similar to: transparent proxy?

My TCP clients connect to box A. I need to forward those connections to a server on box B, such that the original client IPs are visible to the server on B. Each box has two Ethernet ports. One port on each box is connected to WAN, and they are cross-connected in a LAN via remaining ports: ------------------- ------------------- WAN -- |eth0 Box A eth1|---LAN---|eth1 Box

Hello I am trying to redirect all http traffic of unauthorized wifi users on a wireless hotspot to a login page. The problem I have is that I can not disable the regular address translation (I want the source address to stay the same). 10.0.0.7 is the wifi client 195.250.155.29 is the web wifi user tries to access from his browser 195.113.17.94 is my login page 10.0.0.1 is the wifi

Hi Ppl I have 5 adsl lines that after reading quite a bit i managed to get load balanced now abvoiusly it doesnt load balance evenly and this works on what routes are still in the routing cache. my question is my outbound masquerading had to be modified to use snat in iptables instead of just plain masquerading my outbound masquerading now works but my inbound port forwarding doesnt work would

Hello! I have the following setup: 1) a connection to my ISP with a public IP (1.2.3.4) with the gateway 1.2.3.1 2) an allocated IP class with 64 addresses (5.6.7.192/26) 3) two LANs connected through two NICs: a) 192.168.0.0/24 on eth1 (192.168.0.1) b) 10.0.0.0/24 on eth2 (10.0.0.1) The IPs from the allocated class are all assigned to eth0. The networks are SNATed to the external IP and

I've been trying to get the transparent proxying facility of icecast to work so I can listen to multiple copies of stream on my local network, while only receiving a single stream over my WAN link (Like DUH! thats what the proxy is for ... I know, stay with me). I have mpt been been able to get this feature to work, and it looks like there may be a bug in the icecast server as everytime I

ESFQ''s original hashing algorithm never worked particularly well for the src or dst hash types: close IP addresses, such as 10.0.0.1 and 10.0.0.2 often hashed to the same number, even with many different perturbation values. This prevented the src and dst hash types from working adequately with small and medium-sized network ranges. A while ago, I added the src_direct and dst_direct hash

Hi All, I have a linux router, configured with two internet connections and two lan segments. I''ve setup multipath routing as described in http://lartc.org/howto/lartc.rpdb.multiple-links.html My problem (I think) is that somehow the router will randomly choose incorrect routing paths for different hosts, for example: on my workstation (192.168.1.20), I ssh to a server I have on an

Hi, The network topo looks like this: the original network: router1 router2 | | |----------------OSPF------------| the target network: (we need to insert a transparent firewall between these 2 routers, so a proxy arp is set up on firewall to bridge router1 and router2) router1 firewall router2 |

I'm attempting to configure source-specific routing so that my servers can exist on multiple subnets from multiple upstream providers. A rough diagram of the network layout: ISP1 router (blackbox, routes subnet A, address on subnet A) \ -----------eth0(firewall)eth1---((servers)) / ISP2 router (blackbox, routes subnet B, address on subnet B) The aim is to allow the servers to use

Hi, We have some Asterisk servers that we are moving behind a NAT to preserve public addresses and make room for growth. This is Asterisk 1.4 NAT works very good with the externip/localnet-setting when we are connected directly to our teleco. But when I try to use NAT and put them behind our Kamailio something interesting happens: The media-address in the SDP is the internal ip and not the

Hi, Is it possible to transparent proxy FTP through Squid? If so what rules would i need to add to the rules file so that any ftp request is forwarding through Squid? I have www traffic being Tranparantly proxied. Herwith my www rules: REDIRECT loc 3128 tcp 80 ACCEPT loc fw::3128 tcp www - all ACCEPT fw

I have a setup something like this: WWW -- ADSL Router -- Gateway -- LAN 10.0.0.2 --> <-- 10.0.0.1 192.168.0.1 --> <-- 192.168.0.X Shorewall Squid proxy On the gateway, shorewall is sucessfully redirecting port 80 from the LAN to the proxy on port 3128. Is it possible to also redirect

Hi, I followed the instructions in the section "Squid (transparent) Running on the Firewall" on http://www.shorewall.net/Shorewall_Squid_Usage.html to setup Squid transparently on a Linux gateway. My net is as follows: loc subnet --- fw Linux Gateway --- ADSL router 192.168.1.0/24 192.168.1.92 (eth1) WAN.WAN.WAN.2 (gw = WAN.WAN.WAN.WAN (eth0) 192.168.1.92) (gw =

got it running, really easy !!! I am running shorewall 1.2.12 on a debian stable ! and have a squid as transparent proxy on another machine (debian testing) tried to get this work the hole day: I found this iptables: ------ iptables -t nat -A PREROUTING -i eth0 -s ! $squid_box -p tcp --dport 80 -j DNAT --to $squid_box:3128 iptables -t nat -A POSTROUTING -o eth0

Hi, I followed the instructions posted on the shorewall web page for transparent proxy, but I still cannot get it to work. I have almost the same setup as described on the web, running squid on dmz, eth1, and the loc on eth2. I can see that packets going out from the fw, they are not sent to the squid proxy, and if I try to telnet to the squid proxy to port 80, where I should be directed to

Hello ! I'm setting up workstations to acces a lan behind a tinc host (server) in parenthesis, their vpn ip address workstations on the internet running tinc 1.2.3.4 (10.0.0.2) -> internet -> tinc host 4.3.2.1 (10.0.0.1) -> lan 192.168.1.0/24 in linux, no problem : root@natch> cat tinc-up #!/bin/sh ifconfig $INTERFACE 10.0.0.2 netmask 255.255.255.0 route add -net

"A Tale of TTL Troubles" I was hired to implement VPN for a subnet. The owner has a /27 at his home site, and he wanted to have the machines there answering BOTH on those IP addresses and some addresses at a remote colocation provider. Make sense? Not to me either. :( I think he''s trying to fool his customers into thinking he has a physical presence in the colocation city.

Dear all, I have a bit of a complicated tinc setup yielding weird results that I cannot explain. I would be glad if maybe someone here could help me out. I have 3 machines (with IP addresses in my tinc network) machine A (10.0.0.2) runs gentoo, tinc-1.1_pre17, behind router Y machine B (10.0.0.3) runs gentoo, tinc-1.1pre15, behind router X machine C (10.0.0.1) runs raspbian, tinc-1.1pre15, behind

I have a box with only 1 IP (lets say 10.0.0.1) which has an ipip tunnel to another machine (lets say 10.2.0.1)(different networks) i wan''t all packets coming to 10.0.0.1 destination port 80 be routed thru the tunnel device and be answered by 10.2.0.2 (which has an interface configured with 10.0.0.1). It works if the incoming ip address is not configured on the receiving machine

Hi Lars, I have no experience to use tcpdump, here is the output from TCPdump for your reference. Any idea? Use my home PC to ping company PC 01:00:25.154706 ethertype IPv4, IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 17, length 40 01:00:25.154706 IP 192.168.1.2 > 10.0.0.2: ICMP echo request, id 1, seq 17, length 40 01:00:25.154706 IP 192.168.1.2 > 10.0.0.2: ICMP echo