similar to: What Cisco calls ''Overloading NAT''??

Hello folks.. Does any of you know if it is possible to rewrite the ip src in a packet. I have a problem involving a DMZ with external IP addresses routed trough a single WAN IP. When the server initiates a connection, it looks like it comes from the WAN ip instead of it''s designated External IP routed through the WAN. So in short, Is it possible to rewrite the packet in the router,

Hello I have some rules inserted in the NAT table dual SNAT and DNAT for a connection They use at some moment the same port of the outside network. The problem i have is that the connection tracking in the kernel checks first the oldest rule and then the newest one. I use a system based on ARM XScale processor. Is that the default behaviour and how can i change this behaviour? Marius

Hello everybody. I''m running linux 2.6.19 with nth match to alternatively snat outgoing connections to two different ip addresses for load balancing between two adsl lines: Here is: $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport --dports 80,443 -m statistic --mode nth --every 2 -j SNAT --to adslA $IPTABLES -t nat -A POSTROUTING -s my_ip --protocol tcp -m multiport

Hello, I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 +------------+ +-------------+ | | | | |192.168.1.1 | | 192.168.2.1 | | DSL-Router | | ISDN-Router | +------------+ +-------------+ | |

how to use iproute/iptables to balance by packet OUTBOUND traffic between 2 PPP (pptp cable modem and pppoe adsl modem) links to the same ISP . also by using the fact that the ISP dosen''t filter source IP address - meaning i can use either PPP''s link assigned IP address as the source IP in the ip header.., it works for both devices.., what i want to achive is : when uploading a

I''m wondering if the following is possible under recent versions of shorewall: 1. We have several class-C networks from both UUNet and Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on

Hi, I have a linux box which balances load between two interfaces ( say WAN1 and WAN2). I have masquerading on for any request coming from LAN to the outside world. The setup is in such a way that WAN1 drops packets with source ip belonging to WAN2''s network and viceversa. For some strange reason, I find that packet coming out from the WAN interface has source address of WAN2 and

I have a block of IP addresses (2048) used for ADSL connections to customers. In order to provide a fair slice of available bandwidth on the contended services I would like to be able to set up some kind of SFQ filter, but using a hash of the destination IP address rather than the the full source and destination ip and port. This would be done at the Internet side gateway for traffic being

I''ve read through the nano documentation, and it says that it wont handle scenarios where the main traffic is input. Also, I''ve read through the linuxvirtualserver documentation, and i dont think that applies to me either, as that set up intercepts traffic and manipulates the final destination IP and port for the traffic. What I would like to do is 1) from the ISP standpoint,

Currently using physdev on a bridge to try and isolate certain paths across and to the bridge. It all works except when trying to stop the flow in one direction on the FORWARD chain?? Can someone please help?? Below is the testing done so far. eth1 <---> BRIDGE <---> eth0 # Block (eth0 ---> eth1) - blocks both directions and not just one?? iptables -A FORWARD -m physdev

https://bugzilla.netfilter.org/show_bug.cgi?id=1410 Bug ID: 1410 Summary: STATELESS, rules with notrack into a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

I am developing load balancing router, But I have a question about fail over. The follow diagram is my test environment and scripts. ------------------------------------------------------------------- Environment Setting PC1(192.168.10.2) | (LAN) | PC2-eth2(192.168.10.1) +

Hi, I read the howto of iproute, I have the same case with HOWTO, the difference is that the whole incoming traffic goes through interface 0, the other difference is that I do not want to balance the out going traffic, because I have specific networks to take it throughout another interface. Mi Case IF1 --> Input and Output IF2 --> Only aoutput for three Network I need Help, How can I

Hi guys, Can you take a look at this? :) +-----------+ | | eth1-|- | | -|-eth0---LAN--- | | eth2-|- | | | +-----------+ - eth0 is connected to the LAN having the IP=LAN_IP eth1 is connected to the first ISP having IP=ISP_IP_1 and GW=ISP_GW_1 eth2 is connected to the second ISP having IP=ISP_IP_2 and GW=ISP_GW_2 I need

Hi, I want to use Linux to do FASTNAT between some 192.168.x.x addresses in a routed network on one side and a single 10.0.0.x/24 on the other side. I want to do one-to-one NAT but in a dynamic way... such that a calling address is NATed into the next available 10.0.0.x/24.... in a round robin sort of way... IS there a way to do this using LARTC?? If not LARTC, then how?? This sort of thing

Hello, I''m new to the list and iproute2 itself. I was searching for a way to simultaneously use several IPs on the *same network interface* for outbound traffic. Let me explain: I have eth0 interface to which I set 2 IP addresses; 192.168.0.1 and 192.168.0.2. Then I want to connect to Internet through 192.168.0.254 gateway using round-robin between those 2 addresses. The iproute2

I administer a nano-setup on a dorm-network with a couple of hundred active users. The setup uses 2 x 2 2Mb/s DSLs, meaning two DSLs from each of two different ISPs. It works fine except for some minor glitches: https-sites often kicks users. This was solved by tying outbound https to a single DSL. Not the best solution but it works so far that users dont kicked from the sites anymore. Now

Hi gurus, I need a way to do SNAT based on source mac before routing. This is because hosts attached to my gateway can have duplicate IP addresses, and I have to distinguish over them. I tried to use the nat tool that comes with iproute2, but this force to make a mapping only address to address, and I wanted to do it by mark (I also use iptables to do that). For example, I tried to

Hi, I want to have several IP''s for my connection and each IP will have it''s own hostname. Now I want to serve a web server and mail server for each hostname/IP_addr pair on the same box in the internal LAN using one apache and one postfix daemon. If I do one SNAT and several DNATs then only the hostname which I SNAT the server to would work. Is the only way to do it