Displaying 20 results from an estimated 9000 matches similar to: "blocking masquerading for individual ips"
2006 May 30
11
Problems with Routing and Masquerading
Hi,
I have a linux box which balances load between two interfaces ( say WAN1
and WAN2). I have masquerading on for any request coming from LAN to the
outside world.
The setup is in such a way that WAN1 drops packets with source ip
belonging to WAN2''s network and viceversa.
For some strange reason, I find that packet coming out from the WAN
interface has source address of WAN2 and
2010 May 10
4
Port Masquerading
Hi,
I am wondering if it is possible to do the following with shorewall.
I operate a network with some additional IP''s that are SNAT''d to various server machines on my network.
One of my machines is a Terminal server.
I need to be able to RDP to various servers for clients, that are IP locked for RDP on my PtP address, not the SNAT address of my Terminal server.
Can I
2002 Jun 05
4
Docs Issue - IP Masq vs. SNAT
More than one of our docs issues revolve around some confusion between
"IP masquerading" and "SNAT" -- a confusion I might share, or if
contagious, I may be catching. <g>
I think of SNAT more or less as a special case of IP masquerading,
applicable when, for example, the external interface has multiple IP''s
and you choose to _explicitly_ set the address through
2005 May 31
2
DNAT "without" SNAT?
Hi!
First of all, let me say a big "thank you" to Tom for creating
shorewall. I''ve been using it for a few months now and it''s such a
relief to not have to resort to OpenBSD''s pf (which is so much more sane
than Linux'' iptables madness) for the most basic firewalling tasks.
I have a question that I didn''t seem to be able to find in the FAQ.
2004 Apr 24
1
Selective Masquerading
HI guys:
I have a DSL @ 1mb, and another one @ 256kbps
I''ve been reading countless hours regarding the split access / load
balancing issue, but for some strange reason, things don''t work the way they
should.
Sometimes the split access works, other times a DSL begins an ARP flood
pointing all the ARP replies to the other DSL, and sometimes they just wont
work at all.
While
2003 Jun 02
3
[jik@kamens.brookline.ma.us: MSS clamping doesn''t work with masquerading through VPN?]
I sent the message below to this list over a week ago, and I haven''t
seen any response.
If this is not the correct forum for my question, can anyone suggest a
better person or place to which I should direct it?
Thank you,
Jonathan Kamens
------- Start of forwarded message -------
From: Jonathan Kamens <jik@kamens.brookline.ma.us>
To: lartc@mailman.ds9a.nl
Subject: [LARTC] MSS
2006 Feb 07
7
Masquerading issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Shorewall-3.0.3
RH9 (+legacy updates)
eth0: loc: 192.168.1.0/24
eth0:0: loc: 192.168.20.0/24
eth1:: 69.70.32.8/29
I''m worked all day on an issue I found today and I just can''t find a way
to fix my problem.
So, basically, for now, my network looks like this:
Internet
^
|
(69.70.32.8/29)
Firewall
192.168.1.1
2005 Jun 10
3
Multiple gateways
Hello,
Since I could not figure out my previous problem, let me ask in a different way.
I have 3 networks inside my LAN. They are 172.16.55.0/24 ,
172.16.56.0/24 and 172.16.57.0/24 respectively. They all use eth0 as
an alias.
I also have 2 uplinks to different ISPs. One of them is leased line
and the other one is ADSL.
One of my uplink is 81.8.120.18/30 with gateway 81.8.120.17 on eth1
and the
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
Hello all,
I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using
pppoe with a dynamic ip that changes frequently.
The problem is when the line drops the sip/iax registrations drop as well,
and they don''t register thereafter. When I check the conntrack entries, I
noticed the entries still have the old wan ip address and because of
keepalive (i''m
2004 Jul 03
1
load balanced adsl lines
Hi Ppl
I have 5 adsl lines that after reading quite a bit i managed to get load balanced now abvoiusly it doesnt load balance evenly and this works on what routes are still in the routing cache. my question is my outbound masquerading had to be modified to use snat in iptables instead of just plain masquerading my outbound masquerading now works but my inbound port forwarding doesnt work would
2006 Oct 06
12
Two outbound internet links, using one network interface
Hi,
I am trying to categorize the network traffic and to send it out across
two different providers.
For this I mark the packets in the firewall (in the PREROUTING chain of
table mangle),
and then use another routing table for the marked packets, which has a
different gateway
from the main routing table. Basicaly I am following the cookbook
example in this page:
2002 Mar 03
1
tinc vs. ipchains masquerading
Howdy,
I tried tackling this on irc with Ivo, but I suspect that irc may really
not be the best medium for technical discussions, so I'll reprise it here.
I am trying to duplicate the "tinc from behind a masquerading firewall"
example from the tinc web site:
(home) <--> (masquerading firewall) <--> (office)
192.168.1.21 192.168.1.1/1.2.3.4
2007 Aug 21
3
Rout looping through local host.
After many many hours of frustration and failures I''m almost to the
point that I don''t think this is even currently possible with Linux.
With out going in to too much detail, I am effectively wanting to do the
following.
I want to be able to take traffic in from a local LAN on eth0 and route
it out eth1 to a default gateway with a static IP. I want said default
gateway
2005 Jan 07
3
masq or static nat
Hello,
> My server is on Mandrake 10.1 off.
> eth0 is WAN with static IP connected 512 DSL
> eth1 is LAN.
I am little confused about NAT.
I have a static IP from ISP
I want to do a NAT on eth0.
What should I use in shorewall masquerading or static nat ?
Thanks
Varun
2020 Aug 04
0
[Bug 1448] New: SNAT/DNAT/Masquerading not working for UDPLite protocol
https://bugzilla.netfilter.org/show_bug.cgi?id=1448
Bug ID: 1448
Summary: SNAT/DNAT/Masquerading not working for UDPLite
protocol
Product: netfilter/iptables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: normal
Priority: P5
Component: NAT
2008 May 29
1
shorewall & ipsec rules with "FORWARD:DROP" packets
I have been working really hard configuring and researching very
extensively, trying to figure why we are getting
"Shorewall:FORWARD:DROP" packets. IPSEC works just fine without the
iptable rules created by our shorewall configs but when starting
shorewall and creating the iptables I noticed the packets are dropped.
I know it is a config situation but I am totally racking my brain as
2006 Feb 17
3
dansguardian+squid masquerading not working
Hello Everyone!
I am using shorewall-3.0.5 on suse linux.
Recently we have implemented dansguardian running on 8080 and squid on
port 3128.
Previously (before dans guardian) masquerading was working fine but
after the implementation of dansguardian masquerading is not working.
My rules file has entry
Previous entry was
ACCEPT loc:192.192.192.3 net
REDIRECT loc 8080 tcp
2019 Jun 28
2
UDP broadcasts vs. nat Masquerading issue
Hi all,
I'm observing an issue that as soon as libvirt starts, UPD broadcasts
going through physical network (and unrelated to any virtualization) get
broken. Specifically, windows neighbourhood browsing through samba's
nmbd starts suffering badly (Samba is running on this same box).
At the moment I'm running a quite outdated version 1.2.9 of libvirt, but
other than this issue,
2005 Jun 01
0
SNAT (or MASQUERADING) and DNAT question
Hi,
The private adresses (192.168.254.0/255.255.255.0) of my network are sent
dynamically by dhcp on my network. The dhcp server is on the firewall which
address is 192.168.254.1/255.255.255.255 (this address is static).
I''ve got a rsync server on this network which is on a separe server. His
address is 192.168.254.200/255.255.255.255 (this address is static).
I want that the users
2006 Mar 30
3
Difficulty in configuring QOS
Hi,
I''m trying to configure QOS , but I''m don''t have success.
My files:
#/etc/shorewall/tcdevices
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
eth0 256kbit 256kbit
eth1 256kbit 256kbit
eth2 256kbit 256kbit
#/etc/shorewall/tcclasses
#INTERFACE MARK RATE CEIL PRIORITY OPTIONS
eth1