Displaying 20 results from an estimated 4000 matches similar to: "DNAT + Masq Problem - Yes I read the FAQ I promise"
2004 Sep 27
9
masq - pings and connections get dropped after PREROUTING?
Hello,
I have a pretty standard two-interface setup with masquerading, so the local
network can connect through the firewall to the Internet.
On the firewall box (trevor), eth0 is connected to a cable modem and eth1 is
connected to the local network via a crossed cable. There is one other
machine on the local network (brian), whose eth0 is at the other end of the
crossed cable.
I used to have
2004 Sep 29
0
Re: Shorewall-users Digest, Vol 22, Issue 65
Hi
I have 2nic firewall . I had to open some ranges of udp and tcp ports . I
faced a problem that although all the ports are open Some functionality was
not working . Any body used shorewall with H323 Voip traffic DNATed . Any
help is appretiated .
Thanks
----- Original Message -----
From: <shorewall-users-request@lists.shorewall.net>
To: <shorewall-users@lists.shorewall.net>
Sent:
2006 Aug 29
3
masq problem
Hi everybody.
I''m sorry to bother you because I''m probably doing something wrong, but
I have already read the documentation and I have been using shorewall
for quite a long time.
I recently installed 3.2.3 from source (but there was the same problem
with 3.0.7 from apt-get ... -t unstable)
The thing is, that I can''t get masq working. Maybe this is because
2005 Jun 06
23
Multi-ISP in 2.4.0
Hello Shorewall list,
I''m a happy Shorewall user since a few years now and everything works fine
for me except one thing that I try to implement since a week, the multi-isp.
I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a
week.
My config is a Debian running a kernel 2.4.27 home made with the
CONNMARK.diff patch applied
I''m using 2 ISP,
2005 Feb 25
6
nat problem
Hi All,
I''m using the Mandrake Linux MultiNetwork Firewall which is a web based
interface to the shorewall firewall.
I have an internal ip address of 172.25.38.1 which I am try to nat to a
public address so that the client pc can ftp to the internet
I have add the following in the nat file:
168.10.10.1 eth3 172.25.38.1 No No
And this to rules:
ACCEPT lan:172.25.38.1 wan tcp
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2004 Jan 21
3
FW: DNAT and masq problem with kernel 2.4.23
Hi,
after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8
will not start / it fail on DNAT and/or masq with message: "iptables:
Invalid argument" /
I founded some similar problems description - see links bellow, but there is
no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel.
http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html
2005 Feb 15
5
dnat problem
Hi, im running shorewall 2.0.16 with centos 3 (iptables v1.2.8), everything
is working fine for several days, i have configured a masq lan and all the
outgoing traffic is ok, but now i want to redirect (port forward) the
external web traffic to an internal machine, somethig like this
INTERNET ---------> SHOREWALL -------------------> INTERNAL_MACHINE
[public
2013 Nov 05
8
Forwarding external traffic to another external server?
I''m trying to use my VPS server (single interface of course) as
somewhat of a VPN gateway to my other location (which is not
accessible directly from some places) where the openvpn server is
running, and am kind of lost as to what to try next.
I tried a redirect rule, but apparently shorewall didn''t like that (it
just failed to start).
I tried adding the rules via
2007 Mar 20
2
New Perl-based Compiler
My experimentation with a Perl-based compiler for Shorewall is beginning
to bear fruit. Here is a timing from the main firewall at shorewall.net
using the Perl-based compiler. That compiler generates a script that
uses iptables-restore to configure Netfilter.
root@lists:~/shorewall# shorewall restart .
Compiling...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Restarting
2012 Sep 05
2
DNAT issue
Hi,
Sorry, not an experienced shorewall user, this is my first basic setup.
This starts to drive me crazy.
I wanted to use DNAT to forward port 33890 to an internal machine (windows)
port 3389. To reach my workstation when I''m not home.
In my rules :
DNAT:debug net loc:192.168.0.11:3389 tcp 33890 -
pub.lic.ip.add
#SECTION BLACKLIST
#well known port scans
DROP net
2004 Oct 14
16
Squid as a transparent proxy
Hi,
I followed the instructions in the section "Squid
(transparent) Running on the Firewall" on
http://www.shorewall.net/Shorewall_Squid_Usage.html to
setup Squid transparently on a Linux gateway. My net
is as follows:
loc subnet --- fw Linux Gateway --- ADSL router
192.168.1.0/24 192.168.1.92 (eth1) WAN.WAN.WAN.2
(gw = WAN.WAN.WAN.WAN (eth0)
192.168.1.92) (gw =
2005 Mar 02
12
Problem with outgoing Masquerade
I''m having another little problem with my new firewall. I want outgoing port
25 from my mail server to appear on the address 65.223.121.227 so I created
the file masq:
eth2 192.168.124.18 65.223.121.227 tcp 25
eth1 eth5
eth1 eth3
eth1 eth4
eth1 == net0 == 209.189.103.196/27
eth2 == net1 == 65.223.121.237/28
eth3 == dmz0
eth4 == dmz1
eth5 == loc ==
2005 Jan 23
15
Idea: permit /etc/shorewall/masq to contain zones, as well as interfaces
Dear All,
Firstly, thank you very much - shorewall is great. I''m not a member of
this list, and please forgive me if I am suggesting something stupid, but
the following occurs to me, and I thought it might be useful.
Why no make it possible to specify zones as well as interfaces in the
/etc/shorewall/masq file ?
Eg: instead of:
eth0 eth1
one might write:
net loc (or masq in
2005 Feb 02
1
Masq errors?
Hi all,
I have a problem with a new Shorewall box I''m trying to migrate from
iptables rules to shorewall 2.2.0.
I have a 3 interfaces setup:
- eth0 ---> internet (ip address)
- eth1 ---> remote office (10.0.0.0/8)
- eth2 ---> lan (192.168.16.0/24)
I''m using a very simple and common setup, with just a few DNAT rules in
my /etc/shorewall/rules file, and about twenty
2018 Aug 29
2
Setting up port forwarding to guests on nat network
Hello all,
I’m currently trying to figure out how to forward ports to guests that are on a NAT Network. I have followed the directions on https://wiki.libvirt.org/page/Networking under the “Forwarding Incoming Connections” Section and get connection refused when attempting to connect.
System: Ubuntu Server 18.04.1
Virsh / LibVirtd Version: 4.0.0
Here’s the contents of /etc/libvirt/hooks/qemu
2006 Nov 14
2
NAT/MASQ with multiple external static IPs
Hello everyone,
really not sure if this is a LARTC question or not, but I have several
hundred users all MASQ''d behind a single static IP. Users are reporting
that certain websites are blacklisting that single static external IP
for various reasons.
What I would like to do is use several external IP''s and have a MASQ''d
user getting a random one each time.
Here is
2004 Aug 07
11
Traffic shaping?
Ok, shaping on Linux is new to me.. so bear with me if i am just stupid.
curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^#
TCP_FLAGS_LOG_LEVEL=info
TC_ENABLED=Yes
CLEAR_TC=Yes
TCP_FLAGS_DISPOSITION=DROP
curtain:/etc/shorewall#
So it should be enabled, right?
---- tcrules ----
1 eth0 0.0.0.0/0 all
2 eth1 0.0.0.0/0 all
2 eth2 0.0.0.0/0
2003 Jan 06
1
masq problem
Dear all,
I get a problem with masq, why it doesn''t work for connect to internet? my masq
configuration
/etc/shorewall/masq
eth0 10.2.0.0/16 202.158.1.99
but if my masq file without 202.158.1.99 it work!
/etc/shorewall/masq
eth0 10.2.0.0/16
and the ip nat will be same with ip address eth0.
FYI: IP number (202.158.1.99) just valid IP but doesn''t have interface
2006 Mar 06
1
complex; ifb, masq et omnia
Hi all.
I''m using Jamal''s ifb virtual interface from new kernel. Redirecting incoming
traffic from external interface like that:
# tc [blahbla] match u32 0 0 flowid 1:0 action mirred egress redirect dev ifb0
to ifb to shape it.
The problem is that I''m using MASQUERADE by netfilter also. That redirected
traffic coming from internet gets to ifb _before_ DNAT is done.