* Re: msn and yahoo messenger voice chat
@ 2005-04-12 14:27 Daniel Lopes
0 siblings, 0 replies; 10+ messages in thread
From: Daniel Lopes @ 2005-04-12 14:27 UTC (permalink / raw)
To: netfilter
Wennie V. Lagmay schrieb:
> Hi all,
>
> Below are the config I tested and results:
>
> 1. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source
> xxx.xxx.85.113-xxx.xxx.85.115
> 2. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -d
> xxx.xxx.85.113 -j MASQUERADE
> 3. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j MASQUERADE
>
> config 1, everything is working fine except msn and yahoo messenger voice
> chat.
> config 2, everything is working fine except msn and yahoo messenger voice
> chat.
> config 3, everything is working fine including msn and yahoo messenger voice
> chat, the only problem is that this configuration is not fitted to our
> setup. Can anybody have an idea on using config 1 and 2 with msn and yahoo
> messenger voice chat enable? or do you have any solution enabling similar to
> config 1 with all features enable?
>
> Thank you very much,
>
> Wennie
>
Is there something else you use? I tried MSN voice chat behind my router
also using MASQUERADE but it doens´t work because MSN sends src IP
within the payload and therefor NAT fails.
^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <1113309566.425bc17e6a46f@webmail.yanbulink.net>]
* Re: msn and yahoo messenger voice chat
[not found] <1113309566.425bc17e6a46f@webmail.yanbulink.net>
@ 2005-04-12 12:39 ` Jason Opperisano
2005-04-12 14:55 ` Wennie V. Lagmay
0 siblings, 1 reply; 10+ messages in thread
From: Jason Opperisano @ 2005-04-12 12:39 UTC (permalink / raw)
To: netfilter
On Tue, Apr 12, 2005 at 03:39:26PM +0300, Wennie V. Lagmay wrote:
>
> Thank you Jason, I just want to confirm is it to be writen
>
> like this alone:
> iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to
> xxx.xxx.85.113-xxx.xxx.85.115
yes--SAME can completely replace your SNAT rule, if you so desire.
> or the original SNAT plus SAME like this :
> IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source
> xxx.xxx.85.113-xxx.xxx.85.115
that rule isn't completely correct, as it has no "-t nat" in it.
> iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to
> xxx.xxx.85.113-xxx.xxx.85.115
if you're asking if you should have a SNAT rule followed by a SAME rule
that are identical except for the target, then no--the SAME rule will
never be matched in that scenario.
if you want to combine SAME and SNAT--put the SAME rule first and have
it match only on the specific ports used by the application in question
that cannot handle src IP changes; and the SNAT rule second to catch the
rest of the general traffic.
HTH...
-j
--
"Chris: Where do you think you go when you die?
Southern boy: I learned from church that if you're good you go to
heaven but if you're bad, you go to a place where the dead believe
they're still living and they pray for death but death won't come.
Chris: UPN?"
--Family Guy
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: msn and yahoo messenger voice chat
2005-04-12 12:39 ` Jason Opperisano
@ 2005-04-12 14:55 ` Wennie V. Lagmay
2005-04-12 17:03 ` Jason Opperisano
2005-04-14 5:11 ` Wennie V. Lagmay
0 siblings, 2 replies; 10+ messages in thread
From: Wennie V. Lagmay @ 2005-04-12 14:55 UTC (permalink / raw)
To: Jason Opperisano, netfilter
Hi Jason just to inform you what have I learn with the configuration from
you.
With this rule:
iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to
xxx.xxx.85.113-xxx.xxx.85.115, it is intermitent, i mean sometimes it
connects to voice but sometimes it does't.
With this rule: iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j
SAME --to xxx.xxx.85.113
It is ok, it connects all the time, I have not encounter any entermitent
connection. This is ok but one might do some nasty things on the net then
the single IP might be block.
But anyway thank you very much for this great help, I really really
appreciate it.
Regards,
Wennie
----- Original Message -----
From: "Jason Opperisano" <opie@817west.com>
To: <netfilter@lists.netfilter.org>
Sent: Tuesday, April 12, 2005 3:39 PM
Subject: Re: msn and yahoo messenger voice chat
> On Tue, Apr 12, 2005 at 03:39:26PM +0300, Wennie V. Lagmay wrote:
> >
> > Thank you Jason, I just want to confirm is it to be writen
> >
> > like this alone:
> > iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to
> > xxx.xxx.85.113-xxx.xxx.85.115
>
> yes--SAME can completely replace your SNAT rule, if you so desire.
>
> > or the original SNAT plus SAME like this :
> > IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j
SNAT --to-source
> > xxx.xxx.85.113-xxx.xxx.85.115
>
> that rule isn't completely correct, as it has no "-t nat" in it.
>
> > iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to
> > xxx.xxx.85.113-xxx.xxx.85.115
>
> if you're asking if you should have a SNAT rule followed by a SAME rule
> that are identical except for the target, then no--the SAME rule will
> never be matched in that scenario.
>
> if you want to combine SAME and SNAT--put the SAME rule first and have
> it match only on the specific ports used by the application in question
> that cannot handle src IP changes; and the SNAT rule second to catch the
> rest of the general traffic.
>
> HTH...
>
> -j
>
> --
> "Chris: Where do you think you go when you die?
> Southern boy: I learned from church that if you're good you go to
> heaven but if you're bad, you go to a place where the dead believe
> they're still living and they pray for death but death won't come.
> Chris: UPN?"
> --Family Guy
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: msn and yahoo messenger voice chat
2005-04-12 14:55 ` Wennie V. Lagmay
@ 2005-04-12 17:03 ` Jason Opperisano
2005-04-13 5:13 ` Wennie V. Lagmay
2005-04-14 5:11 ` Wennie V. Lagmay
1 sibling, 1 reply; 10+ messages in thread
From: Jason Opperisano @ 2005-04-12 17:03 UTC (permalink / raw)
To: netfilter
On Tue, Apr 12, 2005 at 05:55:13PM +0300, Wennie V. Lagmay wrote:
> Hi Jason just to inform you what have I learn with the configuration from
> you.
> With this rule:
> iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to
> xxx.xxx.85.113-xxx.xxx.85.115, it is intermitent, i mean sometimes it
> connects to voice but sometimes it does't.
try using the "--nodst" option:
iptables -t nat -A POSTROUTING -s 192.169.10.0/24 \
-j SAME --nodst --to xxx.xxx.85.113-xxx.xxx.85.115
-j
--
"Stewie: How deliciously evil. It's like something out of Stephen King.
Stephen King: Now for my 300th novel, a couple... is attacked... by
a giant lamp monster.
Editor: You're not even trying anymore are you?"
--Family Guy
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: msn and yahoo messenger voice chat
2005-04-12 17:03 ` Jason Opperisano
@ 2005-04-13 5:13 ` Wennie V. Lagmay
0 siblings, 0 replies; 10+ messages in thread
From: Wennie V. Lagmay @ 2005-04-13 5:13 UTC (permalink / raw)
To: Jason Opperisano, netfilter
Thank you very much, so far its working fine.
regards,
wennie
----- Original Message -----
From: "Jason Opperisano" <opie@817west.com>
To: <netfilter@lists.netfilter.org>
Sent: Tuesday, April 12, 2005 8:03 PM
Subject: Re: msn and yahoo messenger voice chat
> On Tue, Apr 12, 2005 at 05:55:13PM +0300, Wennie V. Lagmay wrote:
> > Hi Jason just to inform you what have I learn with the configuration
from
> > you.
> > With this rule:
> > iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to
> > xxx.xxx.85.113-xxx.xxx.85.115, it is intermitent, i mean sometimes it
> > connects to voice but sometimes it does't.
>
> try using the "--nodst" option:
>
> iptables -t nat -A POSTROUTING -s 192.169.10.0/24 \
> -j SAME --nodst --to xxx.xxx.85.113-xxx.xxx.85.115
>
> -j
>
> --
> "Stewie: How deliciously evil. It's like something out of Stephen King.
> Stephen King: Now for my 300th novel, a couple... is attacked... by
> a giant lamp monster.
> Editor: You're not even trying anymore are you?"
> --Family Guy
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: msn and yahoo messenger voice chat
2005-04-12 14:55 ` Wennie V. Lagmay
2005-04-12 17:03 ` Jason Opperisano
@ 2005-04-14 5:11 ` Wennie V. Lagmay
2005-04-14 12:05 ` Jason Opperisano
1 sibling, 1 reply; 10+ messages in thread
From: Wennie V. Lagmay @ 2005-04-14 5:11 UTC (permalink / raw)
To: Jason Opperisano, netfilter
Hi Jason,
iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to
xxx.xxx.85.113-xxx.xxx.85.115
iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --nodst --to
xxx.xxx.85.113-xxx.xxx.85.115
the above rules are intermitent., the rule below is working fine.
iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to xxx.xxx.85.113
Im using iptables version 1.2.9, I'm just wondering if the above intermitent
rules will work fine on lattest iptables verion. Do you know the lattest and
most stable iptables version?
Thank you very much,
Wennie
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: msn and yahoo messenger voice chat
2005-04-14 5:11 ` Wennie V. Lagmay
@ 2005-04-14 12:05 ` Jason Opperisano
0 siblings, 0 replies; 10+ messages in thread
From: Jason Opperisano @ 2005-04-14 12:05 UTC (permalink / raw)
To: netfilter
On Thu, Apr 14, 2005 at 08:11:08AM +0300, Wennie V. Lagmay wrote:
> Hi Jason,
>
> iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to
> xxx.xxx.85.113-xxx.xxx.85.115
> iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --nodst --to
> xxx.xxx.85.113-xxx.xxx.85.115
that second rule will never be matched. get rid of the first rule, and
just use the second.
> the above rules are intermitent., the rule below is working fine.
> iptables A POSTROUTING -s 192.169.10.0/24 -j SAME --to xxx.xxx.85.113
>
> Im using iptables version 1.2.9, I'm just wondering if the above intermitent
> rules will work fine on lattest iptables verion. Do you know the lattest and
> most stable iptables version?
the latest version is 1.3.1...my guess is that the most accepted as
stable version would be 1.2.11...but this isn't your problem.
-j
--
"Stewie: It rubs the lotion on its skin or else it gets the hose again."
--Family Guy
^ permalink raw reply [flat|nested] 10+ messages in thread
* msn and yahoo messenger voice chat
@ 2005-04-09 6:30 Wennie V. Lagmay
2005-04-11 22:19 ` Jason Opperisano
0 siblings, 1 reply; 10+ messages in thread
From: Wennie V. Lagmay @ 2005-04-09 6:30 UTC (permalink / raw)
To: Netfilter @ lists.netfilter.org
Hi all,
Below are the config I tested and results:
1. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source
xxx.xxx.85.113-xxx.xxx.85.115
2. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -d
xxx.xxx.85.113 -j MASQUERADE
3. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j MASQUERADE
config 1, everything is working fine except msn and yahoo messenger voice
chat.
config 2, everything is working fine except msn and yahoo messenger voice
chat.
config 3, everything is working fine including msn and yahoo messenger voice
chat, the only problem is that this configuration is not fitted to our
setup. Can anybody have an idea on using config 1 and 2 with msn and yahoo
messenger voice chat enable? or do you have any solution enabling similar to
config 1 with all features enable?
Thank you very much,
Wennie
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: msn and yahoo messenger voice chat
2005-04-09 6:30 Wennie V. Lagmay
@ 2005-04-11 22:19 ` Jason Opperisano
2005-04-12 12:27 ` Wennie V. Lagmay
0 siblings, 1 reply; 10+ messages in thread
From: Jason Opperisano @ 2005-04-11 22:19 UTC (permalink / raw)
To: netfilter
On Sat, Apr 09, 2005 at 09:30:29AM +0300, Wennie V. Lagmay wrote:
> Hi all,
>
> Below are the config I tested and results:
>
> 1. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source
> xxx.xxx.85.113-xxx.xxx.85.115
> 2. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -d
> xxx.xxx.85.113 -j MASQUERADE
> 3. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j MASQUERADE
>
> config 1, everything is working fine except msn and yahoo messenger voice
> chat.
> config 2, everything is working fine except msn and yahoo messenger voice
> chat.
> config 3, everything is working fine including msn and yahoo messenger voice
> chat, the only problem is that this configuration is not fitted to our
> setup. Can anybody have an idea on using config 1 and 2 with msn and yahoo
> messenger voice chat enable? or do you have any solution enabling similar to
> config 1 with all features enable?
use the SAME target from PoM to tell iptables to use the same SNAT IP
for subsequent connections between the same src and dst IP:
iptables -t nat -A POSTROUTING -s 192.169.10.0/24 \
-j SAME --to xxx.xxx.85.113-xxx.xxx.85.115
-j
--
"Peter: You wanna talk about awkward moments? Once, during sex,
I called Lois "Frank". Your move, Sherlock."
--Family Guy
^ permalink raw reply [flat|nested] 10+ messages in thread* Re: msn and yahoo messenger voice chat
2005-04-11 22:19 ` Jason Opperisano
@ 2005-04-12 12:27 ` Wennie V. Lagmay
0 siblings, 0 replies; 10+ messages in thread
From: Wennie V. Lagmay @ 2005-04-12 12:27 UTC (permalink / raw)
To: Jason Opperisano, netfilter
Thank you Jason, I just want to confirm is it to be writen
like this alone:
iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to
xxx.xxx.85.113-xxx.xxx.85.115
or the original SNAT plus SAME like this :
IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j SNAT --to-source
xxx.xxx.85.113-xxx.xxx.85.115
iptables -t nat -A POSTROUTING -s 192.169.10.0/24 -j SAME --to
xxx.xxx.85.113-xxx.xxx.85.115
wennie
----- Original Message -----
From: "Jason Opperisano" <opie@817west.com>
To: <netfilter@lists.netfilter.org>
Sent: Tuesday, April 12, 2005 1:19 AM
Subject: Re: msn and yahoo messenger voice chat
> On Sat, Apr 09, 2005 at 09:30:29AM +0300, Wennie V. Lagmay wrote:
> > Hi all,
> >
> > Below are the config I tested and results:
> >
> > 1. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j
SNAT --to-source
> > xxx.xxx.85.113-xxx.xxx.85.115
> > 2. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -d
> > xxx.xxx.85.113 -j MASQUERADE
> > 3. IPTABLES -A POSTROUTING -s 192.169.10.0/255.255.255.0 -j MASQUERADE
> >
> > config 1, everything is working fine except msn and yahoo messenger
voice
> > chat.
> > config 2, everything is working fine except msn and yahoo messenger
voice
> > chat.
> > config 3, everything is working fine including msn and yahoo messenger
voice
> > chat, the only problem is that this configuration is not fitted to our
> > setup. Can anybody have an idea on using config 1 and 2 with msn and
yahoo
> > messenger voice chat enable? or do you have any solution enabling
similar to
> > config 1 with all features enable?
>
> use the SAME target from PoM to tell iptables to use the same SNAT IP
> for subsequent connections between the same src and dst IP:
>
> iptables -t nat -A POSTROUTING -s 192.169.10.0/24 \
> -j SAME --to xxx.xxx.85.113-xxx.xxx.85.115
>
> -j
>
> --
> "Peter: You wanna talk about awkward moments? Once, during sex,
> I called Lois "Frank". Your move, Sherlock."
> --Family Guy
>
>
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2005-04-14 12:05 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-04-12 14:27 msn and yahoo messenger voice chat Daniel Lopes
[not found] <1113309566.425bc17e6a46f@webmail.yanbulink.net>
2005-04-12 12:39 ` Jason Opperisano
2005-04-12 14:55 ` Wennie V. Lagmay
2005-04-12 17:03 ` Jason Opperisano
2005-04-13 5:13 ` Wennie V. Lagmay
2005-04-14 5:11 ` Wennie V. Lagmay
2005-04-14 12:05 ` Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2005-04-09 6:30 Wennie V. Lagmay
2005-04-11 22:19 ` Jason Opperisano
2005-04-12 12:27 ` Wennie V. Lagmay
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.