search for: snat

Displaying 20 results from an estimated 542 matches for "snat".

Did you mean: sat
2004 Aug 10
11
who gives access? was: why ADD_DNAT_ALIASES missing?
...;s zone) and from the net zone to the <internal ip>? or should i also have to add these to the rules file? - if the above two is not true tha why the DNAT rules do so? something similar like dnat- would be useful (just the opposite for masw and nat). - if there is dnat rules why there is not snat? i try to read all doc but these are not documented very well. some kind of advanced documentation would be useful for those how know the ip and iptables command .eg. "a dnat rule add such an iptables commands ..." etc. thanks in advance. yours. -- Levente...
2006 May 03
5
SNAT on IPSEC tunnel with kernel 2.6/KAME tools?
Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can SNAT/MASQUERADE packets to the...
2006 Dec 11
6
load balacing with https home banking
Hello everybody. I''m running linux 2.6.19 with nth match to alternatively snat outgoing connections to two different ip addresses for load balancing between two adsl lines: Here is: $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to adslA $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -...
2003 Feb 04
1
Totally SNAT confused :)
...etup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 - 80.80.80.81 - 80.80.80.82 .80 is the default adress now, used for masq etc. Lets asume i setup SNAT on .81 and .82 and relate them to 192.168.0.81 and 192.168.0.82 respectively in the DMZ zone Now to my questions: 1...
2002 Jun 05
4
Docs Issue - IP Masq vs. SNAT
More than one of our docs issues revolve around some confusion between "IP masquerading" and "SNAT" -- a confusion I might share, or if contagious, I may be catching. <g> I think of SNAT more or less as a special case of IP masquerading, applicable when, for example, the external interface has multiple IP''s and you choose to _explicitly_ set the address through which interna...
2006 Mar 14
9
firewall problem
snat not working my local ip is aaa.aaa.aaa.aaa asterisk sitting on the internet at ip bbb.bbb.bbb.bbb my firewall''s internal ip is 192.168.0.254 i did snat: iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to aaa.aaa.aaa iptables -t nat -L -v gives: Chain POSTROUTING (policy ACCEPT 23663...
2018 Feb 15
2
[Bug 1227] New: Current conntrack state isn't considered when evaluating multiple SNAT rules
https://bugzilla.netfilter.org/show_bug.cgi?id=1227 Bug ID: 1227 Summary: Current conntrack state isn't considered when evaluating multiple SNAT rules Product: netfilter/iptables Version: unspecified Hardware: All OS: other Status: NEW Severity: enhancement Priority: P5 Component: NAT Assignee: netfilter-buglog at lists.netfilter.org...
2007 Dec 21
1
Regd: Iptables SNAT issue in Cluster Suite Setup
...9 IP Address Floating : 192.168.13.83 IP Address (Assumed by currently active server) I want all snmp packets going out through the active server to be stamped with floating IP So i have added a iptables rules as "iptables -t nat -A POSTROUTING -p udp -s 192.168.13.179 --dport 161 -j SNAT --to-source 192.168.13.83:161 iptables -t nat -A POSTROUTING -p udp -s 192.168.13.110 --dport 161 -j SNAT --to-source 192.168.13.83:161" I have written a script to continuously poll an agent using snmpgetnext. This script works for some time and then snmpgetnext fails giving the follo...
2005 Feb 14
6
NAT over 2 providers (not load balance)
...h0---LAN--- | | eth2-|- | | | +-----------+ - eth0 is connected to the LAN having the IP=LAN_IP eth1 is connected to the first ISP having IP=ISP_IP_1 and GW=ISP_GW_1 eth2 is connected to the second ISP having IP=ISP_IP_2 and GW=ISP_GW_2 I need to selectively SNAT clients in the LAN to ISP_IP_1 or ISP_IP_2. That would be something like: $IPTABLES -t nat -A POSTROUTING -s 172.17.31.5 -j SNAT --to-source $ISP_IP_1 $IPTABLES -t nat -A POSTROUTING -s 172.17.31.7 -j SNAT --to-source $ISP_IP_2 This does not work since all the packets are forwarded to the defaul...
2007 Apr 17
6
[Bug 554] Packet illegaly bypassing SNAT
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 ------- Additional Comments From fhagur@gmail.com 2007-04-17 05:04 MET ------- I have been wondering about this bug and had similar problems myself here in my Debian system, linux-kernel 2.6.18 iptables 1.3.6. I too saw that some packets became transmitted illegally through the ppp0 interface, when they just
2004 Sep 30
2
2 DSL link, DNAT & SNAT
...21.243.248/30 lookup adsl 52: from all iif eth0 lookup adsl 53: from all iif eth2 lookup adsl 32766: from all lookup main 32767: from all lookup default + hdsl table has default gw to HDSL line + adsl table has default gw to ADSL line + DNAT & SNAT occurring from both dsl lines Chain PREROUTING DNAT tcp 0.0.0.0/0 81.121.243.250 tcp dpt:1723 to:192.168.254.10 DNAT tcp 0.0.0.0/0 217.58.51.162 tcp dpt:1723 to:192.168.254.10 Chain POSTROUTING SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0...
2005 Jan 24
2
Migrate rules from iptables to shorewall - SNAT
Hi all, I''m using Shorewall since one year (1.4, then 2.0) I''m trying to migrate a linux firewall from iptables rules to shorewall. The firewall has three zones - net internet - loc1 lan - loc2 second lan I have a lot of rules like this, to SNAT the ip addresses of some computers on loc1 (192.168.16.0/24) when they connect to loc2 (10.0.0.0/8) iptables -v -t nat -I POSTROUTING -s 192.168.16.40/32 -d 10.150.30.100/32 -j SNAT --to 10.108.5.5 I''m not sure what is the best way to migrate this rules. From reading d...
2005 May 29
1
Routing for multiple uplinks and SNAT to 2 source IPs
Hi, I configured a router box to use 2 providers, as described in the HOWTO. (Apendix 1) I want to use both links to reach a single smtp server. As I read in the kptd and in some old messages of this list, doing a SNAT in the postrouting chain comes _after_ the routing desision. So I guess the following lines I''m trying to use are wrong. (See Apendix 1) What can I do to have multiple connection to the same IP to use both links? Do the following lines have some effect after I do SNAT in the mangle table...
2010 Jan 10
4
SNAT
...atic route on ADSL modem "10.123.0.0/16 via 10.123.10.11" which ensures traffic comming from internet will ge to my router. Now i want to configure NATTING. My concern is, how to create iptables rule which will match only the traffic going via 10.123.10.11 and only for this will make SNAT. If I will do iptables -A POSTROUTING -o eth0 --j SNAT --to-source 213.194.242.198 this will not work . I need to add there a magic words that only traffic going via 10.123.10.11 should be SNATted. Please help, Thank you in advance. David
2005 Jun 24
1
SNAT multiple IP to single internal IP and limiting access based on external IP
Hello all, I have shorewall setup with 3 SNAT entries for external IP address''s to a single IP internal address. I am wondering how to limit access based on the source IP address. ex. EXT IP 1 access only to port 25 EXT IP 2 access only to port 443 EXT IP 3 access only to port 80 I have the SNAT setup correctly and I have 3 acce...
2007 Mar 14
0
[Bug 554] New: Packet illegaly bypassing SNAT
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 Summary: Packet illegaly bypassing SNAT Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy: renean@gmx.de...
2003 Feb 23
1
RTSP problems (and SNAT questions)
I am having problems making RTSP connections to a Windows Streaming Media Server (ie "connecting to media...." but WMP never connects). There are no error messages in /var/log/messages. It was suggested to me that SNAT might perform better than MASQ in this respect. I edited my shorewall/masq file as such: eth0 eth1 12.34.56.78 or should it be? eth0 10.0.0.0/24 12.34.56.78 First, is this all that is necessary to properly start using SNAT? I was unsure whether I should use ADD_SNAT_ALI...
2006 Jan 02
7
Several IP''s, one mail and http server
Hi, I want to have several IP''s for my connection and each IP will have it''s own hostname. Now I want to serve a web server and mail server for each hostname/IP_addr pair on the same box in the internal LAN using one apache and one postfix daemon. If I do one SNAT and several DNATs then only the hostname which I SNAT the server to would work. Is the only way to do it correctly by assigning the internal server several IP''s (virtual interfaces) and then make SNAT and DNATs for each interface/IP_addr individually? ATM I''ve got one IP...
2010 May 08
3
setup firewall with 3 nic cards
...office eth1 is internet T1 eth2 is internet Cable when I do "iptables -F" then iptables -L everything is gone as it should be. Then I do iptables -t nat -A PREROUTING -p tcp -d $MYIP --dport 6550 -j DNAT --to $INTERNAL_ADDRESS:6550 iptables -t nat -A POSTROUTING -d $INTERNAL_ADDRESS -j SNAT --to $GWIP then I do iptables -L again and the rule is not there. Am I missing something? I have tried -I and -A both. Thanks, Jerry
2006 Oct 06
12
Two outbound internet links, using one network interface
...a hub/switch to both of the ISP links. I add two different IPs to this interface, corresponding to each providers network. Then the masquerading is done with a rule like this: # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE instead of: # iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 67.17.28.12 # iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 205.254.211.179 For the traffic that is generated in the LAN behind the box, it works, but for the traffic that is generated in the localhost (routing box), it does not work. Indeed, it cannot possibly work for t...