similar to: [Bug 1337] New: NETMAP feature, using a displaced mask fail.

https://bugzilla.netfilter.org/show_bug.cgi?id=1339 Bug ID: 1339 Summary: NETMAP feature, using a displaced mask fail. Product: netfilter/iptables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: unknown Assignee:

If you are interested in helping with testing new features, please look at http://shorewall.net/netmap.html. If you have a need for this type of network-level address mapping and/or are in a position to test it please let me know. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

https://bugzilla.netfilter.org/show_bug.cgi?id=1070 Bug ID: 1070 Summary: NETMAP "to" address is not separated from previous output while listing NAT rules Product: iptables Version: 1.4.x Hardware: x86_64 OS: All Status: NEW Severity: blocker Priority: P5

Tom, how hard would it be to add destination and source columns in the NETMAP configuration file? I have an openvpn tunnel interface I use for three different branches - but one of them CANNOT be netmap''ed. In the lack of those columns, I had to use a started script that inserts a RETURN target in the first line of the nat tun0_in and tun0_out chains. Thanks for all the good

I''m wondering if the following is possible under recent versions of shorewall: 1. We have several class-C networks from both UUNet and Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on

Hi, I''m trying to use shorewall for a RAS dialup solution We have networks we need to connect to with the same ranges internally (i.e. 2 separate users with a 192.168.0.0/24 range). We connect to these via a pptp tunnel (or isdn) The problem we have is that we need to access these networks all the time, so allocate them a range from our internal range. This will then be NATed to the

Hi, Is there a way in Linux to do NAT with a pool of outside addresses such that each connection to the outside resource gets a different IP address?? I don''t want 1:1 NAT as I have some thousands of IP addresses on one side of the LARTC router that _may_ need to access a resource on the other side... The resource needs to see a different IP address for each active call, but these

Hi, I read the howto of iproute, I have the same case with HOWTO, the difference is that the whole incoming traffic goes through interface 0, the other difference is that I do not want to balance the out going traffic, because I have specific networks to take it throughout another interface. Mi Case IF1 --> Input and Output IF2 --> Only aoutput for three Network I need Help, How can I

Hi, I have a problem installing Shorewall 2.0.7 on a box, when I launch it I have: Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy

Hi all, I have had shorewall running successfully for over two years, its a great firewall! I have a NAT question that I cannot seem to find the answer to, and I was hoping someone could give me a hand. I have recently learned of a type of NAT called "Twice NAT", it which when a specific DNS address is requested, the information is forwarded on. I have outlined what I would

Hi! The Netfilter project proudly presents: iptables 1.6.1 iptables is the userspace command line program used to configure the Linux 2.4.x and later packet filtering ruleset. It is targeted towards system administrators. This update contains accumulated bugfixes, several new extensions and lots of translations via iptables-translate to ease migration to nftables. See ChangeLog that comes

We switched over from a bordermanager firewall to a shorewall firewall. Some stuff is not working now. I realized that I had not created the route for the network that is not working however once I created it, it still didn''t work. Most of our network is fine however some pieces are not working. [Net] - [Shorewall] - [LAN] - [Cisco] - [Clients and servers not working] The firewall

Hello, I have a Debian-Woody-3.0 Router with 3 NIC''s. Kernelversion 2.4.18 +------------+ +-------------+ | | | | |192.168.1.1 | | 192.168.2.1 | | DSL-Router | | ISDN-Router | +------------+ +-------------+ | |

Hi! The Netfilter project proudly presents: nftables 0.9.5 This release contains fixes and new features available up to the Linux kernel 5.7 release. * Support for set counters: table ip x { set y { typeof ip saddr counter elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 } }

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.8 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.8 New in this release: 1) Shorewall now verifies that your kernel and iptables have physdev ~ match support if BRIDGING=Yes in shorewall.conf. 2) Beginning with this release, if your kernel and iptables have ~ iprange match support

Available at: http://sourceforge.net/project/showfiles.php?group_id=22587&package_id=15646&release_id=228986 http://www.shorewall.net/pub/shorewall/shorewall-2.0.1/ ftp://shorewall.net/pub/shorewall/shorewall-2.0.1 and will be appearing shortly on a Mirror near you. New features include: - Support for bridge/firewalls. - Support for NETMAP - Support for the -x iptables option -

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Fixes a couple of serious bugs in Beta 1 and adds NETMAP support. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

RC 1 is now available for testing. This version corrects several problems in Beta 3: 1) Release notes now correctly refer to FORWARD_CLEAR_MARK rather than CLEAR_FORWARD_MARK. 2) The NET3 column in /etc/shorewall/netmap now works correctly. 3) A missing closing quote in the generated script when using REQUIRE_INTERFACE=Yes has been corrected. 4) The compiler now correctly detects the

RC 1 is now available for testing. This version corrects several problems in Beta 3: 1) Release notes now correctly refer to FORWARD_CLEAR_MARK rather than CLEAR_FORWARD_MARK. 2) The NET3 column in /etc/shorewall/netmap now works correctly. 3) A missing closing quote in the generated script when using REQUIRE_INTERFACE=Yes has been corrected. 4) The compiler now correctly detects the