similar to: translation of a SNAT iptables script to the shorewall way

hi list, oh it''s not really a problem. Each time i fire shorewall, i run a custom iptables script: (for the openvpn machines to have route back from my bridge/fw - $SOURCEIP is the ip of my OpenVPN/Fw/bridge) iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP i wish to better integrate it within shorewall, so is there any config files that could achieve the

Hi all, I''m using Shorewall since one year (1.4, then 2.0) I''m trying to migrate a linux firewall from iptables rules to shorewall. The firewall has three zones - net internet - loc1 lan - loc2 second lan I have a lot of rules like this, to SNAT the ip addresses of some computers on loc1 (192.168.16.0/24) when they connect to loc2 (10.0.0.0/8) iptables -v -t nat -I

Dear All, I have configured Cluster Suite with 2 servers Server 1 : 192.168.13.110 IP Address Server 2 : 192.168.13.179 IP Address Floating : 192.168.13.83 IP Address (Assumed by currently active server) I want all snmp packets going out through the active server to be stamped with floating IP So i have added a iptables rules as "iptables -t nat -A POSTROUTING -p udp -s

Hi, I configured a router box to use 2 providers, as described in the HOWTO. (Apendix 1) I want to use both links to reach a single smtp server. As I read in the kptd and in some old messages of this list, doing a SNAT in the postrouting chain comes _after_ the routing desision. So I guess the following lines I''m trying to use are wrong. (See Apendix 1) What can I do to have multiple

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 Summary: Packet illegaly bypassing SNAT Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy:

https://bugzilla.netfilter.org/show_bug.cgi?id=1227 Bug ID: 1227 Summary: Current conntrack state isn't considered when evaluating multiple SNAT rules Product: netfilter/iptables Version: unspecified Hardware: All OS: other Status: NEW Severity: enhancement Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1225 Bug ID: 1225 Summary: Nft syntax error (snat, dnat using multiple maps) Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at

https://bugzilla.netfilter.org/show_bug.cgi?id=1255 Bug ID: 1255 Summary: nftables SNAT is not working Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: kernel Assignee: pablo at netfilter.org

i have a box with 2 real interfaces and one more virtual eth0 - to the internet (193.... eth1 - to the local net (192.168..) tun0 - to another ISP the routing is: all the free/local classes i send them directly on eth0, the rest of the internet i send throw tun0 the admin from tun0 wants me to snat all the packets with my end of the ip-tun0-interface and i snat all the trafic that go to

https://bugzilla.netfilter.org/show_bug.cgi?id=1129 Bug ID: 1129 Summary: iptables outgoing SNAT works for a while then stops working completely for a while Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users

hi, I have a real networks on the eth0 side and real network on the eth1 side. a.a.a.0/24 x.x.x.0/24 <eth0--SNAT-box--eth1:0> y.y.y.2/24 <====> y.y.y.1/24 <===>INTERNET z.z.z.0/24 I want to nat those behind eth0 to go out as y.y.y.0/24 (eth1 is with another address different gw and address, so that i''m using eth1:0 and separate rule&table) I''m currently

Hi all, i got the following configuration: * NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28 * NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28 * INTNET: Internal Network with productive servers and workstations, 192.168.1.0/24 Obvisiously the 10er networks are official networks but censored to protect my customer. The routerbox assigns on eth0 all

https://bugzilla.netfilter.org/show_bug.cgi?id=1448 Bug ID: 1448 Summary: SNAT/DNAT/Masquerading not working for UDPLite protocol Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: NAT

http://bugzilla.netfilter.org/show_bug.cgi?id=763 Summary: dnat and snat not changing port numbers on sctp packets Product: netfilter/iptables Version: linux-2.6.x Platform: x86_64 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P3 Component: NAT AssignedTo: netfilter-buglog at

Hello, I am using the following iptables POSTROUTING rule to NAT some RFC 1918 addresses: iptables -t nat -A POSTROUTING -s 192.168.19.23 ! 192.168.0.0/255.255.0.0 -p tcp --dport 80 -j SNAT --to-source 10.32.4.2 (I am using SNAT instead of MASQUERADE for performance reasons). I have several addresses on the 192.168.0.0/16 subnet that I am SNAT''ing similarly. Problem is, ''tc

http://bugzilla.netfilter.org/show_bug.cgi?id=606 Summary: Iptables-restore removing the wrong rules Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P1 Component: iptables-restore AssignedTo: laforge at netfilter.org ReportedBy: me

https://bugzilla.netfilter.org/show_bug.cgi?id=851 Summary: IPv6 SNAT target with --random doesn't work Product: netfilter/iptables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: normal Priority: P5 Component: NAT AssignedTo: netfilter-buglog at lists.netfilter.org

Hello, I have a problem with the following setup, I hope you can help me. I have two internet gateways, one for LAN1 and the second for LAN2. +--------------+ GW1 more eth0| |eth4(SNAT) GW2 ---...routers...-----+ router +----------------- | | +---+------+---+ eth1|

https://bugzilla.netfilter.org/show_bug.cgi?id=1206 Bug ID: 1206 Summary: segfault when snat map rule has been added Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org