Virtualization system on CentOS 6.5. I dont like fucking XEN.
Waiting news 🙂
Today im wrote script that adding NAT table to SQL, because ISP want to know when and which IP assigned to user in NAT pool.
Hello! Now i want to explain how to integrate ipset to iptables rule.
In this way if you have one hundred or higher identical rules your CPU will be overloaded (each packet will be checked in each rule)
Hello! In ISP Convex we have a simple script to generate client REALIP from grey IP.
Its very simple