Displaying 20 results from an estimated 1000 matches similar to: "Masquerading (packet forwarding) on CentOS 7"
2015 Feb 19
0
Masquerading (packet forwarding) on CentOS 7
On 19.02.2015 11:58, Niki Kovacs wrote:
> Hi,
>
> I just migrated my office's server from Slackware64 14.1 to CentOS 7. So
> far everything's running fine, I just have a few minor details to work out.
>
> I removed the firewalld package and replaced it by a simple Iptables
> script:
>
>
> --8<----------------------------------------------------
>
2018 Mar 11
2
Squid vs. iptables redirection: exception for certain domains ?
Hi,
I'm currently facing a quite tricky problem. Here goes.
I have setup Squid as a transparent HTTP+HTTPS proxy in my local
network. All web traffic gets handed over to Squid by an iptables script
on the server. Here's the relevant section in /etc/squid/squid.conf:
--8<-------------------------------------------------------------
# Ports du proxy
http_port 3130
http_port 3128
2018 Mar 11
3
Squid vs. iptables redirection: exception for certain domains ?
Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs <info at microlinux.fr>:
>
> I've experimented some more, and I have a partial success. Here, I'm
> redirecting all HTTPS traffic *except* the one that goes to my bank:
>
> iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d
> www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129
>
> This works
2018 May 23
7
Vsftpd vs. iptables firewall script
Hi,
I'm currently setting up a local FTP server, to receive disk images sent
with G4L (Ghost4Linux).
This server has been running Slackware Linux before, and the Vsftpd
setup was relatively simple.
With CentOS things seem to be slightly different, so I'm currently
trying to work things out. For the moment, two things seem to be
creating problems, the simple iptables firewall and
2018 Mar 11
0
Squid vs. iptables redirection: exception for certain domains ?
Le 11/03/2018 ? 13:09, Leon Fauster a ?crit?:
> It is not a good practice to place domain names into iptables rules. Define
> a custom table, place this table into your rule list (to stick at the right
> place) and feed that table with the resolved domain names. This can be altered
> while running in the case of changes (check resolving results periodically).
I admit I've never
2018 Mar 12
1
Squid vs. iptables redirection: exception for certain domains ?
Hi,
Another idea - but this gets complicated and with that, prone to faults - use a simple shell script to resolve the desired domains and keep their IPs in an ipset, then use the ipset in your firewall rules, this way you can keep your iptables rules static, your squid config static and simply add or remove IPs from the ipset.
--
Sent from the Delta quadrant using Borg technology!
Nux!
2018 May 23
0
Vsftpd vs. iptables firewall script
On 23 May 2018 at 10:24, Nicolas Kovacs <info at microlinux.fr> wrote:
> Hi,
>
> I'm currently setting up a local FTP server, to receive disk images sent
> with G4L (Ghost4Linux).
>
> This server has been running Slackware Linux before, and the Vsftpd
> setup was relatively simple.
>
> With CentOS things seem to be slightly different, so I'm currently
>
2004 Oct 18
0
GNU/Linux Router with poptop problem
Hello,
I have a problem with my GNU/Linux router. I mean, I
am trying to configure a VPN conection for the clients
of the LAN and allow to connect them to the Internet
trought the router.
I have installed in the server a QoS policy and I have
configured the firewall for allowing all the clients
to connect. I attach the script. The idea is that when
a client connect this pc the dhcp gives him an
2004 Sep 04
4
masquerade and mac problem
Hello guys
I don''t know if this thing has been posted before (if it was , please forgive me).
I have 7 computers at home and I want all of them to have access to the internet. In order to do that , I set up a linux router (2 network cards) as a usual router (eth0 : 82.77.69.75 - internet connection ; eth1 : 192.168.10.1 - local network) . The other computers have ips ranging from
2018 May 23
4
Vsftpd vs. iptables firewall script
Le 23/05/2018 ? 16:36, Nux! a ?crit?:
> Try "iptables -I INPUT" for your FTP rule.
Doesn't work. I redirected all my errors to /var/log/messages, so here's
what I get when I try to connect Filezilla to that server.
May 23 16:48:58 c7-server kernel: +++ IPv4 packet rejected +++ IN=enp0s3
OUT= MAC=08:00:27:00:00:03:d4:85:64:b2:b2:1b:08:00 SRC=192.168.2.2
DST=192.168.2.12
2004 Nov 29
2
Interesting oopses...
OK - this is starting to get frustrating... Are there any known issues
with 2.6.9 and traffic shaping? I am using 2.6.9 with geoip 20041115,
and get odd oopses. The following script oopses my box:
-----------------------------------------------------
#!/bin/sh -x
IFOUT=''eth1''
IFIN=''eth0''
TC=''/sbin/tc''
2006 Mar 07
1
OT: Polycom Registration Weirdness
This is a SER/Polycom question, but I hoped we may have some SER guru's here...
I have a series of Polycom phones that are tying to register with OpenSER. The phone sends a REGISTER message, and OpenSER replies with Unauthorised (all normal). The phone re-sends the REGISTER with the credentials, and OpenSER sends Ok.
Here's where it goes downhill. The polycom's appearance display
2006 Aug 26
1
IMQ action
Hi.
-j IMQ is equal -j ACCEPT...? i mean it after -j IMQ packet don''t return
in parent chain??? cause -j ACCEPT action accept the packet in the child
chain and don''t return it to parent...
example:
ipt="iptables -t mangle"
$ipt -N HTTP
$ipt -A HTTP -j IMQ // after this packet packets go to -t nat
tables? or // it return to parent chain (PREROUTING) in mangle?
2004 Aug 04
5
Asterisk QOS working perfect using sveasoft 3.11g
As seen on my post at:
http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112
This works very well... It does NOT work with stable 4.0! sveasoft
will be issuing a bug fix for this (4.1) in the near future.
Final Rev of working script w/ asterisk support
I'm not going to run alchemy on production machines until it is stablish.
Remember to set your uplink properly and to set
2006 Jun 26
7
'500 Internal Server' Error on SIP NOTIFY
Is anyone getting '500 Internal Server' errors back from their Polycom phones when Asterisk sends a SIP NOTIFY message to them?
I called Polycom tech support, who where utterly useless.
Of course Polycom won't officially support it anyway, as they only support Asterisk Business Edition. We're using 1.2.9, but it's been ocurring for quite some time. We have about 35 phones and
2007 Mar 24
2
[Bug 505] iptables-save still doesn't like quotes
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505
------- Additional Comments From mbr@cipherdyne.org 2007-03-24 06:01 MET -------
I've tested the proposed patch against the iptables-1.3.7 source, and find that
it works in the reported broken case:
# iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG
# ./iptables-save > ipt.out
# ./iptables-restore
2019 Aug 01
2
Dead store elimination in the backend for -ftrivial-auto-var-init
Hi folks,
When compiling the attached example with -ftrivial-auto-var-init=zero:
$ clang -no-integrated-as -mno-sse -m64 -mstack-alignment=8 -O2
-ftrivial-auto-var-init=zero
-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang
-g -o ipt.ll -c ipt.i -w -S -emit-llvm
, Clang generates an initialization memset() call for |acpar| in the IR:
%0 = bitcast
2010 Jan 21
2
Samba behind NAT
Hello All,
I have a strange problem regarding samba 3.0.37
I have samba server installed in the local network behind NAT, the
router iptables are configured as follows:
#samba
$IPT -t nat -A PREROUTING -i $INET_IFACE -p udp -d $INET_IP -m multiport --dports 137,138 -j DNAT --to-destination $FILESERV
$IPT -t nat -A PREROUTING -i $INET_IFACE -p tcp -d $INET_IP -m multiport
2006 Jun 26
1
Email notification
Is there a way to get asterisk to send you a email when it looses or an extension doesn?t re-register
Roger Workman
Business Development
Upperclassman/Universal Holdings LLC
Voice: 304.324.3800
Fax: 304.324.3801
ICQ: 4447584
Website: http://www.upperclassman.net
Billing Questions: billing at upperclassman.net
Rental Questions: rentals at upperclassman.net
Maintenance: help at
2019 Aug 01
2
Dead store elimination in the backend for -ftrivial-auto-var-init
On Thu, Aug 1, 2019 at 6:09 PM JF Bastien <jfbastien at apple.com> wrote:
>
> Hi Alexander,
>
> The code doesn’t compile. Could you send a godbolt.org link that shows the issue?
Sorry about that, here's the link: https://godbolt.org/z/-PinQP
Lines 4 to 8 are initializing |acpar|.
If I'm understanding correctly, the store to 8(%rsp) at line 7 can be
removed because of the