search for: ip_nat

...support for `ip_masquerade' on this system." Consistent with this, there is no /proc/net/ip_masquerade. On the other hand, the load balancer *IS* working; those connections *are* getting NATted and routed. Also, lsmod shows varous relevant modules loaded: iptable_nat 40773 1 ip_nat 53101 2 ipt_MASQUERADE,iptable_nat ip_conntrack 91237 5 xt_state,ip_conntrack_netbios_ns,ipt_MASQUERADE,iptable_nat,ip_nat nfnetlink 40457 2 ip_nat,ip_conntrack ip_tables 55329 2 iptable_filter,iptable_nat x_tables 50377 7 xt_st...

...e mode. The passive mode stops working and gives time out. Firewall is disabled and SELinux is set to permissive. I ran tcpdump and I noticed that only first three packets reached the FTP for passive mode and no more packets on other ports # lsmod | grep conntrack ip_conntrack_ftp?????? 41361? 1 ip_nat_ftp ip_conntrack_netbios_ns??? 36033? 0 ip_conntrack?????????? 91621? 5 ip_nat_ftp,ip_nat,ip_conntrack_ftp,ip_conntrack_netbios_ns,xt_state nfnetlink????????????? 40457? 2 ip_nat,ip_conntrack Any suggestion? Eng. Fawzy Ibrahim Linux Systems Administrator

...://howtoforge.com/kernel_compilation_centos with lastest kernel downloaded from kernel.org . in menuconfig i used /boot/config-(mycurrentcentoskernel) as a configuration. then i compiled with make rpm. Result was ok, but my kernel was about 400MB of size! :( Next problem was that alltought i we had ip_nat as a module selected in menuconfig, i did not had it, and i was not able to modprobe ip_nat , so my iptables were not working. I am looking for some help and experiences. Probably in thinks like : howto make new kernel for centos to be the most compatible (using /boot/config... probably). The rea...

...yinitrd.img 2.6.16.33-xen But, it is occuring error on boot. Would you advice on me? Please, help me. I''m getting tired.. I tried for 2 weeks. $ uname -r 2.6.18-92.1.10.el5 $ lsmod Module Size Used by ipt_MASQUERADE 7617 0 iptable_nat 11205 0 ip_nat 20973 2 ipt_MASQUERADE,iptable_nat bridge 53341 0 autofs4 24517 2 hidp 23105 2 rfcomm 42457 0 l2cap 29505 10 hidp,rfcomm bluetooth 53797 5 hidp,rfcomm,l2cap sunrpc 14...

First, I'd like to configure my system to forward ip, to act as a gateway for my network. I've always used a script during startup to do this: echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${IP_NAT} This works fine, however I want this permanent so I don't have to run the script on startup. I have the firewall setup with SNAT fine, but when I write the file /etc/sysconfig/network with the line 'FORWARD_IPV4=YES' it still doesn't enable the ip forwarding after boot? cat /...

...t; mdew:~# lsmod Module Size Used by Not tainted ipt_REDIRECT 728 0 (autoclean) ipt_MARK 728 2 (autoclean) iptable_mangle 2100 1 (autoclean) ipt_REJECT 2712 4 (autoclean) iptable_filter 1672 1 (autoclean) ip_nat_ftp 3760 0 (unused) ip_conntrack_ftp 3616 0 [ip_nat_ftp] ip_nat_irc 3024 0 (unused) iptable_nat 19608 3 [ipt_REDIRECT ip_nat_ftp ip_nat_irc] ip_conntrack_irc 2720 0 [ip_nat_irc] ip_conntrack 21372 3 [ipt_REDIRECT ip_nat_...

Hi! Already searched for it and asked in IRC channel but all replies talk about ip_conntrack_irc and ip_nat_irc. I have a rule in 'NEW' section of 'shorewall/rules' to irc: ACCEPT fw net tcp 6667 #IRC and 'lsmod|grep irc' shows: ip_nat_irc 3648 0 ip_nat 22572 8 [...] ip_conntrack_irc 8464...

...llowing modules are loaded ~# lsmod | grep xt_ xt_limit 2624 0 xt_mark 2176 0 xt_length 2112 0 xt_MARK 2944 22 xt_tcpudp 3648 17 xt_state 2176 2 ip_conntrack 51052 4 ipt_MASQUERADE,iptable_nat,ip_nat,xt_state x_tables 11080 12 xt_limit,ipt_tos,ipt_MASQUERADE,iptable_nat,ipt_IMQ,xt_mark,xt_length,xt_MARK,ipt_REJECT,xt_tcpudp,xt_state,ip_tables and I get error with the following rule ~# iptables -A FORWARD -p tcp --syn -m connlimit --connlimit-above 60 -j REJECT iptables: Unknown...

I recently did a set up where I replaced a simple D-link home router that was having trouble processing a T1's worth of bandwidth with a linux machine running iptables. the kernel was 2.6.29-r5 and I chose the SIP connection tracking modules from the menuconfig. Router worked fine for normal traffic, but I was unable to get the SIP phones to work. Using ngrep it was plain to see

...12168 Mar 6 2002 /usr/include/machine/if_wavelan_ieee.h 1564 May 1 2002 /usr/include/netinet/ip_auth.h 34148 May 1 2002 /usr/include/netinet/ip_compat.h 21840 May 1 2002 /usr/include/netinet/ip_fil.h 1905 May 1 2002 /usr/include/netinet/ip_frag.h 8826 May 1 2002 /usr/include/netinet/ip_nat.h 4559 May 1 2002 /usr/include/netinet/ip_proxy.h 5621 May 1 2002 /usr/include/netinet/ip_state.h 324 May 1 2002 /usr/include/netinet/ipl.h 5930 Mar 6 2002 /usr/include/values.h 858 Mar 6 2002 /usr/libdata/perl/5.00503/mach/_h2ph_pre.ph 646 Jul 7 2002 /usr/libdata/perl/5.00503/...

Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11 14:34:37 EDT 2003 Using the latest Makefile for squid25: # fgrep \$FreeBSD /usr/ports/www/squid/Makefile # $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $ Modified with: # fgrep CONFIGURE_ARGS Makefile |fgrep -v \# CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \

...ndrey J. Melnikoff (TEMHOTA) wrote: > Hello. Hi Andrey, > Please, CC me, i'm not subscribed. > > Kernel 2.6.15-rc6 OOPS: > > kernel: general protection fault: 0000 [#1] > kernel: SMP > kernel: Modules linked in: ipt_REDIRECT ipt_LOG ipt_TOS ipt_TCPMSS ipt_tos > ip_nat_ftp ipt_tcpmss iptable_nat ip_nat iptable_mangle iptable_filter > ipt_multiport ipt_mac ipt_state ipt_limit ipt_conntrack ip_conntrack_ftp > ip_conntrack ip_tables af_packet ipv6 pcspkr floppy i2c_piix4 i2c_core > ohci_hcd usbcore aic7xxx scsi_transport_spi psmouse ide_disk ide_cd >...

Hello, Let me first start by saying Shorewall is awesome, and I use it everywhere from single box firewall, to home network firewall, even to our corporate firewall. I am experiencing a problem getting my home firewall to work with my BroadVoice VoIP connection. I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This happened when I tried to replace

Author: jojemann Repository: /hg/zfs-crypto/gate Revision: efc34deda74b954ff57b5a18a73ffa7e2fd12fc2 Log message: 6361514 Duplicate MAP rule check does not work Files: update: usr/src/common/ipf/ip_nat.c

Author: jojemann Repository: /hg/zfs-crypto/gate Revision: 0721889e1e6f9dbaa658c2f7043144ff2aa460d7 Log message: 6405388 policy based routing and NAT don''t work Files: update: usr/src/common/ipf/ip_nat.c update: usr/src/common/ipf/solaris.c

...l.c usr/src/uts/common/fs/zfs/zfs_ioctl.c usr/src/uts/common/fs/zfs/zfs_vfsops.c usr/src/uts/common/fs/zfs/zil.c usr/src/uts/common/fs/zfs/zio.c usr/src/uts/common/inet/ipf/fil.c usr/src/uts/common/inet/ipf/ip_compat.c usr/src/uts/common/inet/ipf/ip_fil_solaris.c usr/src/uts/common/inet/ipf/ip_nat.c usr/src/uts/common/inet/ipf/ip_nat6.c usr/src/uts/common/inet/ipf/ipf.h usr/src/uts/common/inet/ipf/netinet/ip_fil.h usr/src/uts/common/inet/ipf/netinet/ip_nat.h usr/src/uts/common/inet/ipf/netinet/ipf_stack.h usr/src/uts/common/inet/ipf/netinet/ipl.h usr/src/uts/common/io/bge/bge_chip2.c...

We have a (supposedly) quite standard setup: 2 Dom0 with drbd-on-lvm and a bunch of DomU, on Quad Xeon Dell servers. We tried with both sid-based and etch-based (+ 3.1 xen hypervisor and drbd 8 from backports.org ) Dom0, and quite consistently have "kernel: invalid opcode: 0000 [1] SMP" errors which freezes Dom0 (during lasts tests a simple start-and-stop loop of 10 DomU can trigger

...tch DGD, but when i try tp patch to my kernel with fedora iam getting the following eroor can some one suggest me what is wrong or i need a latest patch for fedora [root@linux-2.4.22-1.2115.nptl]# patch -p1 < /root/update/update/routes-2.4.20-9.diff patching file include/linux/netfilter_ipv4/ip_nat.h patching file include/linux/rtnetlink.h patching file include/net/ip_fib.h patching file include/net/route.h Hunk #2 succeeded at 130 (offset 2 lines). patching file net/ipv4/arp.c Hunk #1 succeeded at 317 (offset 1 line). patching file net/ipv4/fib_frontend.c patching file net/ipv4/fib_hash.c Hu...

...ode assumes a valid checksum, which is not the case for checksum offload packets (which has a complimented, partial checksum for the hardware to use). The fix is to compliment the new address and not compliment the old address (which is complimented in the partial checksum), and roll that with the ip_nat_cheat_check function. There are two "versions" of the patch below. The first version is a diff to show the actual changes made to the ip_nat_proto_udp.c and ip_nat_proto_tcp.c file (as it is difficult/impossible to tell from the second patch). The second version is the one to commit to...

Hi, I seem to be facing an intrusion issue, inspite of firewall (script attached). What am I missing ?? Any suggestions / recommendation are welcome pls. Best regards, Sans -------------- next part -------------- #!/bin/bash echo 0 > /proc/sys/net/ipv4/ip_forward # Clear any existing firewall stuff before we start /sbin/iptables --flush # As the default policies, drop all incoming