similar to: [Bug 554] Packet illegaly bypassing SNAT

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 ------- Additional Comments From fhagur@gmail.com 2007-04-17 05:04 MET ------- I have been wondering about this bug and had similar problems myself here in my Debian system, linux-kernel 2.6.18 iptables 1.3.6. I too saw that some packets became transmitted illegally through the ppp0 interface, when they just shoudn't. What I

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 Summary: Packet illegaly bypassing SNAT Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy:

Hello, I am using the following iptables POSTROUTING rule to NAT some RFC 1918 addresses: iptables -t nat -A POSTROUTING -s 192.168.19.23 ! 192.168.0.0/255.255.0.0 -p tcp --dport 80 -j SNAT --to-source 10.32.4.2 (I am using SNAT instead of MASQUERADE for performance reasons). I have several addresses on the 192.168.0.0/16 subnet that I am SNAT''ing similarly. Problem is, ''tc

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=443 ------- Additional Comments From nothingel@hotmail.com 2006-02-08 05:35 MET ------- I also, the situation described in bug ID 322 seemed related and I tried the patch from Phil Oester but it did not make a difference. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving

Hello, I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 +------------+ +-------------+ | | | | |192.168.1.1 | | 192.168.2.1 | | DSL-Router | | ISDN-Router | +------------+ +-------------+ | |

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=318 ------- Additional Comments From kaber@trash.net 2006-01-28 17:29 MET ------- Please execute"echo 255 >/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid" after loading ipt_LOG and post the results. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552 ------- Additional Comments From cbettero@ciditech.it 2007-03-04 21:48 MET ------- This problem prevents AJAX web sites to be hosted on the internal web server, because many packets will be dropped instead of passing into PREROUTING chain... -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

Hi, I configured a router box to use 2 providers, as described in the HOWTO. (Apendix 1) I want to use both links to reach a single smtp server. As I read in the kptd and in some old messages of this list, doing a SNAT in the postrouting chain comes _after_ the routing desision. So I guess the following lines I''m trying to use are wrong. (See Apendix 1) What can I do to have multiple

Hi all, I''m using Shorewall since one year (1.4, then 2.0) I''m trying to migrate a linux firewall from iptables rules to shorewall. The firewall has three zones - net internet - loc1 lan - loc2 second lan I have a lot of rules like this, to SNAT the ip addresses of some computers on loc1 (192.168.16.0/24) when they connect to loc2 (10.0.0.0/8) iptables -v -t nat -I

Hello all, I have shorewall setup with 3 SNAT entries for external IP address''s to a single IP internal address. I am wondering how to limit access based on the source IP address. ex. EXT IP 1 access only to port 25 EXT IP 2 access only to port 443 EXT IP 3 access only to port 80 I have the SNAT setup correctly and I have 3 accept line in the rules file (25,80,443) but I can hit

More than one of our docs issues revolve around some confusion between "IP masquerading" and "SNAT" -- a confusion I might share, or if contagious, I may be catching. <g> I think of SNAT more or less as a special case of IP masquerading, applicable when, for example, the external interface has multiple IP''s and you choose to _explicitly_ set the address through

https://bugzilla.netfilter.org/show_bug.cgi?id=1227 Bug ID: 1227 Summary: Current conntrack state isn't considered when evaluating multiple SNAT rules Product: netfilter/iptables Version: unspecified Hardware: All OS: other Status: NEW Severity: enhancement Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1225 Bug ID: 1225 Summary: Nft syntax error (snat, dnat using multiple maps) Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

Hi, I am unable to get my LAN masqueraded using SNAT with CentOS 5.3 and iptables. I have the following setup: eth0: connects to internet with static public IP 1.2.3.1 (obscured here for privacy) eth1: connects to DMZ with static public IP 1.2.3.2 (obscured here for privacy) eth2: connects to LAN with static private IP 192.168.0.1 Traffic to hosts in the DMZ/Internet through eth0/1 work fine.

I am having problems making RTSP connections to a Windows Streaming Media Server (ie "connecting to media...." but WMP never connects). There are no error messages in /var/log/messages. It was suggested to me that SNAT might perform better than MASQ in this respect. I edited my shorewall/masq file as such: eth0 eth1 12.34.56.78 or should it be? eth0 10.0.0.0/24

i have a box with 2 real interfaces and one more virtual eth0 - to the internet (193.... eth1 - to the local net (192.168..) tun0 - to another ISP the routing is: all the free/local classes i send them directly on eth0, the rest of the internet i send throw tun0 the admin from tun0 wants me to snat all the packets with my end of the ip-tun0-interface and i snat all the trafic that go to

http://bugzilla.netfilter.org/show_bug.cgi?id=763 Summary: dnat and snat not changing port numbers on sctp packets Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P3 Component: NAT AssignedTo: netfilter-buglog at

Hello, I have a problem with the following setup, I hope you can help me. I have two internet gateways, one for LAN1 and the second for LAN2. +--------------+ GW1 more eth0| |eth4(SNAT) GW2 ---...routers...-----+ router +----------------- | | +---+------+---+ eth1|

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users