Displaying 20 results from an estimated 10000 matches similar to: "about raw table"
2005 Dec 18
3
connection tracking
Hello
I have some rules inserted in the NAT table dual SNAT and DNAT for a
connection
They use at some moment the same port of the outside network.
The problem i have is that the connection tracking in the kernel checks
first the oldest rule and then the newest one.
I use a system based on ARM XScale processor. Is that the default behaviour
and how can i change this behaviour?
Marius
2020 Feb 27
9
[Bug 1410] New: STATELESS, rules with notrack into a map
https://bugzilla.netfilter.org/show_bug.cgi?id=1410
Bug ID: 1410
Summary: STATELESS, rules with notrack into a map
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: nft
Assignee: pablo at
2016 Dec 20
0
[ANNOUNCE] nftables 0.7 release
Hi!
The Netfilter project proudly presents:
nftables 0.7
This release contains many accumulated bug fixes and new features
available up to the (upcoming) Linux 4.10-rc1 kernel release.
* Facilitate migration from iptables to nftables:
At compilation time, you have to pass this option.
# ./configure --with-xtables
And libxtables needs to be installed in your system. This allows
2005 Jul 28
3
Routing for multiple uplinks/providers problem.
Been running this for quite a while and noticed that have intermittent
problems getting out.
Find that if I ping the same site from 2 computers it may work on one
and fail on the other.
Also was surprised that some time they are going out different
interfaces at the same time.
Seems to work all the time from the firewall.
Running 2.6.10 kernel with the multipath routing patches on a debian
2005 Nov 28
0
conntrack match failed, packets not FWMarked
Hi all,
I have 2 ISPs on a Linux router and a local network with one Linux server
and many windows.
The local network is masqueraded.
I want to give access to port 25 and 80 of my server from any incoming
request (i.e. from my 2 ISP). I have made a DNAT translation, witch work but
the outgoing answers are not routed correctly. Of course, the de-SNAT
process is done before the routing process. So
2004 Sep 30
2
2 DSL link, DNAT & SNAT
Sorry for the long descritpion of the problem, I''d like to know If I
misunderstand something or if I meet an intrinsic limit of my setup.
217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10
eth0: 192.168.254.1 -----+------------------+-------
81.121.243.250 ADSL eth3 -
I want to allow incoming pptp request (port 1723) to be forwarded to
srv_xp
2012 Aug 20
0
Shorewall 4.5.7
The Shorewall team is pleased to announce the availability of Shorewall
4.5.7.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.6.2.
2) The command
2005 Jun 22
0
RE: Q: Routing the Same IP simultaneously on differentcomputers ?
Hi,
First, never compare a linux box with a cheap and dumb broadband router.
I''m not sure if i understand very well your scenario but I asume is like
this:
192.168.0.1---------
-----------| ipsec |
| ---------
128.X.X.X --------- 192.168.0.254 |
ISP ----------| linux |------------------|
--------- | ---------
2002 Nov 18
0
help! tc filter dose not work..
-------------- eth0------eth1 eth0------------
|211.241.219.xx | --- | ROUTER | --- |192.168.1.4 |
--------------- --------- ------------
when i send traffic from ROUTER to 211.241.219.xx or
192.168.1.4(masquraded),
the filter works fine...
In ROUTER, tc filter policy is like this:
tc filter add dev eth0 parent 1:0 protocol ip u32 match ip dport 80 0xffff
2005 Jun 23
2
TC installation
Even on a i386 machine for a very simple qdisc i get this error answer:
RTNETLINK answers: Invalid argument
what are the options in the kernel that i have to choose to escape
this error? I really know nothing about netlink sockets, what they
are, where they are in the kernel, what should i do.
please help.
Thank you in advance,
Marius Corici
2004 Jan 19
0
Two ISP load balancing + One ISP'' subnet explicit routing
Hello!
I have a problem. May be here exist anyone who has encountered with the following problem.
I have a router which is connected to 2 ISP from external side and one LAN internal
interface. The feature is that the one ISP allocates a subnet xxx.xxx.xxx.160/28 for me
but I split it into two subnets xxx.xxx.xxx.160/29 and xxx.xxx.xxx.168/29 and assign the
latter to the internal interface. Also
2004 Aug 02
1
Split Access Routing and SNAT
Hi all,
i got the following configuration:
* NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28
* NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28
* INTNET: Internal Network with productive servers and workstations,
192.168.1.0/24
Obvisiously the 10er networks are official networks but censored to
protect my customer.
The routerbox assigns on eth0 all
2004 Nov 15
3
source policy routing going to wrong path
Hi,
Below is my Linux firewall network configuration: -
eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252
eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252
eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0
eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0
isp 1 gateway: 1.1.1.9
isp 2 gateway: 2.2.2.9
Below is my iptables rules: -
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables
2006 Sep 17
0
Weird DNAT + passive FTP bug
Hello,
I''m observing a weird bug with ip_nat_ftp in a somewhat more complicated
constellation. It''s possible that XEN is also involved in this, but I''m
not sure.
What I''m trying to do is have XEN guest domains on a host, connected via
a bridge into a private network. The the privileged domain attaches to
this private network and acts as a NAT router to connect
2006 Jan 02
4
RE: Fwd: Several IP''s, one mail and http server
You want multiple IP Addresses for email if you are hosting more than
one domain. The reason is, everyone now checks for reverse DNS with
email so you need a different public IP Address for each email domain.
This way, all the reverse DNS translations will be unique.
For apache, you can have multiple websites sharing the same IP Address
as long as you don''t do anything with SSL. SSL
2006 Apr 27
1
Unsubscribe
> Send LARTC mailing list submissions to
> lartc@mailman.ds9a.nl
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> or, via email, send a message with subject or body ''help'' to
> lartc-request@mailman.ds9a.nl
>
> You can reach the person managing the list at
>
2006 Aug 03
0
[Bug 498] New: RTP packets are not hitting NAT table
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=498
Summary: RTP packets are not hitting NAT table
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: Fedora
Status: NEW
Severity: major
Priority: P2
Component: NAT
AssignedTo: laforge@netfilter.org
ReportedBy:
2020 Aug 04
0
[Bug 1448] New: SNAT/DNAT/Masquerading not working for UDPLite protocol
https://bugzilla.netfilter.org/show_bug.cgi?id=1448
Bug ID: 1448
Summary: SNAT/DNAT/Masquerading not working for UDPLite
protocol
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5
Component: NAT
2004 Jan 14
0
Any NISTNet alternative or fix ?
Hi,
I need to simulate (with a certain degree of control) common WAN
problems like packet loss/duplication, delay and conditions of limited
bandwidth. I found that NISTNet is what i need, but it seems the package
has not been updated since October, 2000.
This is not really a problem as I found NISTNet runs perfectly with
Linux kernels up to 2.4.23 (officially 2.4.18 is the latest mentioned in
2013 Sep 10
4
[Bug 850] New: DNAT applied even after deleting the IP Tables DNAT Rule
https://bugzilla.netfilter.org/show_bug.cgi?id=850
Summary: DNAT applied even after deleting the IP Tables DNAT
Rule
Product: iptables
Version: 1.4.x
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at