similar to: DNAT PREROUTING issue with iptables

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server's port 21 from anywhere ( Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's ports > 1024 from anywhere (Client initiates data connection to

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run

Hi, I am running Bandwidthd on CentOS 4.4. (http://bandwidthd.sourceforge.net) Box running Bandwidthd network monitoring tool is behind a Firewall (iptables). My firewall has 3 network cards. One card has a real ip (live ip). That is eth0 - pls assume it is 1.2.3.4 . Pls assume router is 1.2.3.5. eth1 is for DMZ. Its ip is 192.168.100.3 eth2 is LAN . its ip is 192.168.101.254. Box running

Hi all, I''ve got a BOX running CentOS 4.5. It acts as a firewall + router. I have installed both iptables and iproute2. I has 3 network cards. eth0 is connected to Internet (is has an internet ip. pls assume its ip is 1.2.3.4/29). it is a 256 Kbit link. eth1 is DMZ. its ip is 192.168.100.254 eth2 is LAN. Its ip is 192.168.101.254 I have alreday shaped traffic to 64 Kbit on eth1 for

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552 Summary: Strange DNAT behaviour... packet don't pass to PREROUTING and go directly in INPUT !! Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: All Status: NEW Severity: critical Priority: P2

I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m

https://bugzilla.netfilter.org/show_bug.cgi?id=1117 Bug ID: 1117 Summary: Table ipv4-nat prerouting dnat doesn't accept dest IP:PORT Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=552 ------- Additional Comments From cbettero@ciditech.it 2007-03-04 21:48 MET ------- This problem prevents AJAX web sites to be hosted on the internal web server, because many packets will be dropped instead of passing into PREROUTING chain... -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email

Hi All, I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport --dports 3478,4569,5060 -j DNAT

Hi, I want to have several IP''s for my connection and each IP will have it''s own hostname. Now I want to serve a web server and mail server for each hostname/IP_addr pair on the same box in the internal LAN using one apache and one postfix daemon. If I do one SNAT and several DNATs then only the hostname which I SNAT the server to would work. Is the only way to do it

Hi, We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP. They have given us 8 internet ips. (i.e- subnet is 255.255.255.248). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well. pls see below for

Hi All, Thanks eveyone. I had a fresh installation. My box behind the firewall. it has a private ip. So irst o all, I setup DNS on that box and add that ip ( 192.168.101.38) to /etc/resolve.conf. the below URL helped me. http://wiki.zimbra.com/index.php?title=Beginner%27s_Guide_to_installing_Zimbra_on_Ubuntu_6.06_Server Then, ran Zimbra. It went all the way long successully. So I now have

Hi , I am ruuning Senmail with MailScanner on CentOS 4.4. It has updated to kernel 2.6.9-42.0.8.EL from its past kernel 2.6.9-42.0.3.EL. Now the Server can not boot up and gives the below error. mkrootdev: label / not found Mounting root filesystem mount: error 2 mouting ext3 switchroot: mount failed: 22 Kernel panic - not syncing: Attempted to kill init! But I can boot up from its

On Mon, June 25, 2007 08:00, centos-request at centos.org wrote: > Send CentOS mailing list submissions to > centos at centos.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.centos.org/mailman/listinfo/centos > or, via email, send a message with subject or body 'help' to > centos-request at centos.org > > You can reach the

Hi, does anyone remember the rules for port forwarding ? the followings does not work: iptables -A FORWARD -i eth0 -o eth1 -p tcp ?dport 80 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -i eth0 ?dport 80 -j DNAT ?to 192.168.20.1:80 thx lewis