similar to: blocking masquerading for individual ips

Displaying 20 results from an estimated 9000 matches similar to: "blocking masquerading for individual ips"

2006 May 30
11
Problems with Routing and Masquerading
Hi, I have a linux box which balances load between two interfaces ( say WAN1 and WAN2). I have masquerading on for any request coming from LAN to the outside world. The setup is in such a way that WAN1 drops packets with source ip belonging to WAN2''s network and viceversa. For some strange reason, I find that packet coming out from the WAN interface has source address of WAN2 and
2010 May 10
4
Port Masquerading
Hi, I am wondering if it is possible to do the following with shorewall. I operate a network with some additional IP''s that are SNAT''d to various server machines on my network. One of my machines is a Terminal server. I need to be able to RDP to various servers for clients, that are IP locked for RDP on my PtP address, not the SNAT address of my Terminal server. Can I
2002 Jun 05
4
Docs Issue - IP Masq vs. SNAT
More than one of our docs issues revolve around some confusion between "IP masquerading" and "SNAT" -- a confusion I might share, or if contagious, I may be catching. <g> I think of SNAT more or less as a special case of IP masquerading, applicable when, for example, the external interface has multiple IP''s and you choose to _explicitly_ set the address through
2005 May 31
2
DNAT "without" SNAT?
Hi! First of all, let me say a big "thank you" to Tom for creating shorewall. I''ve been using it for a few months now and it''s such a relief to not have to resort to OpenBSD''s pf (which is so much more sane than Linux'' iptables madness) for the most basic firewalling tasks. I have a question that I didn''t seem to be able to find in the FAQ.
2004 Apr 24
1
Selective Masquerading
HI guys: I have a DSL @ 1mb, and another one @ 256kbps I''ve been reading countless hours regarding the split access / load balancing issue, but for some strange reason, things don''t work the way they should. Sometimes the split access works, other times a DSL begins an ARP flood pointing all the ARP replies to the other DSL, and sometimes they just wont work at all. While
2003 Jun 02
3
[jik@kamens.brookline.ma.us: MSS clamping doesn''t work with masquerading through VPN?]
I sent the message below to this list over a week ago, and I haven''t seen any response. If this is not the correct forum for my question, can anyone suggest a better person or place to which I should direct it? Thank you, Jonathan Kamens ------- Start of forwarded message ------- From: Jonathan Kamens <jik@kamens.brookline.ma.us> To: lartc@mailman.ds9a.nl Subject: [LARTC] MSS
2006 Feb 07
7
Masquerading issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I''m worked all day on an issue I found today and I just can''t find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1
2005 Jun 10
3
Multiple gateways
Hello, Since I could not figure out my previous problem, let me ask in a different way. I have 3 networks inside my LAN. They are 172.16.55.0/24 , 172.16.56.0/24 and 172.16.57.0/24 respectively. They all use eth0 as an alias. I also have 2 uplinks to different ISPs. One of them is leased line and the other one is ADSL. One of my uplink is 81.8.120.18/30 with gateway 81.8.120.17 on eth1 and the
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
Hello all, I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using pppoe with a dynamic ip that changes frequently. The problem is when the line drops the sip/iax registrations drop as well, and they don''t register thereafter. When I check the conntrack entries, I noticed the entries still have the old wan ip address and because of keepalive (i''m
2004 Jul 03
1
load balanced adsl lines
Hi Ppl I have 5 adsl lines that after reading quite a bit i managed to get load balanced now abvoiusly it doesnt load balance evenly and this works on what routes are still in the routing cache. my question is my outbound masquerading had to be modified to use snat in iptables instead of just plain masquerading my outbound masquerading now works but my inbound port forwarding doesnt work would
2006 Oct 06
12
Two outbound internet links, using one network interface
Hi, I am trying to categorize the network traffic and to send it out across two different providers. For this I mark the packets in the firewall (in the PREROUTING chain of table mangle), and then use another routing table for the marked packets, which has a different gateway from the main routing table. Basicaly I am following the cookbook example in this page:
2002 Mar 03
1
tinc vs. ipchains masquerading
Howdy, I tried tackling this on irc with Ivo, but I suspect that irc may really not be the best medium for technical discussions, so I'll reprise it here. I am trying to duplicate the "tinc from behind a masquerading firewall" example from the tinc web site: (home) <--> (masquerading firewall) <--> (office) 192.168.1.21 192.168.1.1/1.2.3.4
2007 Aug 21
3
Rout looping through local host.
After many many hours of frustration and failures I''m almost to the point that I don''t think this is even currently possible with Linux. With out going in to too much detail, I am effectively wanting to do the following. I want to be able to take traffic in from a local LAN on eth0 and route it out eth1 to a default gateway with a static IP. I want said default gateway
2005 Jan 07
3
masq or static nat
Hello, > My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN. I am little confused about NAT. I have a static IP from ISP I want to do a NAT on eth0. What should I use in shorewall masquerading or static nat ? Thanks Varun
2020 Aug 04
0
[Bug 1448] New: SNAT/DNAT/Masquerading not working for UDPLite protocol
https://bugzilla.netfilter.org/show_bug.cgi?id=1448 Bug ID: 1448 Summary: SNAT/DNAT/Masquerading not working for UDPLite protocol Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: NAT
2008 May 29
1
shorewall & ipsec rules with "FORWARD:DROP" packets
I have been working really hard configuring and researching very extensively, trying to figure why we are getting "Shorewall:FORWARD:DROP" packets. IPSEC works just fine without the iptable rules created by our shorewall configs but when starting shorewall and creating the iptables I noticed the packets are dropped. I know it is a config situation but I am totally racking my brain as
2006 Feb 17
3
dansguardian+squid masquerading not working
Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp
2019 Jun 28
2
UDP broadcasts vs. nat Masquerading issue
Hi all, I'm observing an issue that as soon as libvirt starts, UPD broadcasts going through physical network (and unrelated to any virtualization) get broken. Specifically, windows neighbourhood browsing through samba's nmbd starts suffering badly (Samba is running on this same box). At the moment I'm running a quite outdated version 1.2.9 of libvirt, but other than this issue,
2005 Jun 01
0
SNAT (or MASQUERADING) and DNAT question
Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users
2006 Mar 30
3
Difficulty in configuring QOS
Hi, I''m trying to configure QOS , but I''m don''t have success. My files: #/etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 256kbit 256kbit eth1 256kbit 256kbit eth2 256kbit 256kbit #/etc/shorewall/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth1