search for: masq

Displaying 20 results from an estimated 544 matches for "masq".

Did you mean: mask
2003 Jan 21
14
Emule + Shorewall
...eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file has: ACCEPT net fw udp 53 - ACCEPT net fw tcp 80,443,53,22,20,21,25,109,110,143,10000 - ACCEPT masq fw udp 53 - ACCEPT masq fw tcp 80,443,53,22,20,21,25,109,110,143,10000 - ACCEPT loc fw udp 53 - ACCEPT loc fw tcp 80,443,53,22,20,21,25,109,110,143,10000 - ACCEPT masq fw tcp domain,bootps,http,https,631,imap,pop3,smtp,nntp,ntp...
2003 Jan 06
1
masq problem
Dear all, I get a problem with masq, why it doesn''t work for connect to internet? my masq configuration /etc/shorewall/masq eth0 10.2.0.0/16 202.158.1.99 but if my masq file without 202.158.1.99 it work! /etc/shorewall/masq eth0 10.2.0.0/16 and the ip nat will be same with ip address eth0. FYI: IP number (20...
2002 Aug 06
8
converting MASQ from ipchains
Hello, on my old system I''m using ipchains. Can anyone help me with converting rule /sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp to shorewall. I know that I can write eth0 source_addr to /etc/shorewall/masq file but I can''t found where I can specify the destination address. The reason for this is to allow one user (computer) access only to the one site. -- Radek Hni...
2006 Apr 04
4
Multi ISP, multi address, masq file
I''m planning a multi isp setup and cafully read the documentation. One thing that bothers me is the masq file. The example uses a single ip address on each public interface. I have multiple addresses on both public interfaces (16 on one and 64 on the other). I''m a bit confused about what to put in the masq file in this situation. Any insights would be appreciated. Ronald -- Ronald van der...
2011 May 16
1
Proper use of MASQ in Multi-ISP config
I am wanting to verify that I am properly using the MASQ for a series of hosts. I have 2 providers, and my providers file has the contents: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY l3 1 100 main eth0.100 1.18.139.1 track,loose,fallback eth1 ws 2 200 main...
2008 Jan 08
8
Shorewall and LVS-NAT (via fwmark) nat'd machines can't access the outside world directly
...that is my router/firewall/LVS. Internet -- eth0 - router/firewall - eth1 --- internal lan | eth2 LVS-NAT setup With LVS setup as LVS-NAT, everything works a treat as in load balancing from the internet is spread across my 2 servers that are connected to eth2. LVS seems to handling the NAT/masq just nicely, and plays nice with shorewall via using fwmark. BUT, my "realservers" (192.168.1.x connected via eth2) can''t access anything externally say dns lookups, routing mail, whatever, ie anything originating from the box apart from web traffic which LVS-NAT is handling. (w...
2004 Aug 10
11
who gives access? was: why ADD_DNAT_ALIASES missing?
hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the net zone (eth0''s zone)? - is a line in the nat file automaticaly add an accept rule too? eg. in nat file: <external ip> eth0:5 <intern...
2004 Jan 21
3
FW: DNAT and masq problem with kernel 2.4.23
Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html http://lists.netfilter.o...
2018 Aug 29
2
Setting up port forwarding to guests on nat network
...CEPT 198K packets, 18M bytes)  pkts bytes target     prot opt in     out     source               destination    24  1812 RETURN     all  --  any    any     10.128.10.0/24       base-address.mcast.net/24     0     0 RETURN     all  --  any    any     10.128.10.0/24       255.255.255.255    17  1020 MASQUERADE  tcp  --  any    any     10.128.10.0/24      !10.128.10.0/24       masq ports: 1024-65535    15  1700 MASQUERADE  udp  --  any    any     10.128.10.0/24      !10.128.10.0/24       masq ports: 1024-65535     0     0 MASQUERADE  all  --  any    any     10.128.10.0/24      !10.128.10.0/24    22...
2000 Feb 13
0
WINS misery.. please help :(
...d all. However, the LAN was a substitution for the internet, and when the setup is moved to the real internet, the WINS aspect of my setup does not work. I need some information about WINS over different subnets. I have two machines both running linux + samba, one at say 24.226.65.40 (called MASQ), and one at 216.225.95.65 (called GATEWEAVER) (these are not actual ips, but close). Both are in different workgroups, and therefore both are set to be domain masters. MASQ is set to be the WINS client connecting to GATEWEAVER's external IP address, GATEWEAVER is the WINS server. When I ste...
2012 Mar 05
0
masq and snat
Hi! Progress is much better now with my new install with not many problems left! I just have a simple - I hope - question. I have a few users that need access to the net via masquerade rules. The rest have to go via squid on the firewall. That all works well. I also have two windows servers that also need access to the net but they have to each use a specific outgoing ip address. I add two snat rules to the masq file. Then I got a bit confused yet again. I get confused...
2006 Aug 29
3
masq problem
...I''m probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can''t get masq working. Maybe this is because something changed in masq since I have been using similar configuration in 2.x But I can''t see what... There is nothing in messages so it doesn''t point me in the right direction. No REJECT, no loc2something... No communication like loc2net is lo...
2004 Oct 06
4
SNAT is less expensive than MASQ
hi, in the masq file''s documentation, there is a sentence: "If you have a static IP on that interface, listing it here makes processing of output packets a little less expensive for the firewall." this realy means that SNAT to the primary address is less expensive than a MASQ rules in the net...
2004 Nov 27
8
Please help
Hi, i have a huge problem ;] I have redirected port 69 from NET (internet) IP 212.122.68.129 to the local network (masq) 192.168.0.3, that all queries from internet goes to local network PC. ACCEPT net masq tcp 69 - DNAT net masq:192.168.0.3 tcp 69 - everything works fine from the internet, but now I cannot access this port from other local PC`s. i have to access it locally, when i try to access through...
2003 Oct 13
1
Help on route tables and masq ...
...ading balance. To create new routing tables, they could be introduced to the shorewall init file. What I''d try it''d be that each of both suppliers would be used in different occasions for the internet output. The question arises in how I''d configure and define it in the MASQ file: /etc/shorewall/masq eh0 eth2 eth1 eth2 Would it be right? That is, when up to the routing table an output interface is chosen, masq will be done upon it? Regards & thanks. -- ____________________________________________________________________ Sergio Navarro i Fajardo snavarr...
2006 Mar 13
1
clarification on ipsec and masqing
Hi, Just seeking some clarification on the current state of play with masqing ipsec connections. I have a client who establishs many different outbound ipsec connections. So thats - many local clients, through linux firewall, to many different ipsec ''servers''. they currently assign a public ip for outbound nat to each user to connect out to the ipsec con...
2009 Apr 16
2
ip alias and masq
Hi for all ... I just read all doc about ip alias in Shorewall . If I am right, I can not use ip alias with masq, it is right ? What I am trying to do is create an ip alias in my internal network interface and use it for tests purpose ( specifically for getting familiar with multi ISP shorewall config ) The actual system is working fine with the ip 192.168.1.1 in eth1, eth0 is my dsl provider . I created an...
1998 Aug 05
6
IP Security for Linux (IPSec)
I''ve kept this one on the back burner for a while, waiting for it to mature before attempting to use it, and now having seen OpenBSD ship with IPSec I''m getting a bit impatient =). What is the status of IPSec for Linux (and more specifically RedHat)? By this I mean I just did some www browsing/etc and found about a half dozen different implimentations, ranging from NRL, to a
2004 Nov 27
3
/etc/shorewall/masq
In /etc/shorewall/masq I have: eth0 eth1 eth0 vmnet1 eth0 vmnet8 ------------- eth0 is my default route to the Linksys router connected to the cable modem. eth1 is my connection to 192.168.1 subnet and it is the gateway for all other machines on this subnet. M...
2004 Sep 29
10
DNAT + Masq Problem - Yes I read the FAQ I promise
I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I believe that my masq rules are completely wrong (althoug...