similar to: CentOS6, IP6tables, Routing, TPROXY (squid34 epel package)

https://bugzilla.netfilter.org/show_bug.cgi?id=1310 Bug ID: 1310 Summary: syntax issue with tproxy Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1398 Bug ID: 1398 Summary: tproxy rule is not matched for ip6 Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

I was working on a haproxy transparent proxy setup that we had working on Centos 7 (iptables), but running into issues getting tproxy working with NFTables on Centos 8. >From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, It should be a matter of: # nft add table filter # nft add chain filter divert "{ type filter hook prerouting priority -150; }" # nft add rule

On 10/15/19 9:16 PM, Nathan Coulson wrote: > On 2019-10-15 12:12 p.m., Nathan Coulson wrote: >> I was working on a haproxy transparent proxy setup that we had working >> on Centos 7 (iptables), but running into issues getting tproxy working >> with NFTables on Centos 8. >> >> From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, >> >> It

I''m trying to get TPROXY / Squid running and I have a few questions... I found this page: http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY However, it doesn''t explain what I''m seeing in the configuration. For the zone file, do I keep my loc and net configurations and just add the following to the file? - lo - - or do I remove the loc and net zones and

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

In working through an IPv6/TPROXY issue I had, I believe I found a documentation bug: http://www.shorewall.net/manpages6/shorewall6-tcrules.html In the ACTION section, for part 12. SAME: The documentation lists: #ACTION SOURCE DEST PROTO DEST # PORT(S) SAME:P 192.168.1.0/24 0.0.0.0/0 tcp

On 2019-10-15 12:12 p.m., Nathan Coulson wrote: > I was working on a haproxy transparent proxy setup that we had working > on Centos 7 (iptables), but running into issues getting tproxy working > with NFTables on Centos 8. > > From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, > > It should be a matter of: > > # nft add table filter > # nft add

Hi, I am trying to get ipv6 firewall running. I did a very simple ip6tables rules and noticed very long running yum updates. I think that happened because firewall is dropping outgoing packets to port 80. Well, I thought to mitigate the issue and changed outgoing from drop to reject. Now I try manually # strace telnet 2a02:180:ffff:1::551f:b966 80 ... connect(3, {sa_family=AF_INET6,

https://bugzilla.netfilter.org/show_bug.cgi?id=1686 Bug ID: 1686 Summary: Transparent proxy support requires transport protocol match Product: nftables Version: git (please specify your HEAD) Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5

CentOS 5.5, fully patched. I have a HE tunnel (tunnelbroker.net) IPv6 tunnel. This works pretty well and is simple to setup. Everything works fine. Until I try to set up an ip6tables firewall. eg if I try to view https://dnssec.surfnet.nl/?p=464 then the page never displays and the firewall shows kernel: IN=sit1 OUT=eth0 SRC=2001:0610:0001:40cd:0145:0100:0186:0033 DST=my.machine LEN=80 TC=0

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

CentOS Errata and Security Advisory 2016:1140 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1140.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 8b20601c95dc356ab1bb2b087331ee432f10cc567eb7503bef2e37891e18f03d squid34-3.4.14-9.el6_8.3.i686.rpm x86_64:

CentOS Errata and Security Advisory 2017:0183 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2017-0183.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: ca6821bc977e58ddefd9bccf91dc98ee75d90aaf433f6a462d18786a23481d24 squid34-3.4.14-9.el6_8.4.i686.rpm x86_64:

Hello what is the essential difference between the default squid package and this squid34 package, as I have problems using this squid34 package for FTP connections; there are no shown icons, when going to e.g. ftp://ftp.adobe.com/ when I tell the browser to show the image then I get this squid generated message ... the same config /etc/squid/squid.conf works with the default squid package

trying to deploy puppetdb , puppet server is RHEL 6.1 , [root@puppet ~]# rpm -qa|grep puppet puppetdb-0.9.1-2.el6.noarch puppet-dashboard-1.2.9-1.el6.noarch puppet-server-2.7.17-1.el6.noarch puppetdb-terminus-0.9.1-2.el6.noarch puppet-2.7.17-1.el6.noarch on the clients, got an error for puppetdb , client1 :~ # puppet agent --test err: Could not retrieve catalog from remote server: Error 400

Hi all, I have a hard trouble with my iptables rules. I need to create a netfilter config so that it does not redirect connections from a daemon (like for example a squid proxy) to the original destinations. Searching info about that, some ways to do that include to limit the redirection rules to the incoming traffic interface, another to limit it to a certain range of source IPs or to

My TCP clients connect to box A. I need to forward those connections to a server on box B, such that the original client IPs are visible to the server on B. Each box has two Ethernet ports. One port on each box is connected to WAN, and they are cross-connected in a LAN via remaining ports: ------------------- ------------------- WAN -- |eth0 Box A eth1|---LAN---|eth1 Box

Guys All the recent discussions recently, and the knowledge of a 2.6 port, of WRR has made me very keen on trying it. I had a look at the docs and examples know but my mind is not in a very receptive state. Take this simple example. Incoming internet connection of 1mbps. Shared between up to 25 users simultaneously. I know that WRR can fairly distribute the traffic amongst the currently