similar to: iptables marking and NAT issue

Hello everybody, ?'m want to create a maquerade for my lan in the firewall server I know i can use: iptables -t nat -A POSTROUTING -o external-interface -j MASQUERADE but I want to use this nat only for some IPs How can i restrict the nat maswuerade for an IP or Ip range? regards Roilan ______________________________________________ ?Con Mascota por primera vez? S? un mejor

Hello listmates, It's been a few years since I've set up a router... and for some reason I seem to be getting hung up on this one. Does anybody have a sample iptables config file that would incorporate NAT and forwarding for a simple router? Thanks. Boris.

Package: xen-utils-common Version: 3.0.3-0-2 Severity: normal I'm not an expert in networking but I think that the current setup when using network-nat for domains is insecure. I've configured : (network-script 'network-nat netdev=eth1') (vif-script vif-nat) So when only domain 0 is started, I get the following : # iptables -L -n Chain INPUT (policy ACCEPT) target prot

Is there a flow diagram as to where tc actions take place with respect to NAT and other iptables functions on a multihomed box (private & public NICs) ? Are tc filter rules consulted before or after NATing? My real interest is in basic understanding first, and then solving a real problem second. Example: Firewall Public NIC 123.123.123.1 Firewall Private NIC 192.168.168.1 Dedicated Video

Hi, Regarding the discussion of gateways, Can the Vyatta routing software and/or hardware appliance solution help? (The software is open source and available.) http://www.vyatta.com/documentation/datasheet.php http://www.vyatta.com/documentation/general/Vyatta_FAQ.pdf http://www.vyatta.com/products/vyatta_software_datasheet.pdf http://www.vyatta.com/documentation/index.php Download

http://bugzilla.netfilter.org/show_bug.cgi?id=747 Summary: IPtables marked packets not being inpsected in NAT table. Product: iptables Version: CVS (please indicate timestamp) Platform: All OS/Version: All Status: NEW Severity: major Priority: P3 Component: iptables AssignedTo:

http://bugzilla.netfilter.org/show_bug.cgi?id=693 --- Comment #5 from www at applejelly.org 2011-12-05 01:26:07 --- Created an attachment (id=370) --> (http://bugzilla.netfilter.org/attachment.cgi?id=370) A test case SNAT fails to maquerade some TCP CWR, TCP ECN, TCP URG, TCP ACK, and TCP PSH packets -- Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email -------

Hello all, I''m using iproute2 + ipchains and have a question about locally generated packets. I have noticed that I have no problem marking packets in the input chain from sources other than my router. These packets are marked and routed exactly as I expect. Now supposing I want to mark particular outbound packets which are locally generated. The only solution I have found so far

Hi all, I''m trying to marking packets with iptables and use tc filter to catch this packets. I configure my device: tc qdisc del root dev eth0 tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 3000kbit ceil 6000kbit burst 15k tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2000kbit ceil 4000kbit burst 15k tc qdisc add dev eth0

Hello, I''m trying to configure a machine to send mail traffic out on eth0 and web traffic, via Squid, out of eth1, with the default gw on the eth0 interface. After spending most of the day of trying this and that and reading docs until my eye hurts, I have had zero luck making anything work expect for standard routing. The Advance Routing Howto makes it seams easy to do this, but I fear

Reading along the Net it seems that MAC marking is not working with egress HTB (because ipables marks packages based on --mac-source ). So my only choice is using ingress or u32. So this is how I did it: I called bellow script add_shaping DEV="eth0" tc qdisc add dev $DEV root handle 1: htb default 20 tc class add dev $DEV parent 1: classid 1:1 htb rate 200kbps ceil 200kbps tc class

> > > Ok, that *is* small. I'd worry about a logfile suddenly growing massively, > and freezing your system. (Yes, it has happened here, and then there was > the time a summer student ran something, wouldn't be back until Monday... > and got a 20G logfile, which blew out the NFS-mounted home directory fs, > on which a number of other people resided... including *me*,

It should work fine. What esxi version you are using? Eero 4.11.2015 6.27 ip. "Boris Epstein" <borepstein at gmail.com> kirjoitti: > > > > > > > > was the controller you added the virtual disk to an IDE or scsi > controller? > > > > -- > > public gpg key id: 1362BA1A > > > > _______________________________________________

Hello Julius, Thanks - but it doesn't seem to work. I installed sg3_utils and ran #scsi-rescan but that seemed to have done nothing for some reason. Cheers, Boris. On Wed, Nov 4, 2015 at 10:12 AM, Tnjulius <tnjulius at gmail.com> wrote: > Hi Boris, > Just rescan the scsi host. > #scsi-rescan #if you have sg3_utils package > #lsscsi > Or > #echo "- - -"

Hello all, This is just a self-aggrandizing note to inform you all that my rather brief introduction to traffic control using tcng and HTB is available now on TLDP. http://tldp.org/HOWTO/Traffic-Control-tcng-HTB-HOWTO/ I welcome any criticism. -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list /

Hello all, If I were looking for a load balancer to run on a Linux - specifically, CentOS - machine - what would you recommend? Thanks. Boris.

=== tc filter - based on iptables - MAC fw marking not working == DEV="eth1" tc qdisc add dev $DEV root handle 1: htb default 20 tc class add dev $DEV parent 1: classid 1:1 htb rate 600kbps ceil 3276800kbit tc class add dev $DEV parent 1:1 classid 1:15 htb rate 3kbps prio 4 tc class add dev $DEV parent 1:1 classid 1:20 htb rate 500kbps prio 3 tc qdisc add dev $DEV parent 1:15 handle

I'm teaching myself about ethernet cards, and found a TLDP page. I have CentOS 5.3. In this section: http://tldp.org/HOWTO/Ethernet-HOWTO-2.html#ss2.4 in the 'Driver as module' subsection, regarding PCI cards, it states that there should be a directory "/lib/modules/`uname -r`/net" [mykolas at sr1220 ~]$ uname -r 2.6.18-128.1.16.el5 [mykolas at sr1220

Hello all, The question is not necessarily CentOS-specific - but there are lots of bright people on here, and - quite possibly - the final implementation will be on CentOS hence I figured I'd ask it here. Here is the situation. I need to configure a Linux-based network load balancer (NLB) solution. The idea is this. Let us say I have a public facing load balancer machine with an public IP

Thank you everyone. OK, the mystery deepens, I guess. The machine does need to support several VLAN's, it is currently on a trunkport (8021q encapsulated), it made it into the ARP table - which I specifically tested for by physically unplugging the table, clearing the ARP table and plugging it back in. The ARP table currently looks like this: hq#show arp Protocol Address Age (min)