similar to: Source IP translation

Perhaps someone with a sharper brain than I can solve this little mystery. I've Googled until I'm blue in the face, read all TFM's I can find, and tried several iptables rule combinations but just can't get the following to work. Here's my challenge: I have a CentOS-5.3 "main" server with a static public IP address running Apache, OpenVPN, and a bunch of other

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the

Hi gurus, I need a way to do SNAT based on source mac before routing. This is because hosts attached to my gateway can have duplicate IP addresses, and I have to distinguish over them. I tried to use the nat tool that comes with iproute2, but this force to make a mapping only address to address, and I wanted to do it by mark (I also use iptables to do that). For example, I tried to

Hi, I am trying to categorize the network traffic and to send it out across two different providers. For this I mark the packets in the firewall (in the PREROUTING chain of table mangle), and then use another routing table for the marked packets, which has a different gateway from the main routing table. Basicaly I am following the cookbook example in this page:

Hi, I know these are a few iptbales questions. NOT CentOS, anyway, I am running a firewall on centos 5.x. If you can response, it would be fine. I want to add a SNAT rule for one user in LAN to access one particular destination on the internet. Let's say www.centos.org I added the below rule. But . it does NOT work Pls assume 1.2.3.4 is the real ip of the firewall. ip address

Been running this for quite a while and noticed that have intermittent problems getting out. Find that if I ping the same site from 2 computers it may work on one and fail on the other. Also was surprised that some time they are going out different interfaces at the same time. Seems to work all the time from the firewall. Running 2.6.10 kernel with the multipath routing patches on a debian

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

Dear all Lartc, I try to split my Internet access to my 2 ISP with 1 linux (GNU/Debian sarge) 3 NIC router, I want all my users conneted with ISP1 and just some IP connected with ISP2 Here is my configuration: Internal network: 10.117.71.0/24 Interface eth0 ISP1: IP for my linux box: 1.2.3.4/29 Interface: eth1 Gateway: 1.2.3.5 ISP2: IP for my

Hi guys, Can you take a look at this? :) +-----------+ | | eth1-|- | | -|-eth0---LAN--- | | eth2-|- | | | +-----------+ - eth0 is connected to the LAN having the IP=LAN_IP eth1 is connected to the first ISP having IP=ISP_IP_1 and GW=ISP_GW_1 eth2 is connected to the second ISP having IP=ISP_IP_2 and GW=ISP_GW_2 I need

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hi, I have 2 internet connections (1 adsl/1 cable). I am try to route all outgoing mail from the mail server (on the same box), through the ADSL connection routing through the cable will mean mail will get rejected by AOL :( I am using qmail as the mail server. The configuration is: eth0 : cable connection ppp0 : adsl connection eth2 : internal lan connection I have configured split access as

I am trying to setup some rules on a box with 3 nic cards. Two internet connections and one office connection. eth0 is office eth1 is internet T1 eth2 is internet Cable when I do "iptables -F" then iptables -L everything is gone as it should be. Then I do iptables -t nat -A PREROUTING -p tcp -d $MYIP --dport 6550 -j DNAT --to $INTERNAL_ADDRESS:6550 iptables -t nat -A POSTROUTING -d

https://bugzilla.netfilter.org/show_bug.cgi?id=1410 Bug ID: 1410 Summary: STATELESS, rules with notrack into a map Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at

snat not working my local ip is aaa.aaa.aaa.aaa asterisk sitting on the internet at ip bbb.bbb.bbb.bbb my firewall''s internal ip is 192.168.0.254 i did snat: iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to aaa.aaa.aaa iptables -t nat -L -v gives: Chain POSTROUTING (policy ACCEPT 23663 packets, 2182K bytes) pkts bytes target prot opt in out source destination 33056

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=498 cfilin@intermedia.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chip@innovates.com -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are

Hello again, I may have a common problem to solve but it seems it is harder than I thought... I have 2 internet providers (each one having a different gateway). Behind the router there are around 100 clients that are SNAT-ed. I want some clients to be SNAT-ed to the first provider, while the others to the second one. The following lines should work: iptables -t nat -A POSTROUTING -s

In the panic of replacing our firewall(s) earlier in the week, we ended up moving our original shorewall 1.4 config onto a machine with 2.0.10 already installed, overwriting all the 2.0.10 config files. Most things seem to work fine, except for our masq entries. I''ve examined the default 2.0.10 files compared with our 1.4 files, and can''t spot the problem. What am I missing?

Hi, I have the my gateway with load balancing traffic going out over two providers. Web browsing is fine...working great. But, my clients (office staff) complains that MSN keeps disconnecting (in 5 mins). Why? Please help me... Regards, ro0ot

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hi all, i got the following configuration: * NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28 * NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28 * INTNET: Internal Network with productive servers and workstations, 192.168.1.0/24 Obvisiously the 10er networks are official networks but censored to protect my customer. The routerbox assigns on eth0 all