similar to: Asterisk freezes with Fixup failed on channel SIP/...<MASQ>

Where is the correct place to control what traffic is masq'ed out? This is what I have, but I was told the Forward chain isn't the right place to do this? iptables -A POSTROUTING -t nat -o $WAN -j MASQUERADE iptables -A FORWARD -i $WAN -o $LAN -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i $LAN -o $WAN -m state --state NEW,ESTABLISHED,RELATED -p tcp -m multiport

Hi all. I''m using Jamal''s ifb virtual interface from new kernel. Redirecting incoming traffic from external interface like that: # tc [blahbla] match u32 0 0 flowid 1:0 action mirred egress redirect dev ifb0 to ifb to shape it. The problem is that I''m using MASQUERADE by netfilter also. That redirected traffic coming from internet gets to ifb _before_ DNAT is done.

Hello everyone, really not sure if this is a LARTC question or not, but I have several hundred users all MASQ''d behind a single static IP. Users are reporting that certain websites are blacklisting that single static external IP for various reasons. What I would like to do is use several external IP''s and have a MASQ''d user getting a random one each time. Here is

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=9 ------- Additional Comments From kaber@trash.net 2006-09-16 14:45 MET ------- I guess this is obsolete now that we don't exclude locally originating packets from MASQUERADE anymore .. in the end all ports will be unique. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are

Hi! Progress is much better now with my new install with not many problems left! I just have a simple - I hope - question. I have a few users that need access to the net via masquerade rules. The rest have to go via squid on the firewall. That all works well. I also have two windows servers that also need access to the net but they have to each use a specific outgoing ip address. I add two

In /etc/shorewall/masq I have: eth0 eth1 eth0 vmnet1 eth0 vmnet8 ------------- eth0 is my default route to the Linksys router connected to the cable modem. eth1 is my connection to 192.168.1 subnet and it is the gateway for all other machines on this subnet. My routing table is: # netstat -nr Kernel IP routing table Destination

Hello, on my old system I''m using ipchains. Can anyone help me with converting rule /sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp to shorewall. I know that I can write eth0 source_addr to /etc/shorewall/masq file but I can''t found where I can specify the destination address. The reason for this is to allow one user (computer) access only to

Rainer M Krug writes: > Thorsten Wiegand used in his paper Wiegand T., and K. A. Moloney 2004. > Rings, circles and null-models for point pattern analysis in ecology. > Oikos 104: 209-229 a statistic he called O-Ring statistic which is > similar to Ripley's K, only that it uses rings instead of circles. > > http://www.oesa.ufz.de/towi/towi_programita.html#ring

hi, in the masq file''s documentation, there is a sentence: "If you have a static IP on that interface, listing it here makes processing of output packets a little less expensive for the firewall." this realy means that SNAT to the primary address is less expensive than a MASQ rules in the netfilter? is this documented anywhere in iptables/netfilter? thanks. -- Levente

More details : I noticed that every start of xend is adding the POSTROUTING masquerade iptables rule, and nothing is done at stop time. This should bi fixed, at least. -- Olivier BERGER <olivier.berger at int-edu.eu> (ATTENTION : new address) Ing?nieur Recherche - Dept INF GET/INT at Evry (http://www.int-edu.eu/) OpenPGP-Id: 1024D/6B829EEC

I just signed up for Broadvoice, and used a similar network configuration that I have on stanaphone, voipjet, and others. My asterisk box is behind a vanilla Linux masquerade (netfilter/ipchains) firewall. The SIP and IAX services have been working fine in both directions for the other SIP termination services. The Broadvoice inbound service worked immediately. (which to me is odd, inbound

This system is running for a while, using Redhat 7.2 and Samba 2.2.3. Question: Before I completely reinstall this system, I would like to get some samba statistics from this system. Can anybody point me in the right direction on how to do this. Thanks Ralf Wiegand

I have currently a samba share what is 54GB in size with many, 100's for subdirectories within. Should I have any additional entries in the smb.conf file. [global] workgroup = BIG server string = Linux Samba Server printcap name = /etc/printcap load printers = yes cups options = raw security = ADS realm = somedomaine.org log file = /var/log/samba/%m.log max log size

I have a firewall with 2 connections to the internet (eth1 and eth2) and one LAN interface. on the LAN interface, the users can connect via PPTP. those authenticating via pptp shall be masqueraded over eth2, those not authenticating should be ordinary masqueraded over eth1. as from the archives I took the configuration like in FAQ32, but this doesn''t work with the ppp+ interfaces. I

In the panic of replacing our firewall(s) earlier in the week, we ended up moving our original shorewall 1.4 config onto a machine with 2.0.10 already installed, overwriting all the 2.0.10 config files. Most things seem to work fine, except for our masq entries. I''ve examined the default 2.0.10 files compared with our 1.4 files, and can''t spot the problem. What am I missing?

Hello - I upgraded from FC4 to FC6. My samba configuration (samba 3.0.1x) was working just fine until I upgraded to FC6 and Samba 3.0.24. I had shares who where protected and only some users and groups can access them. I used valid users = @wireless, where the group wireless had 10 users. Before the upgrade this was working just fine. Now nobody from @wireless group members can access the

I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I

I am trying to install wine from the latest source on a FreeBSD 4.4 box. I did chip# ./configure --prefix=/usr/local/wine chip# make depend && make then chip# make install but am getting the following error. cd `dirname advapi32/__install__` && make install [ -d /usr/local/wine/lib ] || mkdir -p /usr/local/wine/lib /usr/bin/install -c libadvapi32.so

Hello - I running Samba as a PDC on FC6 with roaming profiles. I need to setup a custom Windows logon/welcome message... to tell users want they can expect using this domain. Is it also possible to place different PDF files on the users desktop when he or she logs on, but only referencing one source file, so I don't have a copy for each user? What is the best approach? Thank You. Ralf

Using below configuration multiplied by 3000+ nodes to control bandwidth causes very high kernel cpu usage (99.5%) narrowed it down to the mangle table. Any ideas to do this more efficiently would be appreciated. The mangle table entry (indicated by ***) is sucking all the cpu. I am running RH7.3 kernel 2.4.18-3 and iptables 1.2.5 This setup has worked well for more than 1000 devices but as the