Displaying 20 results from an estimated 27 matches for "snate".
Did you mean:
state
2004 Aug 02
1
Split Access Routing and SNAT
...-A PREROUTING -d 10.1.0.3 -j DNAT --to 192.168.1.2
iptables -t nat -A POSTROUTING -s 192.168.1.2 -j SNAT --from 10.1.0.3
I do this for all server on alternating IP-adresses and lines.
Eventually at the very end of the POSTROUTING-chain i got a catch-all SNAT
for all workstations in INTNET to get SNATed access to the internet (only
routed via one line):
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --from 10.1.0.1
(where 10.1.0.1 is a designated IP address only used for the workstations
- the server all got their own IP-address.
Works so far.
Now my problem: If a workstation from the...
2005 Aug 02
4
How to set a host with public IP within a private network?
...blic IP (1.2.3.4)
with the gateway 1.2.3.1
2) an allocated IP class with 64 addresses
(5.6.7.192/26)
3) two LANs connected through two NICs:
a) 192.168.0.0/24 on eth1 (192.168.0.1)
b) 10.0.0.0/24 on eth2 (10.0.0.1)
The IPs from the allocated class are all assigned to
eth0.
The networks are SNATed to the external IP and to all
IPs in the allocated class in a round-robin fashion.
(-j SNAT --to 1.2.3.4 lowest_IP_in_class
highest_IP_in_class)
My question is:
Is it possible to assign one IP from my allocated
class to an internal machine without changing eth1 or
eth2 IPs *OR* without adding a...
2003 Jan 22
1
Restricted Access to Internet
Hi list,
I am a happy user of shorewall, i have followed the instructions
in the shorewall''s web site relative to the squid transparent
proxy configuration,all works ok, but i have been instructed to let
adicional specified ports (aplications) to be snated (allowed to run)
together to the web browsing service,i mean if i snat the network
(i have a static ip from my isp), all aplications(kazaa, msn messenger,etc)
can run, without snat the users only can browse the internet, the other
aplications don''t work,how can i also permit i.e. smtp (p...
2005 Oct 31
1
Load balance with Multiple Links
Hi
i have read the all the docs
and try to deploy the load balance and QoS
using my 4 links (DSL links)
My setup looks like below
LAN ----Local IP-----Connected to Linux Box Eth1
Eth5-- connected to one DSL1
Eth4-- connected to one DSL2
Eth3-- connected to one DSL3
Eth2-- connected to one DSL4
iam marking them in prerouting randomly
and puting them in table
and snating at POSROUTING
2018 Apr 04
0
[Bug 1241] New: Please support inverting filters
...Severity: enhancement
Priority: P5
Component: conntrack
Assignee: netfilter-buglog at lists.netfilter.org
Reporter: korn-netfilter.org at elan.rulez.org
I have a firewall where sometimes NAT rules change so that certain UDP
connections that were not SNATed before should be SNATed now.
Before the NAT rules go up, the affected packets are passed but the connections
end up in the UNREPLIED state; however, due to connection tracking, these
sessions get stuck in this state if the source keeps sending new UDP packets.
I would like to be able to flush un...
2004 Oct 04
5
DNAT strange thing ???
...uests coming from the lan, i have to avoid the server answering
directly => SNAT necessary.
DNAT loc loc:server_ip tcp http,smtp -
$NET_IP:$LOC_IP
=> OK BUT...
PROBLEM :
--------------
when this 2nd rule is defined, connections coming from net zone are
also SNATed ????????
so all requests to server seem to come from $LOC_IP :-(
shorewall versions :
- 2.0.1 on mandrake 10.0 official (native package)
- 2.0.9 on the same box (installed from tgz file )
i''m still wondering what i missed... help please...
2007 Aug 24
3
subdivide 64 kbit bandwidth 32kbit for WWW and 32 Kbit for mail
...Z"Kbit
tc qdisc add dev $INTERFAZ_DMZ parent 1:5 handle 5: sfq perturb 10
tc filter add dev $INTERFAZ_DMZ parent 1: protocol ip prio 1 u32 match ip
dst 192.168.100.0/24 classid 1:5
It has allocated 64 Kbit for downloading for the ip range of
192.168.100.0/24. (DMZ ZONE)
Rememmber, this is a SNATed firewall.
Now, What I nedd is to subdivide this 64 kbit bandwidth *32kbit for WWW and
32 Kbit for mail**.
Can I subdivide in that way ? If divided , What will happen to other
services such as ICMP, SSH, ACK etc ?
*Then, How can I achieve this task?
*
I modfied the the above script . This is wha...
2007 Aug 16
4
two providers.
Hello, people.
I read iptables tutorial and lartc, but i''m still confused with one
trouble.
May be this question was discussed already, so forward me solution, if
is.
So, there''s a trouble.
I have debian etch linux. 2.6.18-4 kernel.
On this computer i have three interfaces: eth0 - my lan, eth1, eth2 -
providers.
By default all internet traffic routed through eth2. But i
2002 Sep 12
2
question on IPSEC behind NAT
Helo to all,
I am attempting to establish an IPSEC tunnel to a remote freeswan G/W
with my laptop.
My laptop sits in behind shorewall at home. From the documentation, this
is what I
Modified in Shorewall:
/etc/shorewall/tunnels:
ipsec loc 24.65.x.x
/etc/shorewall/policy
vpn loc ACCEPT
loc vpn ACCEPT
My question is, have I left anything out?
2010 Oct 14
0
NFSv4 Storage Pools
Hi,
Is it possible to configure libvirt to use NFSv4 for a pool? I am doing
some iptables SNATing and rpc.statd can't handle it.
Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20101014/7a771fe1/attachment.htm>
2005 May 12
0
Setting up split access
...default via <gateway of isp1> dev eth0
I left the default routing table (254) unchanged except for the default
route:
''default via <gateway of isp2> dev ppp0
As described in an earlier post in this list, the rp_filter has to be
disabled and the traffic for eth0 has to be SNATed to the IP of the
interface as the kernel uses the IP of the ppp0 interface as source IP
of every package.
However, I do not require to set up any other fancy routing entries
described in the lartc howto to make the whole thing to work. The
question is, am I missing an important point here?
F...
2005 Jan 06
0
Wierd traceroute/routing problem
...-user-pub
I tried using SNAT on gw2 so that instead of 172.16.0.2 I would get
one of the public ip addresses I have on gw2.
It seems that packets with ttl time exceeded in transit get through to
the mangle table in POSTROUTING but no longer reach the nat table in
POSTROUTING (so they no longer get SNATed).
The same thing happens to these kind of icmp packets if I try to SNAT
them on gw1.
Tcpdump just shows me 172.16.0.2 each time, exitting the public
interfaces and the nat rule counter does not increase..
I also tried marking packets in mangle table and then seeing if that
same mark reaches the...
2007 Mar 14
0
[Bug 554] New: Packet illegaly bypassing SNAT
...Version: All
Status: NEW
Severity: major
Priority: P2
Component: NAT
AssignedTo: laforge@netfilter.org
ReportedBy: renean@gmx.de
I have a router. To the outside world i have to do NAT. All packats going over
the external interface are being SNATed by the one and only rule in the
POSTROUTING-chain (see below).
What happens is that some packages from my internal net somehow bypass that NAT
and go out with their internal addresses (${SOURCE}). My ISP informed me about
that.
It seems that applications spawning many connections trigger that pr...
2005 Nov 08
0
Dead Gateway Detection with PPPoE
Gentlefolk,
First, many thanks to EVERYONE that tries so hard to make this advanced
routing stuff useful to the "...rest of us"! You all rock!
I have been prowling the archives of this list for an answer to my
problem, and have seen some close situations, but no joy. Yet.
I''ve got a relatively simple setup I''m trying to get working: we''ve got
a
2012 Oct 13
1
ipsec nat issue
Hello,
I have the following setup on linux 2.6.32... CentOS 6.x :
ipsec tunnel eth0-10.255.3.254/25 - eth1-pub add1 <-> eth1-pub add2 -
eth0-10.255.5.254/25
I am trying to SNAT remote private address 10.255.5.128/25 packets when
they come out of the ipsec tunnel to make it appear like it was from local
address 10.255.3.254. I am doing a source ping from the right side to a
device on the
2006 Dec 13
0
RE: Routing & NAT Problem take #2
...e doing. Unfortunately what it should be doing is not what you want it to be doing.
> (Note: I don''t know if the returning connections are SNAT''d back to 200.200.64.139)
A simple TCPDump will tell you if this is the case or not. However, I suspect that the packets are being SNATed to 100.100.251.218.
> Is there a way around this? i.e. so that the multihoming still works?
Yes, multiple.
One is to make your office router know that it can reach the 200.200.64.139 host via the 100.100.251.218 router. However, this is probably not what you really want to do. I say this i...
2006 Dec 12
1
Multihoming & routing & NAT problem
As suggested on the netfilter list, I''m posting here too:
Current network layout:
Internet
|
----100.100.251.217----
/ (router) \ Internet
| | |
100.100.251.220 100.100.251.218
2007 May 09
10
Load balancing using connmark
Hi,
I''ve been implementing a load balancing solution using CONNMARK, based
on solution described by Luciano Ruete at [1]. Gracias por el post y por
apuntar en la dirección correcta Luciano!
Once implemented, I''ve found that due to some reason packets aren''t
properly marked (or improperly remarked) and sent out using the wrong
interface.
My topo setup is:
2004 Apr 01
3
Control Bandwidth
Hi all,
I need a little help, i am studing htb to control user
bandwidth (download/upload) and I made a script as
below to test. I am testing using ttcp tool from by
linux box to other linux (192.168.200.51).
my box <---- Linux = more than 128kbit
mybot -----> Linux = get 128kbit
But I want to control both ways, what am I missing?
script:
EXTIF=eth0
INTIF=eth1
TC=/sbin/tc
DOWN=128
2005 Jul 22
1
virtual routing issue
A most puzzling network conundrum has arisen while I was attempting to
create a virtual network behind a virtual router which in turn connects the
virtual network to my real network.
My machine (192.168.103.23) is on the network with my router
(192.168.103.1). The virtual router, tiara, has to connect my
192.168.103.* network with the virtual 10.0.0.* network which comprises two
other virtual