Displaying 20 results from an estimated 10000 matches similar to: "Iptables masq traffic limiting"
2008 Dec 10
2
Iptables Question
I have a squid proxy running transparently, so in my firewall script
I run the following fairly early:
iptables -A PREROUTING -t nat -i $LAN -p tcp -m multiport --dports 80,443 -j REDIRECT --to-port 3128
This is a multihomed server so after this change the masquerading was
removed (as only web access on the lan side of this server was needed).
I now need to masq cleanly one device so that it
2006 Dec 11
6
load balacing with https home banking
Hello everybody.
I''m running linux 2.6.19 with nth match to
alternatively snat outgoing connections to
two different ip addresses for load balancing
between two adsl lines:
Here is:
$IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to
adslA
$IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m
multiport
2008 May 22
4
IPTables help
I have a dual homed server in an install for someone who is very cost sensitive.
This server originally is being setup as an Asterisk server, but now the simplest
thing for me to do is also set it up to provide internet access for the small shop as well.
So it will have one external, WAN facing nic that needs all incoming ports except UDP 5060 and
10000 -> 60000 blocked for all but two ips.
2010 Aug 02
2
NAT via /etc/sysconfig/iptables
Hello listmates,
It's been a few years since I've set up a router... and for some
reason I seem to be getting hung up on this one.
Does anybody have a sample iptables config file that would incorporate
NAT and forwarding for a simple router?
Thanks.
Boris.
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the
hosts file. In addition, it contains the first release of a new
Bridge/firewall implementation that uses the reduced-function physdev
match found in kernel 3.6.20 and 3.6.21.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the
hosts file. In addition, it contains the first release of a new
Bridge/firewall implementation that uses the reduced-function physdev
match found in kernel 3.6.20 and 3.6.21.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2008 Dec 04
4
iptables questionson CentOS
Hi,
I know these are a few iptbales questions. NOT CentOS, anyway, I am
running a firewall on centos 5.x.
If you can response, it would be fine.
I want to add a SNAT rule for one user in LAN to access one particular
destination on the internet.
Let's say www.centos.org
I added the below rule. But . it does NOT work
Pls assume 1.2.3.4 is the real ip of the firewall.
ip address
2007 Aug 16
4
two providers.
Hello, people.
I read iptables tutorial and lartc, but i''m still confused with one
trouble.
May be this question was discussed already, so forward me solution, if
is.
So, there''s a trouble.
I have debian etch linux. 2.6.18-4 kernel.
On this computer i have three interfaces: eth0 - my lan, eth1, eth2 -
providers.
By default all internet traffic routed through eth2. But i
2016 Jun 21
2
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello again,
unfortunately the following /etc/sysconfig/iptables file does not work:
*nat
:INPUT ACCEPT
:OUTPUT ACCEPT
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
#-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
--to-ports 8080
COMMIT
*filter
:INPUT DROP
:OUTPUT ACCEPT
:FORWARD DROP
-A INPUT -m state --state
2016 Jun 21
4
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Hello Gordon and others
On Tue, Jun 21, 2016 at 4:13 PM, Gordon Messmer <gordon.messmer at gmail.com>
wrote:
> On 06/21/2016 02:30 AM, Alexander Farber wrote:
>
>> -A PREROUTING -p tcp -m tcp -d 144.76.184.154/32 --dport 80 -j REDIRECT
>> --to-ports 8080
>>
>
>
> I think you have the ports backward, here.
>
here the problem description again:
I have
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2006 Nov 14
2
NAT/MASQ with multiple external static IPs
Hello everyone,
really not sure if this is a LARTC question or not, but I have several
hundred users all MASQ''d behind a single static IP. Users are reporting
that certain websites are blacklisting that single static external IP
for various reasons.
What I would like to do is use several external IP''s and have a MASQ''d
user getting a random one each time.
Here is
2016 Jun 21
2
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
On Tue, 2016-06-21 at 15:46 +0100, Always Learning wrote:
> On Tue, 2016-06-21 at 16:24 +0200, Alexander Farber wrote:
>
> > *nat
> > :INPUT ACCEPT
> > :OUTPUT ACCEPT
> > :PREROUTING ACCEPT
> > :POSTROUTING ACCEPT
> > -A PREROUTING -p tcp --dst 144.76.184.154 --dport 8080 -j REDIRECT
> > --to-port 80
>
>
2016 Jun 20
3
Redirecting port 8080 to port 80 - how to add in /etc/sysconfig/iptables file?
Good evening,
on a CentOS 7 LAMP (not gateway) dedicated server I am
using iptables-services with the following /etc/sysconfig/iptables:
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m
2004 Nov 20
5
Differences in masq from 1.4 -> 2.0?
In the panic of replacing our firewall(s) earlier in the week, we ended up
moving our original shorewall 1.4 config onto a machine with 2.0.10
already installed, overwriting all the 2.0.10 config files.
Most things seem to work fine, except for our masq entries. I''ve examined
the default 2.0.10 files compared with our 1.4 files, and can''t spot the
problem. What am I missing?
2004 Nov 27
3
/etc/shorewall/masq
In /etc/shorewall/masq I have:
eth0 eth1
eth0 vmnet1
eth0 vmnet8
-------------
eth0 is my default route to the Linksys
router connected to the cable modem.
eth1 is my connection to 192.168.1 subnet
and it is the gateway for all other machines
on this subnet.
My routing table is:
# netstat -nr
Kernel IP routing table
Destination
2004 May 30
2
Route P2P on separate link
Hello,
Is there a way to route p2p traffic on a separate ISP connection, just as
you would choose a separate connection for http traffic?
I tried all sorts of setups based on:
http://www.braindump.dk/en/wiki/?wikipage=PolicyRouting but with no luck.
Please help :)
(ipp2p is up and running)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
2005 Feb 21
12
NAT
Hello,
I installed my linux server for 3 months now. It does almost everything
(dns, web & mail server, firewall ...).
I just encounterd two problems with the firewall: behind this server
there are 2 computers: i got emule on one and msn on the other. The
problem is that I can''t configure well the firewall fore these 2 rules.
I''ve added DNAT rules but it
2009 Aug 12
6
Shorewall (Openswan) IPSEC VPN MASQ Problem
Hi,
I have setup a IPSEC VPN using Openswan to connect a Draytek router to a
CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m
getting a problem with packets from the left hand subnet getting
masqueraded rather than routed down the IPSEC VPN as though they were
going out onto the net. I''ve spent the last day searching Google and so
far I''ve hit a
2008 Feb 11
2
OpenVPN traffic will not be routed into network / as DefaultGW traffic ... with 1 NIC
Hello!
I''ve the following set-up
RemoteClient1 (Win Vista), RemoteClient2 (Win XP) do both connect to
my OpenVPN box. They can talk to each other, using their 172.16.1.x
tun0 Address on the server.
The server itself (Ubuntu gutsy, OpenVPN: 2.0.9-8, shorewall:3.4.4-1)
has 1 NIC that connects the machine to
a) a DSL-router (forwards several ports to this linux machine,
including the