similar to: DNAT PREROUTING issue with IPTABLES

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address - 1.2.3.4/29) to the internet ip

Hi, I am running a ASTERISK BOX behind a firewall. It is at DMZ . Now I want to connect to my ASTERISK BOX from Internet. So I want to DNAT. How can I do it? Pls assume that ip address that connects to Internet on firewall is 1.2.3.4and is attached to eth0. And ASTERISK BOX is 192.168.101.23 Then, What is the rule (PREROUTING) for it? What is the port to DNAT? I think udp 5060. So I have

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server's port 21 from anywhere ( Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's ports > 1024 from anywhere (Client initiates data connection to

Hi, got a 25/25Mbit connection which is quite stuffed. So I applied htb rules. Uplink: class htb 1:1 root rate 24500Kbit ceil 24500Kbit burst 4661b/8 mpu 0b overhead 0b cburst 4661b/8 mpu 0b overhead 0b level 7 Sent 430600689269 bytes 730147320 pkt (dropped 0, overlimits 0 requeues 0) rate 23057Kbit 5520pps backlog 0b 0p requeues 0 lended: 199673949 borrowed: 0 giants: 0 tokens: -964

Hello guys I have a subnet with 255 users, which need to share 1 single slow internet connection, so i would like to implement a kind of *fair queuing *on the UPLOAD between them, which means that they all share the connection equally.. The tools that i have available is: A linux box with IPROUTE2,HTB and TC.. I have looked at some examples, and my first idea was to make 255 entries in

Hi, I have two networks, users and servers connected via vpn (ipsec). Both internal networks. The routing is fine and connections work both ways. Accordingly both networks have a firewall each which faces the internet and they create the vpn link between each other. Both firewalls have only one external IP (if they had more, I wouldn''t be asking). The servers network''s

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

Hi All, I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport --dports 3478,4569,5060 -j DNAT

Hi, I want to have several IP''s for my connection and each IP will have it''s own hostname. Now I want to serve a web server and mail server for each hostname/IP_addr pair on the same box in the internal LAN using one apache and one postfix daemon. If I do one SNAT and several DNATs then only the hostname which I SNAT the server to would work. Is the only way to do it

Hi all, I''ve got a BOX running CentOS 4.5. It acts as a firewall + router. I have installed both iptables and iproute2. I has 3 network cards. eth0 is connected to Internet (is has an internet ip. pls assume its ip is 1.2.3.4/29). it is a 256 Kbit link. eth1 is DMZ. its ip is 192.168.100.254 eth2 is LAN. Its ip is 192.168.101.254 I have alreday shaped traffic to 64 Kbit on eth1 for

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Hi, We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP. They have given us 8 internet ips. (i.e- subnet is 255.255.255.248). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well. pls see below for

Hi , I am ruuning Senmail with MailScanner on CentOS 4.4. It has updated to kernel 2.6.9-42.0.8.EL from its past kernel 2.6.9-42.0.3.EL. Now the Server can not boot up and gives the below error. mkrootdev: label / not found Mounting root filesystem mount: error 2 mouting ext3 switchroot: mount failed: 22 Kernel panic - not syncing: Attempted to kill init! But I can boot up from its

Hi, I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as my local network users always go there. How Can I do it? I am not runnig iptables as a script nor have I put anything in my rc.local. But instaed, I input the commands and save it by using the below cmmand /etc/init.d/iptables save and I restart it /etc/init.d/iptables restart My box runs on Cent OS 4.4. Help

Hi, does anyone remember the rules for port forwarding ? the followings does not work: iptables -A FORWARD -i eth0 -o eth1 -p tcp ?dport 80 -j ACCEPT iptables -A PREROUTING -t nat -p tcp -i eth0 ?dport 80 -j DNAT ?to 192.168.20.1:80 thx lewis

Hi all, I installed cups and samba on redhat 9. Printer has been attached to the linux box . We can print from the linux box. We can print from windows clients too. But My problem is that when we print from windows, printer starts printing. But I want to set them in the queue instead. Then I want to go to cups web interface and release jobs. How can I do it? This is urgent. Pls let me know as

Hi all, I would like to know has RedHat EL 5 been already released or is it still under beta version? When will CENT OS 5 be available to the world? -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070330/001cc6a7/attachment.html>

Hi iproute2, I have a network to reach which is 192.168.2.0/24. It is a branch of the company. I have currently added a route to that network via one gateway ( 192.168.0.254) in following way. ip route add 192.168.2.0/24 via 192.168.0.254 Now, We got another gateway which is 192.168.0.250. Now I want to add a route to the same network which is 192.168.2.0/24 via this gateway ( 192.168.0.250)

Hi all, I am lookng for a truble ticket to install on my Cents os 4.4 server. RPM is always prefferd. Souce is also welcome. Have you done somethink like this before? What are the packages that you recomend for me. -- Thank you Indunil Jayasooriya -------------- next part -------------- An HTML attachment was scrubbed... URL: