Displaying 20 results from an estimated 300 matches similar to: "[Bug 554] New: Packet illegaly bypassing SNAT"
2007 Mar 15
5
[Bug 554] Packet illegaly bypassing SNAT
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554
------- Additional Comments From kaber@trash.net 2007-03-15 02:53 MET -------
Most likely these packets are considered invalid by connection tracking and
therefore not handled by NAT. Try this:
iptables -t mangle -A POSTROUTING -m state --state INVALID -j DROP
--
Configure bugmail:
2007 Apr 17
6
[Bug 554] Packet illegaly bypassing SNAT
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554
------- Additional Comments From fhagur@gmail.com 2007-04-17 05:04 MET -------
I have been wondering about this bug and had similar problems myself here in my
Debian system, linux-kernel 2.6.18 iptables 1.3.6.
I too saw that some packets became transmitted illegally through the ppp0
interface, when they just shoudn't.
What I
2001 Apr 28
0
How can I do this? Please, help me
Hi folks...
I'm configuring Firewall in the server running Conectiva Linux 6.0 (Brazil)
and I already configured to accept connections in the ports:
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp
2003 Jul 29
1
IMQ and fwmark
Hi all,
I want to divide the incoming traffic between what should go to
the firewall and what should be forwarded to the local network
behind it. I started with the IMQ example config, but added an
extra htb class right below "10:1" to get the two sfq''s to borrow
each other''s bandwidth.
However, I can''t figure out how to set the two marks. According to
this
2011 Mar 19
2
Re: fallout new vegas wineskin mac osx 10.6.5
I'm new to all of this, never played a windows game on mac before, but I thought I might get some help here. Sorry if I'm posting in the wrong thread or anything like this.
I copied fallout new vegas from a friend who I'm pretty sure downloaded it illegaly. Don't know if this is relevant, just want to be sure. First of all it won't start - I have the same problem as the
2013 Nov 25
0
[Bug 876] New: bizarre handling of "related" connection packets (wrong OUTPUT interface assigned)
https://bugzilla.netfilter.org/show_bug.cgi?id=876
Summary: bizarre handling of "related" connection packets
(wrong OUTPUT interface assigned)
Product: netfilter/iptables
Version: unspecified
Platform: x86_64
OS/Version: Fedora
Status: NEW
Severity: normal
Priority: P5
2004 Jun 26
1
IAX & FWD, No authority found?
Hi Folks,
Just wondering if anyone can give me some pointers, I'm configuring Asterisk to talk to FWD's new IAX service. The asterisk server is behind an iptables NAT Firewall, with port 5036 forwarded:
$IPTABLES -t nat -A PREROUTING -p udp -d $EXTERNAL_IP --dport 5036 -j DNAT --to-destination 172.16.20.200:5036
I can make outgoing calls just fine, but when I receive an inbound call
2010 Jan 06
12
Dom0 NETTX, NETRX alway are 0
I tried netperf / netserver with Dom0 / DomU, but I could''nt get a correct
NW traffic with xentop. Is there anybody could help me?
At Host1''s Dom0, run netperf -H VMIP
At Host2''s DomU (with VMIP named TTVM), run netserver
At Host1, run xentop this way ->"xentop -n -b -d 1"
At Host2, run xentop this way->"xentop -n -b -d 1"
In Host2''s
2006 Nov 06
3
Ingress qdisc bypassed on SNAT''ed traffic?
Hello,
I am using the following iptables POSTROUTING rule to NAT some RFC
1918 addresses:
iptables -t nat -A POSTROUTING -s 192.168.19.23 !
192.168.0.0/255.255.0.0 -p tcp --dport 80 -j SNAT --to-source
10.32.4.2
(I am using SNAT instead of MASQUERADE for performance reasons).
I have several addresses on the 192.168.0.0/16 subnet that I am
SNAT''ing similarly.
Problem is, ''tc
2002 Aug 29
2
Weird(?) HTB3 setup
Hi,
I want to be able to specify actions for different classes of
traffic in any of these four ways, and I''d like to use only
HTB if possible:
1. No guranteed rate, No ceil
2. Guaranteed rate, No ceil
3. No guranteed rate, Ceil specified
4. Guaranteed rate, Ceil specified
For types 2, 3 and 4 there can be several classes of each, with
different rates and ceilings.
4 is ofcourse easy.
2007 Sep 13
1
Bypassing firewall alternatives
Hi
I am experiencing a problem of bypassing firewalls.
I know that "ssh -R" can forward ports from remote server to local ports.
But it requires an account of the remote server, which seems to be a
security hole.
I am looking for other programs which can do so, any suggestions?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
2006 Nov 15
1
bypassing qdisc for some traffic
Hello everybody.
I would like to enable QoS on the internal firewall NIC
(eth2) to prevent bandwidth saturation from ftp downloads
(for example). This is my firewall schema.
___ private network (100bit/s FD)
/
/ /\
| / //\\
|/ ||
|eth2 \\
|
2004 Jun 17
0
Bypassing Loopback
Is it possible to setup a route that will place the packet ''on the wire''
even if the destination is a local IP? I have been through the iproute2
docs and nothing jumps out at me. I am working on a project measuring
network latency/jitter/etc and am currently using a GRE tunnel as the test
path for measuring the first leg. The router at the other end of the tunnel
faithfully
2008 Mar 16
0
bypassing verify_authenticity_token before_filter when in facebook
Hi list,
Not sure if this is helpful for anyone but I am working on a Facebook
project where I need bypass the new CSRF protection (built into Rails
2.0) under certain conditions. However, since my project works
outside of Facebook I don?t want to disable the CSRF protection from
requests made outside of Facebook.
Here is a small extension i wrote for the ForgeryProtection module.
2012 Jan 14
0
iptable rule for bypassing netfilter queue for a matching address.
I have two iptable rules for userspace modification :
iptable -t mangle -A PREROUTING -p udp --dport 9090 -j NFQUEUE
iptable -t mangle -A OUTPUT -p udp --sport 9090 -j NFQUEUE
I have the following network setup:
client ---------------->Linux Box or router--------------------->server. What i'm trying to achieve is modifying all packets which comes from client to 9090 port of the
2000 Aug 01
1
RSA authentication bypassing /etc/nologin
Hello everyone,
I noticed recently that when I had /etc/nologin in place on my
server I couldn't log in when I authenticated via passwords, but when I used
RSA authentication I was able to log in no problem. I looked through the
source, and I think I might see where the problem is. I have a Linux system,
so sshd was compiled with PAM support. Using normal authentication, the
pam_nologin
2010 Mar 12
1
Setting up RTP to flow between endpoints directly bypassing Asterisk
Hello,
http://www.voip-info.org/wiki/view/Asterisk+Letting+SIP+clients+connect+directly
The link above indicates that it is possible to setup RTP streams to
directly flow between endpoints and completely bypass Asterisk. I would
like to know if this configuration would work when,
a) both endpoints are behind NAT, and/or
b) both endpoints don't support same codecs
with media flowing
2019 May 22
2
Bypassing 'A stop job is running' when rebooting CentOS 7
I'm currently trying to reboot a CentOS 7.5 workstation (to complete an
upgrade to 7.6), but it is 'stuck' while shutting down with 'A stop job
is running for ...' - the counter initially gave a limit of '1min 30s' -
but each time it reaches that limit, it just adds on ~90 seconds to the
limit ...
Currently the limit is '25min 33s'
I'm in no hurry to
2019 May 22
0
Bypassing 'A stop job is running' when rebooting CentOS 7
James Pearson wrote:
>
> I'm currently trying to reboot a CentOS 7.5 workstation (to complete an
> upgrade to 7.6), but it is 'stuck' while shutting down with 'A stop job
> is running for ...' - the counter initially gave a limit of '1min 30s' -
> but each time it reaches that limit, it just adds on ~90 seconds to the
> limit ...
>
> Currently
2019 May 22
0
Bypassing 'A stop job is running' when rebooting CentOS 7
On Wed, May 22, 2019 at 7:44 AM mark <m.roth at 5-cent.us> wrote:
>
> The joys of systemd....
I'm not sure it's right to blame systemd. Systemd asked nicely for
the service to shutdown. The service didn't, probably because the
update change something and pulled the rug out from beneath it.
Systemd then waited a bit to make sure the service wasn't just being
slow, and