Displaying 20 results from an estimated 1167 matches for "masquerade".
2004 Mar 24
3
IP Masquerade issues
...k set dev teql0 up
ip addr add dev teql0 64.113.86.126
IP Masquerading is Setup
A file name rc.firewall.2.6 is executed at every startup. This file sets up
a few routing things and the masquerading setup.
Code:
#!/bin/sh
#
# rc.firewall-2.6
#FWVER=0.75
#
# Initial SIMPLE IP Masquerade test for 2.4.x kernels
# using IPTABLES.
#
# Once IP Masquerading has been tested, with this simple
# ruleset, it is highly recommended to use a stronger
# IPTABLES ruleset either given later in this HOWTO or
# from anothe...
2019 Jun 28
2
UDP broadcasts vs. nat Masquerading issue
...and what is wrong with it.
This could also be related somewhat to
https://www.redhat.com/archives/libvir-list/2013-September/msg01311.html
but I suppose it is not exactly that thing.
I've already figured the source of trouble is anyway related to these
rules added:
-A POSTROUTING -o br0 -j MASQUERADE
-A POSTROUTING -o enp0s25 -j MASQUERADE
-A POSTROUTING -o virbr2_nic -j MASQUERADE
-A POSTROUTING -o vnet0 -j MASQUERADE
Here, virbr2_nic and vnet0 are used by libvirt for arranging network
configurations for VMs, ok. However, br0 is a main interface of this
host with primary ip address, with en...
2004 Sep 04
4
masquerade and mac problem
...all of them to have access to the internet. In order to do that , I set up a linux router (2 network cards) as a usual router (eth0 : 82.77.69.75 - internet connection ; eth1 : 192.168.10.1 - local network) . The other computers have ips ranging from 192.168.10.2 to 192.168.10.8 . The linux router masquerades the other computers. The problem I have is that I want to do the masquerading based on mac AND the ip not only on the ip (so if I change the ip on a computer and use another ip from another computer which is down , the masquerading process shouldn''t work)
What I came up with is this :...
2018 Aug 29
2
Setting up port forwarding to guests on nat network
...CEPT 198K packets, 18M bytes)
pkts bytes target prot opt in out source destination
24 1812 RETURN all -- any any 10.128.10.0/24 base-address.mcast.net/24
0 0 RETURN all -- any any 10.128.10.0/24 255.255.255.255
17 1020 MASQUERADE tcp -- any any 10.128.10.0/24 !10.128.10.0/24 masq ports: 1024-65535
15 1700 MASQUERADE udp -- any any 10.128.10.0/24 !10.128.10.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- any any 10.128.10.0/24 !10.128.10.0/24
22 1666...
2005 Oct 05
3
Routing problem on a Masquerading Firewall
Hello!
I've setup tinc almost succesfully, but there is one problem remaining
with a routing issue.
Short Description of the situation :
Workstation A (192.168.1.3)
|
|
Tinc Host "50K" (192.168.1.1)
|
|
<Unknown Firewall>
+
+
+
<Masq Firewall (Linux)>
and Tinc Host "oeoe" (192.168.2.1)
|
|
Workstation B
2016 Sep 16
1
Fwd: Configure HA VPN using tinc at AWS
Actually I was wrong on masquerading. I've set it up the other way to
masquerade packets from tinc3 to the internet via tinc1/tinc2.
Subnet = 172.31.0.0/16 is there for both tinc1 and tinc2 as well as route
for tinc3. I can reach any private instance from tinc3.
> the return packet from tinc3 should end up back at tinc1, not tinc2.
I suspect tinc doesn't reply to the s...
2003 Feb 13
1
Can't access remote workstations without MASQUERADE
...1.0/24 network.
The problem is that, from a 192.168.1.0/24 win98 machine, I can browse the
network neighborhood, I can see all machines of 192.168.0.0/24 side, but
when I try to access a machine, it says that the machine isn't accessable.
If I insert a rule on linux gw 192.168.1.1 telling to masquerade all
192.168.1.0/24 traffic (iptables -t nat -A POSTROUTING -s 192.168.1.0/24
-j MASQUERADE), then everything works normally.
But WHY this masquerade? I don't want to use masquerade. I mean, the
cleaner my network topology is, better it will be. Why can't
it work with just trivial routing?...
2019 Jul 05
1
Re: UDP broadcasts vs. nat Masquerading issue
Hi Daniel and Laine,
[...]
>> -A POSTROUTING -o br0 -j MASQUERADE
>> -A POSTROUTING -o enp0s25 -j MASQUERADE
>> -A POSTROUTING -o virbr2_nic -j MASQUERADE
>> -A POSTROUTING -o vnet0 -j MASQUERADE
>
> *None* of those rules were added by libvirt (unless your build of
[...]
> You can verify my "counter-claim" by running "vir...
2019 Jul 04
0
Re: UDP broadcasts vs. nat Masquerading issue
...ould also be related somewhat to
> https://www.redhat.com/archives/libvir-list/2013-September/msg01311.html
> but I suppose it is not exactly that thing.
>
> I've already figured the source of trouble is anyway related to these
> rules added:
>
> -A POSTROUTING -o br0 -j MASQUERADE
> -A POSTROUTING -o enp0s25 -j MASQUERADE
> -A POSTROUTING -o virbr2_nic -j MASQUERADE
> -A POSTROUTING -o vnet0 -j MASQUERADE
*None* of those rules were added by libvirt (unless your build of
libvirt, in addition to being ancient, has also been heavily hacked by a
third party with down...
2004 Aug 19
4
MASQUERADE problem again...
...ives.msfree.ca/shorewall-users@shorewall.net/2003-09/msg00491.html
The difference in contrast the above post is :
IN THE POST: "The same command line that fails with -A ppp0_masq succeeds with -A POSTROUTING."
AT MY HOST: iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQUERADE iptables: Invalid argument
I tried some variation:
iptables-1.2.9
kernel-2.4.25.7mdk-1-1mdk (default 2.4 in MDK10)
kernel-i686-up-4GB-2.6.3.15mdk
kernel-i686-up-4GB-2.6.8.1.1mdk
shorewall-2.0.7-1mdk.noarch
shorewall-2.1.4-1.noarch
The result was always the same -- see below. The failed comma...
2016 Sep 16
2
Fwd: Configure HA VPN using tinc at AWS
Hello,
I've got an AWS cloud and a local network. I'd like to setup an access from
private EC2 instances to local network tinc server. There are two public
EC2 instances with tinc server installed, other (private) EC2 nodes do not
have tinc.
http://imgur.com/tq84crc
VPC subnet: 172.22/16
VPN subnet: 21.0.0/24
Source EC2 instance ip: 172.22.0.100
Tinc 1 ip: 172.22.0.101, 21.0.0.1
Tinc 2
2006 Feb 17
3
dansguardian+squid masquerading not working
Hello Everyone!
I am using shorewall-3.0.5 on suse linux.
Recently we have implemented dansguardian running on 8080 and squid on
port 3128.
Previously (before dans guardian) masquerading was working fine but
after the implementation of dansguardian masquerading is not working.
My rules file has entry
Previous entry was
ACCEPT loc:192.192.192.3 net
REDIRECT loc 8080 tcp
2007 May 28
9
2 NICs Bridge + Router
Hi wondering if anyone can help. I have two NICs on a debian sarge based
system and current running as a bridge (br0) which consists of eth0 and
eth1. Is it possible to add a virtual interface to the eth1 so I can
also do NAT on the box as well? I have tried many times and keep coming
up with errors.
Kind Regards
William Bohannan
2007 Jun 26
1
Bug#430676: xen-utils-common: network-nat increates insecure nat POSTROUTING MASQUERADE ?
...tination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
hortense:~# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE 0 -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
AFAICT, this means that NAT is active even though no vif interface was started yet, and is potentially insecure since the default FORWARD rule is accept.
My assumption on th...
2010 Dec 02
0
default route with two nexthops and MASQUERADE problem
Dear all,
I''ve the following problem with routing + NAT:
If I''ve two ISP and I''m using two nexthop in default route with MASQUERADE on both ISP links, I see routing cache regenerated, but sometimes packets sent to a new link (after cache regeneration) uses wrong source address for masquerading.
Here is the config.
I''ve two links to outside via two different providers: eth1 and eth2
eth0 is the LAN
# ip a (part o...
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
...e (i''m assuming) these are not timing out.
What I don''t understand is why the conntrack entries don''t get destroyed
when the interface goes down. The only solution that works is to remove them
manually using conntrack-tools.
>From what I learn, the difference between MASQUERADE and SNAT is that
MASQUERADE mangles the packets going out the interface so they have a source
*address of the interface* while SNAT mangles the packets so they have the
address you specify..
I''m hoping by using masquerade only the conntrack entries will be destroyed
when the pppoe ip chan...
2002 Jun 05
4
Docs Issue - IP Masq vs. SNAT
More than one of our docs issues revolve around some confusion between
"IP masquerading" and "SNAT" -- a confusion I might share, or if
contagious, I may be catching. <g>
I think of SNAT more or less as a special case of IP masquerading,
applicable when, for example, the external interface has multiple IP''s
and you choose to _explicitly_ set the address through
2002 Mar 03
1
tinc vs. ipchains masquerading
...nection from (home), this would appear to be
completely unnecessary, but for the sake of matching the online example
I'll leave it for now.
I may be missing something terribly obvious here, but I'm not sure how to
fix the source port of outbound packets while still allowing the firewall
to masquerade connections.
In the hope that someone on this list can set me straight I've included
details of my configuration below:
(1) The firewall is currently running a very permissive configuration
that boils down to:
ipchains -A forward -s 192.168.1.0/24 -j MASQ
ipmasqadm portfw -a...
2005 Jun 10
3
Multiple gateways
...and the other one is ADSL.
One of my uplink is 81.8.120.18/30 with gateway 81.8.120.17 on eth1
and the other one is 172.18.10.30/24 with gateway 172.18.10.2 on eth3.
I am trying to split my internal networks to these two providers.
So,
iptables -t nat -A POSTROUTING -s 172.16.55.0/24 -i eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.56.0/24 -i eth3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.55.0/24 -i eth1 -j MASQUERADE
This is what I am trying to set up. I also looked at the lartc.org and
tried to implement split access.
ip route add default scope global nexthop via 81....
2005 Jan 12
1
blocking masquerading for individual ips
hi,
I am using shorewall 2.0.14 on debian and it is working but for a small problem.
I want to allow masquerading only for a few ips in the network to some certain site for ftp, ssh etc. Masquerading will be blocked for other users amd they will access internet thru proxy server.
How can I do this ?
thanks.
wrodrigues.
Today is the tomorrow you worried about yesterday.