similar to: DNAT "without" SNAT?

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hello all, I have a problem with external access to a postfix mailserver running on my firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows: eth0 is zone isf - this is an intranet to other companies eth1 is zone loc - local network eth2 is zone net - internet, fix ip adress eth0 and eth1 are bridged shorewall version 2.2.0-RC4 ip addr show 1: lo: <LOOPBACK,UP> mtu

Hello all I wanted to forward all incoming requests in port 80 to a server in my LAN, and by using DNAT lines, it actually works. However, it is unstable, in the sense that in the beggining of each connection (one or two seconds) it is extremely fast, then it sometimes pauses and waits 30 seconds or so, then it starts again and so on. The line i used is : DNAT net loc:192.168.0.210 tcp 80 DNAT

More than one of our docs issues revolve around some confusion between "IP masquerading" and "SNAT" -- a confusion I might share, or if contagious, I may be catching. <g> I think of SNAT more or less as a special case of IP masquerading, applicable when, for example, the external interface has multiple IP''s and you choose to _explicitly_ set the address through

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users

https://bugzilla.netfilter.org/show_bug.cgi?id=1448 Bug ID: 1448 Summary: SNAT/DNAT/Masquerading not working for UDPLite protocol Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: NAT

I have an internal (10.16.0.0/24) network which is routed out via a proxy on port 80 only, this proxy is then routed to an upstream proxy on port 8080, this then runs through a cluster of caching (squid) proxies and then finally, goes out to the internet. As there are a cluster of squid proxies, the IP of an internet-request from the internal LAN is never the same, it changes to match the proxy

Hello all, I have shorewall setup with 3 SNAT entries for external IP address''s to a single IP internal address. I am wondering how to limit access based on the source IP address. ex. EXT IP 1 access only to port 25 EXT IP 2 access only to port 443 EXT IP 3 access only to port 80 I have the SNAT setup correctly and I have 3 accept line in the rules file (25,80,443) but I can hit

Hi ! I have setup a complete shorewall now with DMZ, and Private zones and masq, rules, port-forwarding etc. worx like expected. BUT I have a wish to use a couple of more public IP''s and relate those to inernal servers on the DMZ zone and i am now so confused about it. I have searched this archive for SNAT port allow Setup: 3 public adresses on the WAN nic. lets call them 80.80.80.80 -

https://bugzilla.netfilter.org/show_bug.cgi?id=1255 Bug ID: 1255 Summary: nftables SNAT is not working Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: kernel Assignee: pablo at netfilter.org

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I''m worked all day on an issue I found today and I just can''t find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1

Hi, I want to have several IP''s for my connection and each IP will have it''s own hostname. Now I want to serve a web server and mail server for each hostname/IP_addr pair on the same box in the internal LAN using one apache and one postfix daemon. If I do one SNAT and several DNATs then only the hostname which I SNAT the server to would work. Is the only way to do it

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hello all, I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using pppoe with a dynamic ip that changes frequently. The problem is when the line drops the sip/iax registrations drop as well, and they don''t register thereafter. When I check the conntrack entries, I noticed the entries still have the old wan ip address and because of keepalive (i''m

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=554 ------- Additional Comments From fhagur@gmail.com 2007-04-17 05:04 MET ------- I have been wondering about this bug and had similar problems myself here in my Debian system, linux-kernel 2.6.18 iptables 1.3.6. I too saw that some packets became transmitted illegally through the ppp0 interface, when they just shoudn't. What I

The bridging documentation (http://shorewall.net/2.0/bridge.html) has been expanded and there is a refresh of the bridging code (ftp://shorewall.net/pub/shorewall/Bridging and http://shorewall.net/pub/shorewall/Bridging). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are

Hi all, i got the following configuration: * NET1: DSL Line with /28 network, let''s call it 10.1.0.0/28 * NET2: DSL Line with /28 network, let''s call it 10.2.0.0/28 * INTNET: Internal Network with productive servers and workstations, 192.168.1.0/24 Obvisiously the 10er networks are official networks but censored to protect my customer. The routerbox assigns on eth0 all

Hi All, I''m using the Mandrake Linux MultiNetwork Firewall which is a web based interface to the shorewall firewall. I have an internal ip address of 172.25.38.1 which I am try to nat to a public address so that the client pc can ftp to the internet I have add the following in the nat file: 168.10.10.1 eth3 172.25.38.1 No No And this to rules: ACCEPT lan:172.25.38.1 wan tcp