similar to: [Bug 1070] New: NETMAP "to" address is not separated from previous output while listing NAT rules

If you are interested in helping with testing new features, please look at http://shorewall.net/netmap.html. If you have a need for this type of network-level address mapping and/or are in a position to test it please let me know. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

https://bugzilla.netfilter.org/show_bug.cgi?id=1339 Bug ID: 1339 Summary: NETMAP feature, using a displaced mask fail. Product: netfilter/iptables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: unknown Assignee:

https://bugzilla.netfilter.org/show_bug.cgi?id=1337 Bug ID: 1337 Summary: NETMAP feature, using a displaced mask fail. Product: iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: iptables Assignee: netfilter-buglog at

Tom, how hard would it be to add destination and source columns in the NETMAP configuration file? I have an openvpn tunnel interface I use for three different branches - but one of them CANNOT be netmap''ed. In the lack of those columns, I had to use a started script that inserts a RETURN target in the first line of the nat tun0_in and tun0_out chains. Thanks for all the good

https://bugzilla.netfilter.org/show_bug.cgi?id=850 Summary: DNAT applied even after deleting the IP Tables DNAT Rule Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at

Hi, Below is my Linux firewall network configuration: - eth0 - isp 1, IP: 1.1.1.10, Netmask: 255.255.255.252 eth1 - isp 2, IP: 2.2.2.10, Netmask: 255.255.255.252 eth2 - lan, IP: 172.16.0.254, Netmask: 255.255.255.0 eth3 - dmz, 192.168.0.254, Netmask: 255.255.255.0 isp 1 gateway: 1.1.1.9 isp 2 gateway: 2.2.2.9 Below is my iptables rules: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables

Hello all Can someone please help me or answer if this is possible I''m using the puppet forge IIS module, and want to use variables within the syntax dependent up ip address for example: colo_a = 1.1.1.0 colo_b = 2.2.2.0 if $network_local_area_connection = 1.1.1.0 add colo_a elseif $network_local_area_connection = 2.2.2.0 add colo_b iis_site {''mysite.co.uk'':

I''m wondering if the following is possible under recent versions of shorewall: 1. We have several class-C networks from both UUNet and Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on

Hi, I''m trying to use shorewall for a RAS dialup solution We have networks we need to connect to with the same ranges internally (i.e. 2 separate users with a 192.168.0.0/24 range). We connect to these via a pptp tunnel (or isdn) The problem we have is that we need to access these networks all the time, so allocate them a range from our internal range. This will then be NATed to the

Hi, Is there a way in Linux to do NAT with a pool of outside addresses such that each connection to the outside resource gets a different IP address?? I don''t want 1:1 NAT as I have some thousands of IP addresses on one side of the LARTC router that _may_ need to access a resource on the other side... The resource needs to see a different IP address for each active call, but these

Hi, I read the howto of iproute, I have the same case with HOWTO, the difference is that the whole incoming traffic goes through interface 0, the other difference is that I do not want to balance the out going traffic, because I have specific networks to take it throughout another interface. Mi Case IF1 --> Input and Output IF2 --> Only aoutput for three Network I need Help, How can I

Hi, I have a problem installing Shorewall 2.0.7 on a box, when I launch it I have: Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy

For easy reading: http://www.karthaus.nl/r/ Hi, We used to have 1 single ip range (1.1.1.0/24) that had one uplink to a = switch of the colocation provider. Recently we got a second range 2.2.2.0/24 and a redundant uplink = directly on two routers. But our switch does not have spanning tree = protocol support so we cannot use them redundantly. We have set up the switch to have a vlan for both

Hi all, I have had shorewall running successfully for over two years, its a great firewall! I have a NAT question that I cannot seem to find the answer to, and I was hoping someone could give me a hand. I have recently learned of a type of NAT called "Twice NAT", it which when a specific DNS address is requested, the information is forwarded on. I have outlined what I would

Hi! The Netfilter project proudly presents: iptables 1.6.1 iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators. This update contains accumulated bugfixes, several new extensions and lots of translations via iptables-translate to ease migration to nftables. See ChangeLog that comes

Hello, I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 +------------+ +-------------+ | | | | |192.168.1.1 | | 192.168.2.1 | | DSL-Router | | ISDN-Router | +------------+ +-------------+ | |

Hello! I have access server with 4 uplinks (nice, huh?). I ran RedHat 7.3. Yesterday I did an upgrade to RedHat 9. After upgrade Linux says the third link is bad: # ip route show 2.2.2.0/30 dev eth2 scope link src 2.2.2.2 4.4.4.0/30 dev eth4 scope link src 4.4.4.4 3.3.3.0/29 dev eth3 scope link src 3.3.3.3 1.1.1.0/28 dev eth1 scope link src 1.1.1.1 10.1.1.0/24 dev eth0 scope link

Hi Everyone, I'm trying to get squid + wccp on a Centos 7 box working with a Cisco router. I've done this before several times using Centos 6 and iptables, but never on Centos 7 with firewalld. I've searched far and wide for clear, concise instructions on how to do what I want in Centos 7. I've pieced together what I've found to come up with what I thought should work.

Hi! The Netfilter project proudly presents: nftables 0.9.5 This release contains fixes and new features available up to the Linux kernel 5.7 release. * Support for set counters: table ip x { set y { typeof ip saddr counter elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 } }

Hi, Can puppet autosign work by giving vlan IP instead of domain? For example, in the autosign.conf file, instead of using *.mydomain.org, I want to give 172.18.133.* But it does not seem to work if I give the IP address. But I don''t want to limit the client from *.mydomain.org by only allow certain vlan client not all the are in the same domain. Thanks, -Haiyan -- You received this