similar to: SNAT or DNAT or what?

Hi, I read the howto of iproute, I have the same case with HOWTO, the difference is that the whole incoming traffic goes through interface 0, the other difference is that I do not want to balance the out going traffic, because I have specific networks to take it throughout another interface. Mi Case IF1 --> Input and Output IF2 --> Only aoutput for three Network I need Help, How can I

I''m wondering if the following is possible under recent versions of shorewall: 1. We have several class-C networks from both UUNet and Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on

hello list (and martin) ;x i have now composed my final(?) policy routing design. the goals i had when beginning with this, for you that have not follow mine and martins thread, was to 1) only let 192.168.1/24 to see all routes, 2) not route between defined networks, except to and from 192.168.1/24 and 3) not defined networks should only be able to reach 192.168.1/24. this might sound simple.

Hi, I want to use the dsmark, but it always says: "unkown qdisc", although I have enabled it (y in Network options), and I have my kernel recompiled. I am using SuSE 8.1, 2.4.20 Kernel, tc available at the HTB site (with already precompiled HTB queue). Can anybody find the problem? thx _________________________________________________________________ MSN 8 helps eliminate e-mail

Can I add routes to rt_tables by hand with the vi editor? If I add a route to that file, it will be there if I reboot the box? I am sure there are stupid questions but I can''t find the answer into the papers I have here. Luis Miguel Cruz Miranda. CCNA - Systems Administrator _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

I found following paragraph in the man page of iproute2. equalize allow packet by packet randomization on multipath routes. Without this modifier, the route will be frozen to one selected nexthop, so that load splitting will only occur on per-flow base. equalize only works if the kernel is patched. ^^^^^^^^^^^^^^^^^ Now, where

hi thanks for your reply heh "Example: ip del rule pref 32742" is syntically wrong :) and when i tried "ip rule del 32742" it gives me error # ip rule del 32742 Error: argument "32742" is wrong: Failed to parse rule type so how to get get of these extra rules? 0: from all lookup local 32742: from all fwmark 0x2 lookup squid.out 32743: from all fwmark 0x2

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=31 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From

http://bugzilla.netfilter.org/show_bug.cgi?id=763 Summary: dnat and snat not changing port numbers on sctp packets Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P3 Component: NAT AssignedTo: netfilter-buglog at

https://bugzilla.netfilter.org/show_bug.cgi?id=920 Summary: DNAT: SNAT: --random and --persistent are not supported Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1134 Bug ID: 1134 Summary: snat and dnat should accept mapping concatenated values for address and port Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1225 Bug ID: 1225 Summary: Nft syntax error (snat, dnat using multiple maps) Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1448 Bug ID: 1448 Summary: SNAT/DNAT/Masquerading not working for UDPLite protocol Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: NAT

I am running a public core router using private links from my provider. Details: RH7.3 9 interfaces (all Intel) eth0 is default gateway and has a private IP address all other interfaces are links to other routers or networks eth3 has a public IP address The core router will rarely need to access sites out on the internet, but when it does it cannot get there because the eth0 has a private IP

Hi! First of all, let me say a big "thank you" to Tom for creating shorewall. I''ve been using it for a few months now and it''s such a relief to not have to resort to OpenBSD''s pf (which is so much more sane than Linux'' iptables madness) for the most basic firewalling tasks. I have a question that I didn''t seem to be able to find in the FAQ.

Assuming if I have rules matching the same packet, the one chosen is the lower preference value or the high ? For example # ip rule list .... 100 from 192.168.1.0/24 lookup main 200 from all fwmark 5 lookup first ..... Packet is matching both rules, the one with priority/preference 100 or 200 is selected ? _______________________________________________ LARTC mailing list /

Hello list members, I notice here that the --server option is listed as undocumented. http://rsync.samba.org/rsync/fom-serve/cache/88.html My question is that the --server option is not documented, and I'd like not to build functionality into one of my systems without trusting that it will be there in the future. I was able to find the --server option simply by watching the rsync entries

I''m having trouble routing on high fwmarks, I want to use a lot of different marks for 2 routes so that I can QoS based on the marks ip rule looks like this: 0: from all lookup local 32751: from all fwmark 31 lookup dslout 32752: from all fwmark 30 lookup dslout 32753: from all fwmark 29 lookup dslout 32754: from all fwmark 28 lookup dslout 32755: from

I have a computer with two interfaces, say with addresses 192.168.1.1 and 192.168.1.2. I want to set up routing such that when I ping 192.168.1.1 it goes out through 192.168.1.2 and not to the local interface. Is this possible - all my attempts so far have been unsuccessful? If so, pointers, etc. would be gratefully appreciated. Jim -- Jim Redman (505) 662 5156 x85