similar to: Making FORWARD_IPV4=YES permanent / DHCP multiple routers

Hi folks, I have the two firewalls (Slackware current) in differnt cities connected via OpenVPN. I can ping the network behind server firewall from client firewall server. But how to route/iptable network traffic from the network behind client firewall to see the netwrok behind server firewall? Thank you Remus

Hi, I have three linux machines, and I want to let one of them forward packets betwen the other two. The forwarding node has two ethernet cards, connecting the two two machines respectively. However, when I ping between the two end points, the forwarding node can receive the ping requests at its eth0, but it never forwards them to its eth1. So is the reverse direction. The forwarding node is

Hey all, I'm trying to swap to CentOS and I have just about everything working except ip_forwarding. I have FORWARD_IPV4="yes" in my /etc/sysconfig/network file but /proc/sys/net/ipv4/ip_forward does not = 1 (also tried to set it to ="true" and just =true). All the firewall (iptable) rules are in place. Why won't ip_forward stay enabled? I'm using the latest DL

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

snat not working my local ip is aaa.aaa.aaa.aaa asterisk sitting on the internet at ip bbb.bbb.bbb.bbb my firewall''s internal ip is 192.168.0.254 i did snat: iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to aaa.aaa.aaa iptables -t nat -L -v gives: Chain POSTROUTING (policy ACCEPT 23663 packets, 2182K bytes) pkts bytes target prot opt in out source destination 33056

So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this?

Hello! I have the following setup: 1) a connection to my ISP with a public IP (1.2.3.4) with the gateway 1.2.3.1 2) an allocated IP class with 64 addresses (5.6.7.192/26) 3) two LANs connected through two NICs: a) 192.168.0.0/24 on eth1 (192.168.0.1) b) 10.0.0.0/24 on eth2 (10.0.0.1) The IPs from the allocated class are all assigned to eth0. The networks are SNATed to the external IP and

Hi, I am connected to two DSL providers (DSL 1 - 1Mbps downlink/384kbps uplink and DSL 2 - 2Mbps downlink/512kpbs uplink) I would like to only allow ftp, pop3 and http via the DSL 1 and only smtp, ipsec and pptp via DSL 2. How can I do so? Can I use iproute to route these protocols? Below is my ip routing: - # DSL 1 ip route add 2.2.2.208/30 dev eth0 src 2.2.2.210 table 1 ip route add

TEQL and Subnet problem I have a network topology shown below, and I am trying to use TEQL. My problem is: When I ping to P3.teql0 from P2 ("[P2]# ping 16.119.144.66"), the traffic can never go from P2.eth1, and all traffic only goes to P1.eth0. What P2.eth1 (16.119.144.33) did is broadcasting an ARP asking for the MAC address of 16.119.144.66, although I have specified the route to

Hello folks.. Does any of you know if it is possible to rewrite the ip src in a packet. I have a problem involving a DMZ with external IP addresses routed trough a single WAN IP. When the server initiates a connection, it looks like it comes from the WAN ip instead of it''s designated External IP routed through the WAN. So in short, Is it possible to rewrite the packet in the router,

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

Hello everyone. First of all, i congratulate tinc and its community for such reliable tool it is. I am working on a community wireless project where we have an isolated mesh network that we want to link by VPN. In order to fulfill this requirement we setup a tinc VPN, with two "nodes", servera and serverb. Servera has ip 10.0.0.1/24 and serverb has 10.0.0.2/24, and a spare network

Hi there. I have followed some documents found here and there, but do not have already success implementing a script using iptables and iproute. What I need is to send all traffic trough an ADSL line, but mail trough an expensive and slow DS0. The mail server lies on the PC acting also as firewall. I include the script. When using that I get some error messages (I found that the flush command

Dear all, =0D =0D 3 Computers are linked together with cross over cable and computer B is t= he=0D router. =0D =0D Computer A - Starlight Video Server(Solaris) =0D - 192.168.0.11 =0D =0D Computer B - Iptables(Linux) =0D - eth0 - 192.168.0.12 =0D - eth1 - 158.192.92.102 =0D =0D Computer C - Video receiver(Windows) =0D - 158.192.92.105 =0D =0D First =0D # echo "1" >

Hi LARTC, I have two networks that I manage, A and B. They both have their own primary gateways for hosts on the network, let''s call them AR and BR. There is another box, A1, which lives on network A but also has a wire connecting it to a switch on network B. My goal is to let hosts on B access three particular hosts on A''s subnet (192.168.4.0/24) and let hosts on A access one

Hi, I have an DNAT ISSUE with PREROUTING. This is my setup. I have 2 firewalls running iptables. Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall. 2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in that DMZ zone, mail server runnig @ 192.168.100.3 Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address - 1.2.3.4/29) to the internet ip

here''s the setup (two dsl - same provider) +-----> link1 LAN----- linux box --| |----------internet +-----> link2 the setup is ok in terms of the failover requirement. the other link takes over when one is down. however, there is a very noticeable lag when both lines are up. i''ve tried changing

Hello! I had found a script to multipath DSL connections: http://linux.com.lb/beta/index.pl?node=Load%20Balancing%20Across%20Multiple%20Links I have made some modifications, but in second part of this mail are some errors: __________________________________________________________________ First the script: __________________________________________________________________ #!/bin/bash #

Hi List, I am running into a problem where I have 2 interfaces bridged with and ip address assigned. I have another interface in which traffic has ingress traffic that needs to go out the bridged interface. I am trying unsuccessfully to SNAT the traffic leaving the bridge interface to its assigned address. # brctl show xbrdg0 bridge name bridge id STP enabled interfaces

You want multiple IP Addresses for email if you are hosting more than one domain. The reason is, everyone now checks for reverse DNS with email so you need a different public IP Address for each email domain. This way, all the reverse DNS translations will be unique. For apache, you can have multiple websites sharing the same IP Address as long as you don''t do anything with SSL. SSL