search for: dnating

https://bugzilla.netfilter.org/show_bug.cgi?id=1427 Bug ID: 1427 Summary: can not reuse source port to a DNATed IP if it is being used by another connection Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5

Greetings shorewall users, I''m running into a problem and hoping someone might have a simple idea how to fix it. I have shorewall configured on a linux fw with 2 port DNAT rules to an internal server for openvpn from external clients. Everything works fine there. I have a problem when the fw is rebooted however. When it comes back up, interfaces are brought up before shorewall is

Hi. I have strange troubles with DNATing UDP packets. The situation: 1. We have local network 10.10.0.0/16 2. We have a "server network" 192.168.1.0/25 connected with local network by a router 10.10.100.1 (other ip 192.168.1.1). 3. Web server is located at 192.168.1.2 4. There are HW pingers in the net 10.10.0.0/16 whose do pi...

Hi folks, I know this isn''t a shorewall question, but i''m hoping someone can point me to the right place to look for answers on this (since, as Tom suggests, search engines are useless for some things): Here is my firewall setup: ADSL1 ADSL2 dialup \ | / firewall | DMZ It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is

...#39;'ve set the apropriate ACCEPT rules to allow tcp port 1723 and protocol 47 to the host on the dmz, but no luck. I can''t see anything in the logs either. I realize it could be any of a thousand different things, but as I''ve set up tons of systems with only one public ip and DNATing everything regarding pptp with no problems, I thought I''d throw the question out there regarding proxy arp, since this is the first system I''ve set up using proxy arp. If you need further info on the set up, let me know. Thankful for any input! Cheers, ?rjan

Is anyone using Shorewall and DNATing their ssl connections? I have replicated my port 80 configuration for 443, but cannot connect through the firewall (page cannot be displayed). SSL is working behind the firewall. Am I going about this the wrong way?

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=471 Summary: UDP stream DNAT problem Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy:

...N <- Proxy <- Another Router <- Internet However, once I insert the ebtables rule to actually do the redirection, all packets I want to redirect get dropped. This happens regardless of where I try to broute the packets. I tried DROPping them in BROUTING, REDIRECTing them in PREROUTING, DNATing them to the MAC of eth0 in PREROUTING, but each time the packets never leave eth0. All debugging so far hasn''t helped (I read the LARTC HowTo twice, read all ebtables/bridge/iproute2 documentation I could find), the only remaining possible explanation I can think of is that the kernel...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I''m worked all day on an issue I found today and I just can''t find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hello all, I have been putting together a shorewall firewall together for a couple of days, but have hit a bit of a dead end. I am using Shorewall 3.0.5 Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type

Hi gang, I''ve got a problem with shorewall, it keeps dropping packets when it should be DNATing them. I want all connections on a tcp port 4662 to be forwarded to a machine on my network (192.168.0.5) - the port is used for mldonkey (P2P app). It seems to be partially working - loads of packets are being DNAT''ed but some are not - I cant figure out why! The firewall (192.168.0.1) i...

I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m

I''ve made some tests... eth2 is my internal interface, LAN is connected here. Before I had IMQ device in AB mode... PREROUTING [A]fter NAT, POSTROUTING [B]efore NAT. I want the same situation on ifb. I do this in this way: --- # incoming traffic here from LAN is before NAT tc qdisc add dev eth2 handle ffff: ingress # outcoming traffic here from WAN is after NAT tc qdisc add dev eth2

Hello. The problem I have is route nat. Short question: Must "route nat", mentioned in ip-cref documentation comming with iproute2 package, work with 2.6.9 kernel? Long question and description of the problem: There is an appendix C in ip-cref by Alexey Kuznetsov called "Route NAT Status". I''ve followed this configuration with 2.4.2x kernel and everything works.

Hi all, i got the following configuration: * NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28 * NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28 * INTNET: Internal Network with productive servers and workstations, 192.168.1.0/24 Obvisiously the 10er networks are official networks but censored to protect my customer. The routerbox assigns on eth0 all

...ve a PPTP VPN server setup that has port 1723 and protocol 47 DNAT''d through to the internal IP address of the VPN server and I have not been able to have more than one connection at a time. I am considering setting up the VPN server as a gateway (for lack of a better word) and instead of DNATing the connections through to the internal IP I would setup a DMZ with the VPN server as the only host. My only concern in doing so is that if it does not work what other options do I have besides getting a different connection type such as fibre? I''m trying to do this as cheaply as possibl...

Hello again I asked a question about routing a week or so back and have progressed somewhat since then. I have managed to progress somewhat with proxy arp but not with routing. I will repeat my setup: LAN is on eth0 and uses masq and 192.168.1.0/24 NET is on eth1 and default routes are on ISP routeur xxx.xxx.79.126 and xxx.xxx.242.126 DMZ is on eth2 and consists of 2 complete class C blocks

Hello, I have a MS Exchange (small business server) that was just upgraded to 2003, behind a bering (shorewall) firewall. OWA is experiencing the issues described in the following technet article: http://support.microsoft.com/default.aspx?scid=kb;en-us;280823 OWA displays Loading, and does not display properly. I am already running over https. (ports 80 and 443 are DNATed to the server).

Try to SNAT the incoming conection too, then your server see only the 200.x.x.x IP for the incoming calls. You have DNAT for redirections, add a postrouting SNAT. I supose that you are DNATing in PREROUTING and you will add a rule (only for example) for SNAT the incoming calls from 200.x.x.x router: iptables -t nat -A POSTROUTING -d <internal server ip> -j MASQUERADE Perhaps you''ll need to put before that rule some rules to allow internal traffic to that server without S...