Displaying 20 results from an estimated 9000 matches similar to: "DNAT "without" SNAT?"
2004 Sep 30
2
2 DSL link, DNAT & SNAT
Sorry for the long descritpion of the problem, I''d like to know If I
misunderstand something or if I meet an intrinsic limit of my setup.
217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10
eth0: 192.168.254.1 -----+------------------+-------
81.121.243.250 ADSL eth3 -
I want to allow incoming pptp request (port 1723) to be forwarded to
srv_xp
2005 Jan 07
8
Problem with bridging/routing on three interfaces and DNAT
Hello all,
I have a problem with external access to a postfix mailserver running on my
firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows:
eth0 is zone isf - this is an intranet to other companies
eth1 is zone loc - local network
eth2 is zone net - internet, fix ip adress
eth0 and eth1 are bridged
shorewall version
2.2.0-RC4
ip addr show
1: lo: <LOOPBACK,UP> mtu
2004 Sep 16
4
DNAT works, yet extremely slow
Hello all
I wanted to forward all incoming requests in port 80 to a server in my LAN,
and by using DNAT lines, it actually works. However, it is unstable, in the
sense that in the beggining of each connection (one or two seconds) it is
extremely fast, then it sometimes pauses and waits 30 seconds or so, then it
starts again and so on.
The line i used is :
DNAT net loc:192.168.0.210 tcp 80
DNAT
2002 Jun 05
4
Docs Issue - IP Masq vs. SNAT
More than one of our docs issues revolve around some confusion between
"IP masquerading" and "SNAT" -- a confusion I might share, or if
contagious, I may be catching. <g>
I think of SNAT more or less as a special case of IP masquerading,
applicable when, for example, the external interface has multiple IP''s
and you choose to _explicitly_ set the address through
2005 Jun 01
0
SNAT (or MASQUERADING) and DNAT question
Hi,
The private adresses (192.168.254.0/255.255.255.0) of my network are sent
dynamically by dhcp on my network. The dhcp server is on the firewall which
address is 192.168.254.1/255.255.255.255 (this address is static).
I''ve got a rsync server on this network which is on a separe server. His
address is 192.168.254.200/255.255.255.255 (this address is static).
I want that the users
2020 Aug 04
0
[Bug 1448] New: SNAT/DNAT/Masquerading not working for UDPLite protocol
https://bugzilla.netfilter.org/show_bug.cgi?id=1448
Bug ID: 1448
Summary: SNAT/DNAT/Masquerading not working for UDPLite
protocol
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5
Component: NAT
2004 Jun 05
5
DNAT or SNAT or both?
I have an internal (10.16.0.0/24) network which is routed out
via a proxy on port 80 only, this proxy is then routed to an
upstream proxy on port 8080, this then runs through a cluster
of caching (squid) proxies and then finally, goes out to the internet.
As there are a cluster of squid proxies, the IP of an internet-request
from the internal LAN is never the same, it changes to match the proxy
2005 Jun 24
1
SNAT multiple IP to single internal IP and limiting access based on external IP
Hello all,
I have shorewall setup with 3 SNAT entries for external IP address''s to
a single IP internal address. I am wondering how to limit access based
on the source IP address.
ex.
EXT IP 1 access only to port 25
EXT IP 2 access only to port 443
EXT IP 3 access only to port 80
I have the SNAT setup correctly and I have 3 accept line in the rules
file (25,80,443) but I can hit
2003 Feb 04
1
Totally SNAT confused :)
Hi !
I have setup a complete shorewall now with DMZ, and Private zones and
masq, rules, port-forwarding etc. worx like expected.
BUT
I have a wish to use a couple of more public IP''s and relate those to
inernal servers on the DMZ zone and i am now so confused about it. I have
searched this archive for SNAT port allow
Setup:
3 public adresses on the WAN nic. lets call them 80.80.80.80 -
2018 May 03
5
[Bug 1255] New: nftables SNAT is not working
https://bugzilla.netfilter.org/show_bug.cgi?id=1255
Bug ID: 1255
Summary: nftables SNAT is not working
Product: nftables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: critical
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
2005 Jan 23
15
Idea: permit /etc/shorewall/masq to contain zones, as well as interfaces
Dear All,
Firstly, thank you very much - shorewall is great. I''m not a member of
this list, and please forgive me if I am suggesting something stupid, but
the following occurs to me, and I thought it might be useful.
Why no make it possible to specify zones as well as interfaces in the
/etc/shorewall/masq file ?
Eg: instead of:
eth0 eth1
one might write:
net loc (or masq in
2006 Feb 07
7
Masquerading issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Shorewall-3.0.3
RH9 (+legacy updates)
eth0: loc: 192.168.1.0/24
eth0:0: loc: 192.168.20.0/24
eth1:: 69.70.32.8/29
I''m worked all day on an issue I found today and I just can''t find a way
to fix my problem.
So, basically, for now, my network looks like this:
Internet
^
|
(69.70.32.8/29)
Firewall
192.168.1.1
2006 Jan 02
7
Several IP''s, one mail and http server
Hi,
I want to have several IP''s for my connection and each IP will have it''s
own hostname.
Now I want to serve a web server and mail server for each
hostname/IP_addr pair on the same box in the internal LAN using one
apache and one postfix daemon.
If I do one SNAT and several DNATs then only the hostname which I SNAT
the server to would work.
Is the only way to do it
2005 Jan 22
3
DNAT, NAT or ProxyARP?
Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
Hello all,
I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using
pppoe with a dynamic ip that changes frequently.
The problem is when the line drops the sip/iax registrations drop as well,
and they don''t register thereafter. When I check the conntrack entries, I
noticed the entries still have the old wan ip address and because of
keepalive (i''m
2007 Apr 17
6
[Bug 554] Packet illegaly bypassing SNAT
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554
------- Additional Comments From fhagur@gmail.com 2007-04-17 05:04 MET -------
I have been wondering about this bug and had similar problems myself here in my
Debian system, linux-kernel 2.6.18 iptables 1.3.6.
I too saw that some packets became transmitted illegally through the ppp0
interface, when they just shoudn't.
What I
2004 Mar 06
16
Bridging Update
The bridging documentation (http://shorewall.net/2.0/bridge.html) has been
expanded and there is a refresh of the bridging code
(ftp://shorewall.net/pub/shorewall/Bridging and
http://shorewall.net/pub/shorewall/Bridging).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2011 Apr 15
1
Proxyarp vs DNAT
Hello list,
I am in the process of switching from IPCOP to Shorewall s the firewall
for our small office. I very much like the fact that Shorewall runs on
top of the same OS (openSuSE 11.4) that I run on the server and my desktop.
Our setup is fairly straightforward. We have 8 static ip addresses from
our ISP, which provides a cable modem and a Cisco 800 series router.
The ip addresses are
2004 Aug 02
1
Split Access Routing and SNAT
Hi all,
i got the following configuration:
* NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28
* NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28
* INTNET: Internal Network with productive servers and workstations,
192.168.1.0/24
Obvisiously the 10er networks are official networks but censored to
protect my customer.
The routerbox assigns on eth0 all
2005 Feb 25
6
nat problem
Hi All,
I''m using the Mandrake Linux MultiNetwork Firewall which is a web based
interface to the shorewall firewall.
I have an internal ip address of 172.25.38.1 which I am try to nat to a
public address so that the client pc can ftp to the internet
I have add the following in the nat file:
168.10.10.1 eth3 172.25.38.1 No No
And this to rules:
ACCEPT lan:172.25.38.1 wan tcp