search for: net_dnat

Displaying 20 results from an estimated 37 matches for "net_dnat".

2005 Jan 10
3
REDIRECT + shorewall drop for dynamic blacklists
...DROP all -- 205.251.246.215 0.0.0.0/0 DROP all -- 205.251.64.69 0.0.0.0/0 DROP all -- 205.251.179.185 0.0.0.0/0 shorewall show log Shorewall-2.0.14 Log at yosemite - Mon Jan 10 11:02:16 NST 2005 Counters reset Sat Jan 8 21:01:36 NST 2005 Jan 10 10:56:25 net_dnat:REDIRECT:IN=eth1 OUT= SRC=205.251.179.185 DST=w.x.y.z LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=2731 DF PROTO=TCP SPT=4128 DPT=2745 WINDOW=16384 RES=0x00 SYN URGP=0 Jan 10 10:56:28 net_dnat:REDIRECT:IN=eth1 OUT= SRC=205.251.179.185 DST=w.x.y.z LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=3714 DF PROTO=TCP SP...
2004 Jan 21
3
FW: DNAT and masq problem with kernel 2.4.23
....ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html http://lists.netfilter.org/pipermail/netfilter/2003-September/046962.html Here is tail from debug message. How I can force to shorewall use POSTROUTING chain for masq and DNAT instead of user defined chains? # tail /tmp/trace + eval exists_nat_net_dnat=Yes + exists_nat_net_dnat=Yes + run_iptables2 -t nat -A net_dnat -p tcp -d 212.24.147.254 --dport http -j DNAT --to-destination 192.168.140.2 + [ x-t nat -A net_dnat -p tcp -d 212.24.147.254 --dport http -j DNAT --to-desti nation 192.168.140.2 = x-t nat -A net_dnat -p tcp -d 212.24.147.254 --dport...
2004 Sep 22
3
Strange DNAT problems with shorewall 1.4.8
...I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned on :info, and here are the relevant tests: kernel: Shorewall:net_dnat:DNAT:IN=eth1 OUT= MAC=MAC_ADDRESS SRC=SRC_IP DST=PUBLIC_IP LEN=60 TOS=0x00 PREC=0x20 TTL=40 ID=55181 DF PROTO=TCP SPT=62684 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 kernel: Shorewall:net_dnat:DNAT:IN=eth1 OUT= MAC=MAC_ADDRESS SRC=SRC_IP DST=PUBLIC_IP LEN=60 TOS=0x10 PREC=0x20 TTL=40 ID=21056 DF PROTO...
2005 Mar 02
3
duplicated dnat entries
...- 200.200.200.250 when i list nat rules with iptables i got this Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT all -- * * 0.0.0.0/0 200.200.200.250 to:192.168.1.2 Chain net_dnat (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 200.200.200.250 tcp dpt:25 to:192.168.1.2 well, the correct rule is the one in net_dnat chain!! why shorewall is creating the rule...
2012 Sep 05
2
DNAT issue
...ACCEPT loc $FW ACCEPT # THE FOLLOWING POLICY MUST BE LAST all all REJECT info shorewall.conf IP_FORWARDING=Keep and the kernel also knows : root@mordor:~# cat /proc/sys/net/ipv4/ip_forward 1 The message in syslog... Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:0c:29:2d:ca:d6:11:23:06:17:f8:40:48:00 SRC=myfriendsip DST=mypubip LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=27043 DF PROTO=TCP SPT=33484 DPT=33890 WINDOW=8192 RES=0x00 SYN URGP=0 Could anyone point me to the right direction/help a bit to make it work? Or do I miss something?...
2005 Jun 22
0
Issue migrating from 1.4.6c to 2.4.0 with all zone in DNAT rule
...l, net : internet zone dmz : DMZ zone Lan : local network zone in 1.4.6c this rule : DNAT all lan:10.0.0.1 tcp http - 192.0.0.1 does generate the following iptables rules in nat table : Chain OUTPOUT DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain net_dnat DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain dmz_dnat DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain lan_dnat DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 in 2.4.0 the same rule does generate only : Chain OUTP...
2003 May 11
1
local clients cannot access internal server
...5.63.205:192.168.0.1 output from shorewall show nat Shorewall-2.0.0b NAT at host.bluestonefinancial.com - Tue May 11 10:57:43 EDT 2004 Counters reset Tue May 11 09:54:09 EDT 2004 Chain PREROUTING (policy ACCEPT 102K packets, 4275K bytes) pkts bytes target prot opt in out source destination 73 3585 net_dnat all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 54 9296 masq_dnat all -- eth1 * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 1290 packets, 83016 bytes) pkts bytes target prot opt in out source destination 2 96 masq_snat all -- * eth1 0.0.0.0/0 0.0.0.0/0 9 585 ppp0_masq all -- * ppp0 0.0.0.0/0 0.0.0.0/0 C...
2006 Oct 26
1
Saprouter forwarding from shorewall firewall to an internal saprouter server
...c:10.0.0.60 tcp 3299 - 191.99.200.50 i follow instruction reported in shorewall faq 1a-b-c. after zeroing the routefilter counter and a new connection trying from a laptop on internet (IP address: 191.99.200.32) i have the following results from command shorewall show nat on chain net_dnat: Chain Pkts bytes target proto opt in out source destination 1 48 LOG tcp -- * * 0.0.0.0/0 191.99.200.50 tcp dpt:3299 LOG flags 0 level 6 prefix ''Shorewall:net_dnat:DNAT:'' 1...
2004 Sep 23
0
two internet connections don''t appear to be masqing
...actly like this one: http://www.lartc.org/howto/lartc.rpdb.multiple-links.html is there some proc magic I can query to check the kernel has all the right bits? Here is the iptables stuff: iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination net_dnat all -- 0.0.0.0/0 0.0.0.0/0 net_dnat all -- 0.0.0.0/0 0.0.0.0/0 loc_dnat all -- 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth1_masq all -- 0.0.0.0/0 0.0.0.0/0 eth2_masq all...
2005 Jan 02
1
Linksys router and shorewall
...t seem to work. If i change the rules to log info, i do see it coming in. If i do a netstat on my other linux webserver, i see it coming in with the SYN_RECV state, but nothing after that. Here''s the log entry from my shorewall machine: Jan 2 13:34:05 MachineName kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:00:00:00:00... SRC=x.x.x.x DST=192.168.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=45682 PROTO=TCP SPT=54945 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Mac and src port have been taken out, but were there. The src address actually seems to be the real source address, not my...
2005 Jul 28
3
Routing for multiple uplinks/providers problem.
...oot@fonroute:~# ip route list table 222 default proto static nexthop via 216.170.136.1 dev eth1 weight 1 nexthop via 24.196.120.29 dev eth2 weight 4 using shorewall to setup rules. iptable -L Chain PREROUTING (policy ACCEPT) target prot opt source destination net_dnat all -- anywhere anywhere net_dnat all -- anywhere anywhere loc_dnat all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth1_masq all -- anywhere anywhere eth2_masq all --...
2005 Jan 20
1
Can I pass PPTP packets thru 2 firewalls?
...loc:192.168.10.201 tcp 1723 - 192.168.20.115 Here''s the entry from /etc/shorewall/rules: #ZONE INTERFACE BROADCAST OPTIONS # loc eth0 - net eth2 Here''s the log entry from a VPN attempt: Jan 19 22:02:52 ARCProxy2 kernel: Shorewall:net_dnat:DNAT:IN=eth2 OUT= MAC=00:e0:4c:bb:91:35:00:09:5b:82:09:96:08:00 SRC=63.18.215.195 DST=192.168.20.115 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=16523 DF PROTO=TCP SPT=1708 DPT=1723 WINDOW=32768 RES=0x00 SYN URGP=0 Obviously I haven''t been able to get this setup to work. I know I''m...
2004 Sep 07
1
Problem with DNAT
...collisions:0 txqueuelen:1000 RX bytes:261270108 (249.1 Mb) TX bytes:1149310777 (1096.0 Mb) Eth0 Net Zone (two Ip addresses) Eth1 iLocal Zone In Eth1 i have my email server, with the public ip 10.10.10.163, when i do the DNAT i have this: Sep 5 11:13:55 ns kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:c0:f0:54:dc:1e:00:04:27:fd:6c:cb:08:00 SRC=205.240.205.176 DST=10.10.10.163 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=50942 DF PROTO=TCP SPT=62382 DPT=25 WINDOW=65148 RES=0x00 SYN URGP=0 IN=eth0=OUT this is my problem, doesnt Out trough eth1 My /etc/shorewall/nat is #ACTION...
2004 Sep 07
1
Problem with DNAT 3 IP''s two NIC
....1 Mb) TX bytes:1149310777 (1096.0 Mb) Eth0 Net Zone (two Ip addresses) Eth1 Local Zone OS Fedora 2 Shorewall Version 2.0.7 In Eth1 i have my email server with the private ip 192.168.0.253 and the public ip is 10.10.10.163, when i do the DNAT i have this: Sep 5 11:13:55 ns kernel: Shorewall:net_dnat:DNAT:IN=eth0 OUT= MAC=00:c0:f0:54:dc:1e:00:04:27:fd:6c:cb:08:00 SRC=205.240.205.176 DST=10.10.10.163 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=50942 DF PROTO=TCP SPT=62382 DPT=25 WINDOW=65148 RES=0x00 SYN URGP=0 IN=eth0=OUT ,this is my problem, in and out is same interface. DNAT doesnt works. I follow...
2004 Sep 29
10
DNAT + Masq Problem - Yes I read the FAQ I promise
...teway:/etc/shorewall# shorewall show nat Shorewall-2.0.3a NAT at gateway - Wed Sep 29 12:19:43 CDT 2004 Counters reset Wed Sep 29 11:56:40 CDT 2004 Chain PREROUTING (policy ACCEPT 1197 packets, 100K bytes) pkts bytes target prot opt in out source destination 658 54981 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 24 packets, 1862 bytes) pkts bytes target prot opt in out source destination 21 1682 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCE...
2005 Jan 11
1
Squid and DMZ (ProxyARP)
...s:0x03/0x03 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x16/0x02 NAT Table Chain PREROUTING (policy ACCEPT 1999K packets, 163M bytes) pkts bytes target prot opt in out source destination 9 444 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 1600K packets, 98M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 12756 packets, 863K bytes) pkts bytes target prot...
2004 Sep 29
0
Re: Shorewall-users Digest, Vol 22, Issue 65
...l# shorewall show nat > Shorewall-2.0.3a NAT at gateway - Wed Sep 29 12:19:43 CDT 2004 > > Counters reset Wed Sep 29 11:56:40 CDT 2004 > > Chain PREROUTING (policy ACCEPT 1197 packets, 100K bytes) > pkts bytes target prot opt in out source destination > 658 54981 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 > > Chain POSTROUTING (policy ACCEPT 24 packets, 1862 bytes) > pkts bytes target prot opt in out source destination > 21 1682 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0 > > Chain OUTPUT (policy ACCEPT 24 pa...
2009 Dec 16
3
Dual-homing BGP gate problem
...T= SRC=89.174.215.22 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=49071 PROTO=ICMP TYPE=8 CODE=0 ID=12662 SEQ=260 > TRACE: nat:dnat:rule:1 IN=eth2 OUT= SRC=89.174.215.22 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=49071 PROTO=ICMP TYPE=8 CODE=0 ID=12662 SEQ=260 > TRACE: nat:net_dnat:return:30 IN=eth2 OUT= SRC=89.174.215.22 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=49071 PROTO=ICMP TYPE=8 CODE=0 ID=12662 SEQ=260 > TRACE: nat:dnat:return:26 IN=eth2 OUT= SRC=89.174.215.22 DST=195.187.140.1 LEN=28 TOS=0x00 PREC=0x00 TTL=55 ID=49071 PROTO=ICMP TYPE=8 CODE=0 ID=12662...
2004 Aug 05
9
Not able to access website
....0.0.0/0 tcp flags:0x03/0x03 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x16/0x02 NAT Table Chain PREROUTING (policy ACCEPT 2021 packets, 274K bytes) pkts bytes target prot opt in out source destination 65 8740 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 202 packets, 16264 bytes) pkts bytes target prot opt in out source destination 7 336 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 19...
2012 Sep 27
3
vsFTP and shorewall
...et lan:192.168.1.231:22 tcp 2222 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE 5. # cat /proc/sys/net/ipv4/ip_forward 1 6. more /etc/sysconfig/iptables-config IPTABLES_MODULES="ip_conntrack_netbios_ns ip_nat_ftp ip_conntrack_ftp" Chain net_dnat (1 references) pkts bytes target prot opt in out source destination 3 156 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:192.168.1.231 0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0...