similar to: NAT/MASQ with multiple external static IPs

Dear all, I am working on a linux box (2.4.22 kernel) which is used as a bridge. And I want to add traffic control rules on it by client''s MAC. Does anyone has such experience on how to do that? Thank you very much!! Best regards, Henry _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hello everybody. I''m running linux 2.6.19 with nth match to alternatively snat outgoing connections to two different ip addresses for load balancing between two adsl lines: Here is: $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to adslA $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport

Hi. I have strange troubles with DNATing UDP packets. The situation: 1. We have local network 10.10.0.0/16 2. We have a "server network" 192.168.1.0/25 connected with local network by a router 10.10.100.1 (other ip 192.168.1.1). 3. Web server is located at 192.168.1.2 4. There are HW pingers in the net 10.10.0.0/16 whose do ping 10.10.100.1 every second. The ping is the UDP packet

Which kernel supports the iptables'' -m dstlimit? Do I need a patch or something else to get it to work? Is it too experimental? -- Покотиленко Костик <casper@meteor.dp.ua>

Hi. The task: 1. There 3 servers and a router with 2 PPPoE connections (let call them: ppp0, ppp1). 2. There are several groups of Inet-clients to be served (Servers, Clients and Club). 3. The task is: - to route Club through the ppp1; - to Servers and Clients through ppp0; (Next is reproduced from memory and may be slightly incorrect) router # netstat -nr Kernel IP routing table

Hi. I have a Server''s network with some servers in it, all with 192.168.1.0/25 ips. There is also a router in that network with ip 192.168.1.1. This router also connected to a client''s network 10.10.0.0/16 with ip 10.10.100.1. All services on each server are given their virtual address from one of two virtual networks 192.168.1.128/28 and 192.168.1.144/28. 192.168.1.128/28 is

More than one of our docs issues revolve around some confusion between "IP masquerading" and "SNAT" -- a confusion I might share, or if contagious, I may be catching. <g> I think of SNAT more or less as a special case of IP masquerading, applicable when, for example, the external interface has multiple IP''s and you choose to _explicitly_ set the address through

hi, in the masq file''s documentation, there is a sentence: "If you have a static IP on that interface, listing it here makes processing of output packets a little less expensive for the firewall." this realy means that SNAT to the primary address is less expensive than a MASQ rules in the netfilter? is this documented anywhere in iptables/netfilter? thanks. -- Levente

In the panic of replacing our firewall(s) earlier in the week, we ended up moving our original shorewall 1.4 config onto a machine with 2.0.10 already installed, overwriting all the 2.0.10 config files. Most things seem to work fine, except for our masq entries. I''ve examined the default 2.0.10 files compared with our 1.4 files, and can''t spot the problem. What am I missing?

Hello, on my old system I''m using ipchains. Can anyone help me with converting rule /sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp to shorewall. I know that I can write eth0 source_addr to /etc/shorewall/masq file but I can''t found where I can specify the destination address. The reason for this is to allow one user (computer) access only to

Hello, > My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN. I am little confused about NAT. I have a static IP from ISP I want to do a NAT on eth0. What should I use in shorewall masquerading or static nat ? Thanks Varun

Hello All, I was curious to know if I can do traffic shaping on abonded Interface? Ex: I have to interfaces eth1 and eth2 which i have bonded together as bond0 , now the question is can I do shaping on eth1 and eth2 ?? Thanks KartheeK --------------------------------- Here''s a new way to find what you''re looking for - Yahoo! Answers Send FREE SMS to your

I have a dual-homed firewall. It has 2 Internet connections, provided by different ISPs (each with an associated IP address). The 2 Internet connections are connected to the same physical interface. The 2 Internet connections do NOT have equal bandwidth How do I configure the SNAT/MASQ and ensure sharing of the gateways with the correct ratio of usage and with the correct source IP address? I

In /etc/shorewall/masq I have: eth0 eth1 eth0 vmnet1 eth0 vmnet8 ------------- eth0 is my default route to the Linksys router connected to the cable modem. eth1 is my connection to 192.168.1 subnet and it is the gateway for all other machines on this subnet. My routing table is: # netstat -nr Kernel IP routing table Destination

Hi All! I need to deploy a bridge firewall using linux kernel 2.6. I had success using kernel 2.4 plus br-nf patch. But the configuration does not work with kernel 2.6. If the default policy for the iptables FORWARD chain is ACCEPT I have a bridge. If iptables FORWARD chain is DROP I have an insulator (no packet flows). Any hint? I did some google search and in many places they say "kernel

Hi, I need some special masq rules to allow internal servers to resolve public IP''s which are loadbalanced by LVS - the rule are: iptables -t nat -A POSTROUTING -m ipvs --vaddr <LVS PUBLIC IP>/32 --vport 80 -j SNAT --to-source <LVS INTERNAL IP> Also I need to enable: echo 1 > /proc/sys/net/ipv4/vs/conntrack Currently I do all this from /etc/shorewall/started - but is

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

Hi All, I''m trying to do some traffic shaping on an ethernet bridge. Currently, I have the following setup working: ifconfig eth0 down brctl addbr br0 brctl addif br0 eth0 brctl addif br0 eth1 brctl stp br0 off ifconfig eth0 0.0.0.0 up ifconfig eth1 0.0.0.0 up ifconfig br0 up This creates a bridge consisting of eth0 and eth1. So far so good. I now want to use tc to shape traffic

Hi, I have setup a IPSEC VPN using Openswan to connect a Draytek router to a CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m getting a problem with packets from the left hand subnet getting masqueraded rather than routed down the IPSEC VPN as though they were going out onto the net. I''ve spent the last day searching Google and so far I''ve hit a

You want multiple IP Addresses for email if you are hosting more than one domain. The reason is, everyone now checks for reverse DNS with email so you need a different public IP Address for each email domain. This way, all the reverse DNS translations will be unique. For apache, you can have multiple websites sharing the same IP Address as long as you don''t do anything with SSL. SSL