similar to: source policy routing and SNAT - wrong hardware adress

Hi, my box is connected to 3 networks, eth0 eth1 wlan0. I want "my" traffic to go via wlan0 and everything from eth1 NATed to eth0: eth0 192.168.1.10/24 eth1 172.16.1.1/12 wlan0 192.168.10.190/24 I first tried this with two single hosts: iptables -A POSTROUTING -j MASQUERADE -o eth0 -t nat iptables -A POSTROUTING -j MASQUERADE -o wlan0 -t nat echo 200 Forw >>

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

https://bugzilla.netfilter.org/show_bug.cgi?id=1206 Bug ID: 1206 Summary: segfault when snat map rule has been added Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users

Hi all, i got the following configuration: * NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28 * NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28 * INTNET: Internal Network with productive servers and workstations, 192.168.1.0/24 Obvisiously the 10er networks are official networks but censored to protect my customer. The routerbox assigns on eth0 all

Hi! I''ve been searching the net for information about this topic, but I can''t find anything relevant to my problem or I don''t understand the answer completely. Please enlighten me... :-) I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today the users behind the Cisco FW is on a NAT-network and in the same network there are a couple of

Hi, I configured a router box to use 2 providers, as described in the HOWTO. (Apendix 1) I want to use both links to reach a single smtp server. As I read in the kptd and in some old messages of this list, doing a SNAT in the postrouting chain comes _after_ the routing desision. So I guess the following lines I''m trying to use are wrong. (See Apendix 1) What can I do to have multiple

Hello, I used iproute2 to do iif specific routing on wifi routers with 2 wifi 802.11b interfaces on non overlapping interfaces. I set rule as follows on router-2 (shown below) use table 100 if incomming interface is wlan0 use table 200 if incomming interface is wlan1 all routes in table 100 have wlan1 as oif all routes in table 200 have wlan0 as oif --wlan0--

Hello, I have a problem with the following setup, I hope you can help me. I have two internet gateways, one for LAN1 and the second for LAN2. +--------------+ GW1 more eth0| |eth4(SNAT) GW2 ---...routers...-----+ router +----------------- | | +---+------+---+ eth1|

Hello, I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 +------------+ +-------------+ | | | | |192.168.1.1 | | 192.168.2.1 | | DSL-Router | | ISDN-Router | +------------+ +-------------+ | |

Hello, I''m trying to get my shaper to work, but have only a partial success. Can someone help me with that. My setup unfortunately is not so trivial, but I think some people could have similar one... 1. There is a router connected to the internet line via interface eth0 2. There are users connected to the router via two interfaces : eth1 and wlan0 3. All users are assigned private IP

https://bugzilla.netfilter.org/show_bug.cgi?id=1227 Bug ID: 1227 Summary: Current conntrack state isn't considered when evaluating multiple SNAT rules Product: netfilter/iptables Version: unspecified Hardware: All OS: other Status: NEW Severity: enhancement Priority: P5

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 Summary: Packet illegaly bypassing SNAT Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy:

https://bugzilla.netfilter.org/show_bug.cgi?id=1225 Bug ID: 1225 Summary: Nft syntax error (snat, dnat using multiple maps) Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

i have a box with 2 real interfaces and one more virtual eth0 - to the internet (193.... eth1 - to the local net (192.168..) tun0 - to another ISP the routing is: all the free/local classes i send them directly on eth0, the rest of the internet i send throw tun0 the admin from tun0 wants me to snat all the packets with my end of the ip-tun0-interface and i snat all the trafic that go to

Hello, I need some help about a routing problem on a complex configuration. The problem is that I can''t reach from services outside from my DMZ. The scenario is a gateway linked to three internet connections, so that I used three distinct iproute2 tables for routing. The gw is running ipvs for balancing over the dmz''s servers. DMZ servers are on 192.168.1.0/24 network, .

http://bugzilla.netfilter.org/show_bug.cgi?id=763 Summary: dnat and snat not changing port numbers on sctp packets Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P3 Component: NAT AssignedTo: netfilter-buglog at

Hello all, I have shorewall setup with 3 SNAT entries for external IP address''s to a single IP internal address. I am wondering how to limit access based on the source IP address. ex. EXT IP 1 access only to port 25 EXT IP 2 access only to port 443 EXT IP 3 access only to port 80 I have the SNAT setup correctly and I have 3 accept line in the rules file (25,80,443) but I can hit