Displaying 20 results from an estimated 10000 matches similar to: "[Bug 552] New: Strange DNAT behaviour... packet don't pass to PREROUTING and go directly in INPUT !!"
2007 Mar 04
13
[Bug 552] Strange DNAT behaviour... packet don't pass to PREROUTING and go directly in INPUT !!
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552
------- Additional Comments From cbettero@ciditech.it 2007-03-04 21:48 MET -------
This problem prevents AJAX web sites to be hosted on the internal web server,
because many packets will be dropped instead of passing into PREROUTING chain...
--
Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
2007 Sep 25
1
DNAT PREROUTING issue with iptables
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address -
1.2.3.4/29) to the internet ip
2017 Feb 03
4
[Bug 1117] New: Table ipv4-nat prerouting dnat doesn't accept dest IP:PORT
https://bugzilla.netfilter.org/show_bug.cgi?id=1117
Bug ID: 1117
Summary: Table ipv4-nat prerouting dnat doesn't accept dest
IP:PORT
Product: nftables
Version: unspecified
Hardware: x86_64
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
2007 Mar 07
4
PREROUTING - DNAT with iptables for an ASTERISK BOX
Hi,
I am running a ASTERISK BOX behind a firewall. It is at DMZ .
Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT.
How can I do it?
Pls assume that ip address that connects to Internet on firewall is
1.2.3.4and is attached to eth0.
And ASTERISK BOX is 192.168.101.23
Then, What is the rule (PREROUTING) for it? What is the port to DNAT?
I think udp 5060. So I have
2007 Sep 25
7
DNAT PREROUTING issue with IPTABLES
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address -
1.2.3.4/29) to the internet ip
2005 Jul 14
7
Losing Packets after a DNAT in prerouting
I''m trying to setup some DNAT and the packets seem to be disappearing after
the PREROUTING step. The packets are coming in eth2 (both LOG targets in
iptables and tcpdump confirm this). They are then DNATed to an IP that
should cause them to go out eth3. However I never see them go out that
interface. I have tried putting LOG rules into the FORWARD chain with no
success. I''m
2005 Nov 25
1
2 WAN links and DNAT
Hi
Here is a short description of my network:
ppp0 (adsl) ppp1 (adsl)
| |
| |
---------------------
| Router |
| Firewall |
| MASQUERAD |
| DNAT |
| |
| eth0 |
---------------------
|
|
|
----------------------
|
2005 May 20
1
Iptables - PREROUTING
I have a server whit 2 interfaces of network, where eth0 is the interfaces
connetc to internet and eth1 to the internal network. This server hace a
Squid only, but i setting the iptables for protection to the server.
Iptables run from script and in this script i setting the redirection for
the other server in my internal network to port 80 and 443. I follow the
diferent how to and many manual, but
2012 Feb 14
1
iptables nat PREROUTING chain
Is there a way to add a rule to the nat table (CentOS 5.7) that would
alter the port number of tcp packets destined for the server itself? I
have ip_forwarding enabled, but the packets don't seem to hit the
prerouting chain.
I have the following redirect rule in the prerouting table. I also
tried DNAT, but if the packets don't hit PREROUTING, it won't work either.
iptables -t nat
2005 Jun 01
0
SNAT (or MASQUERADING) and DNAT question
Hi,
The private adresses (192.168.254.0/255.255.255.0) of my network are sent
dynamically by dhcp on my network. The dhcp server is on the firewall which
address is 192.168.254.1/255.255.255.255 (this address is static).
I''ve got a rsync server on this network which is on a separe server. His
address is 192.168.254.200/255.255.255.255 (this address is static).
I want that the users
2006 Feb 21
1
[Bug 452] New: DNAT to internal network don't work with source routing and 2 uplinks
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=452
Summary: DNAT to internal network don't work with source routing
and 2 uplinks
Product: netfilter/iptables
Version: linux-2.6.x
Platform: i386
OS/Version: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P2
2006 Dec 15
1
catching DNAT''ed packet
Hi.
I have a Server''s network with some servers in it, all with
192.168.1.0/25 ips. There is also a router in that network with ip
192.168.1.1. This router also connected to a client''s network
10.10.0.0/16 with ip 10.10.100.1.
All services on each server are given their virtual address from one of
two virtual networks 192.168.1.128/28 and 192.168.1.144/28.
192.168.1.128/28 is
2007 Oct 05
3
DNAT rule for vsftp --(PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server's port 21 from anywhere ( Client initiates connection)
- FTP server's port 21 to ports > 1024 (Server responds to client's
control port)
- FTP server's ports > 1024 from anywhere (Client initiates data
connection to
2013 Sep 10
4
[Bug 850] New: DNAT applied even after deleting the IP Tables DNAT Rule
https://bugzilla.netfilter.org/show_bug.cgi?id=850
Summary: DNAT applied even after deleting the IP Tables DNAT
Rule
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at
2016 Feb 28
9
[Bug 1051] New: nftables DNAT not working
https://bugzilla.netfilter.org/show_bug.cgi?id=1051
Bug ID: 1051
Summary: nftables DNAT not working
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: critical
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
2005 Jun 20
0
routing for multiple uplinks + DNAT (LVS in my case)
Hi.
Contents:
1) Introduction
2) 2 Questions
* Introduction:
I used this HOWTO to use multiple providers.
http://lartc.org/howto/lartc.rpdb.multiple-links.html
The box is a load balancer, using the Linux Virtual Server.
We have a problem with lost connections, and it seems you
get issues when you combine this setup with DNAT [1].
The proposed solution [1] is to use these rules to mark
2016 Jan 26
1
CentOS 7 - DNAT with firewalld
HI,
here I have an eMail with connected to a DMZ 10.0.0.0/24 network. This
server holds 10.0.0.87
There are two firewall-hosts one with CentOS 6 10.0.0.10 and one with
CentOS 7 10.0.0.17
The CentOS 6 has the following iptables-rule (extract):
----------------------8<----------------------8<----------------------8<
*nat
-A POSTROUTING -o eth1 -j MASQUERADE
-A PREROUTING -i eth1 -d
2008 Apr 04
0
DNAT slow performance
Hi there
I''ve built a configuration based on following document:
http://en.opensuse.org/Xen3_and_a_Virtual_Network
I have one physical interface on dom0 - eth0 with public IP, xenbr0 with
local IP(10.100.0.1/24) and 8 domU with local IP from the same network as
xenbr0.
IP address on xenbr0 is gw for all domU.
ip forwarding is enabled.
My dom0 iptables rules:
-A PREROUTING -d
2007 Oct 05
3
DNAT rule for vsftp (PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server''s port 21 from anywhere (Client initiates connection)
- FTP server''s port 21 to ports > 1024 (Server responds to client''s
control port)
- FTP server''s ports > 1024 from anywhere (Client initiates data
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
-------- Original Message --------
Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP)
Date: Fri, 05 Oct 2007 12:17:42 +0530
From: Mohan Sundaram <smohan@vsnl.com>
Reply-To: smohan@vsnl.com
To: Indunil Jayasooriya <indunil75@gmail.com>
References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com>
Indunil Jayasooriya wrote:
> Hi all,
>
> I want to run