similar to: Totally SNAT confused :)

I''m a bit confused about the zones vs. rules regulatives. Scenario: I''m setting up an firewall for a friend with loc, net and dmz zones (and ofcourse the firewall itself fw). I need to be able to remotely administrate it, either through ssh or webinterface, because of the physical distance. lets asume my public IP at home is 80.80.80.80 Would it (if we focus on ssh connection

Hi to everybody, I want create a VPN with some PC clients and only one server, instead of LAN-to-LAN, but I'm not very sure how to do this. For example, I need to have: - Server LAN -------- (192.168.0.1/24) ---- tinc-VPN ---- (192.168.100.1/24) - Client-01 LAN --- (192.168.50.1/24) ---- tinc-VPN ---- (192.168.100.10/24) - Client-02 LAN --- (192.168.80.1/24) ---- tinc-VPN ----

Greetings Some time ago I briefly played with NFS. More recently with Samba. What I am wondering is if NFSv4 is already integrated into Centos 4 from upstream. Reference: http://www.linuxplanet.com/linuxplanet/reviews/6331/1/ if not, is there a timeline? Centos 5 ? and... is or can NFS be a compatible yet better replacement for Samba? thanks - rh -- Robert - Abba Communications

We have a router with two external and one internal interfaces and it doesn''t work as we''d like to. We need it to route all the trafic through one of the external interfaces and to access a few networks through the other. Currently it seems that all the packets with source address from the inernal network are routed correctly. The problem is with the packets that originate from

I have this failing every times I want to "update" the "destination". I've tried through SSH (from my box -/home is a NFS mount point here- to the backup one) or directly through "local transport" (because /home/ is a local RAID-5 mount point on the backup box). $ rsync -v -e /usr/bin/ssh -ax --delete \ /home/beta /home/worx \

[root at mail postfix]# dovecot --version 1.0.rc25 [root at mail postfix]# dovecot -n # /usr/local/etc/dovecot.conf ssl_cert_file: /usr/share/ssl/certs/dovecot.pem ssl_key_file: /usr/share/ssl/private/dovecot.pem login_dir: /usr/local/var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login mbox_write_locks: fcntl auth default: passdb: driver: pam userdb: driver:

Hi - The problem is with two abline(s). Attached are: 1) jnk.r to run program 2) jnk.rin the data 3) jnkps.eps the postscript output 4) jnkscreen.bmp (from photoshop after bmp copy to clipboard) in jnk.zip the eps and bmp are different on my machine (windows 2000) any suggestions appreciated bob >>> Diego.Kuonen at epfl.ch 03/18/00 08:24AM >>> "Robert L.

Using my application i can able to save a new record into my db but i cannot update a existing record into my db. using update query i can able to update my records. but using update_attributes it doesnot update my records. even i cant find any errors in logs or something. throughout my application i can able to save a new record but unable to update my existing records. actually i have changed

I know how to change the UUID of Physical Volumes and Volume Groups, but when I try to do the same for a Logical Volume, lvchange complains that "--uuid" is not an option. Here is how I've been changing the others (note that "--uuid" does not appear in the man pages for pvchange and vgchange for lvm2-2.02.26-3.el5): pvchange --uuid {pv dev} vgchange --uuid {vg name} Any

Hi, when using diffrent routing tables, outgoing packets after SNAT always have hw-adresses as if the packed was coming from my machine. So a forwarded packet to default gw x on eth0 gets hw-adresses as if the same packet with origin loopback was routed to default gw y on network wlan0 which is diffrent. I do "ip rule add iif lo table mine" and some "ip route add ... table

Hello, I have a problem with the following setup, I hope you can help me. I have two internet gateways, one for LAN1 and the second for LAN2. +--------------+ GW1 more eth0| |eth4(SNAT) GW2 ---...routers...-----+ router +----------------- | | +---+------+---+ eth1|

Hi, I configured a router box to use 2 providers, as described in the HOWTO. (Apendix 1) I want to use both links to reach a single smtp server. As I read in the kptd and in some old messages of this list, doing a SNAT in the postrouting chain comes _after_ the routing desision. So I guess the following lines I''m trying to use are wrong. (See Apendix 1) What can I do to have multiple

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users

hi, I have a real networks on the eth0 side and real network on the eth1 side. a.a.a.0/24 x.x.x.0/24 <eth0--SNAT-box--eth1:0> y.y.y.2/24 <====> y.y.y.1/24 <===>INTERNET z.z.z.0/24 I want to nat those behind eth0 to go out as y.y.y.0/24 (eth1 is with another address different gw and address, so that i''m using eth1:0 and separate rule&table) I''m currently

Hello all, I have shorewall setup with 3 SNAT entries for external IP address''s to a single IP internal address. I am wondering how to limit access based on the source IP address. ex. EXT IP 1 access only to port 25 EXT IP 2 access only to port 443 EXT IP 3 access only to port 80 I have the SNAT setup correctly and I have 3 accept line in the rules file (25,80,443) but I can hit

hi list, any idea how i can transcribe this simple iptables script to shorewall config? wich files should be modified ? iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP

Hi all, I''m using Shorewall since one year (1.4, then 2.0) I''m trying to migrate a linux firewall from iptables rules to shorewall. The firewall has three zones - net internet - loc1 lan - loc2 second lan I have a lot of rules like this, to SNAT the ip addresses of some computers on loc1 (192.168.16.0/24) when they connect to loc2 (10.0.0.0/8) iptables -v -t nat -I

Hу здpаcте shorewall-users, can i make subj with shorewall? i enabled iproute2 (i have dial-up and LAN) for some machine behind NAT. NAT network is 10.33.20.0/24 and ppp0 ip is given dynamicly sooo... for me to make machine with 10.33.20.10 ip to go throught new gate with given addres i need to perform subj (or so i think :-)). PS: i''m not a constant subscriber...

http://bugzilla.netfilter.org/show_bug.cgi?id=693 Jozsef Kadlecsik <kadlec at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID --- Comment #11 from Jozsef Kadlecsik

Hi! Progress is much better now with my new install with not many problems left! I just have a simple - I hope - question. I have a few users that need access to the net via masquerade rules. The rest have to go via squid on the firewall. That all works well. I also have two windows servers that also need access to the net but they have to each use a specific outgoing ip address. I add two