* How to fill a ipt_entry structure to add a rule using iptc_append_entry()
@ 2004-06-22 11:54 babula allu
2004-06-23 8:31 ` configuration again :) Krystian
0 siblings, 1 reply; 5+ messages in thread
From: babula allu @ 2004-06-22 11:54 UTC (permalink / raw)
To: netfilter
Hi,
I am trying to add a simple rule to INPUT chain using
iptc_append_entry but it fails.It says invalid
argument.
I also tried sending the same ipt_entry structure
which was returned by the iptc_first_rule API.In this
case iptc_append _entry doesn't return an error but
iptables -L doesn't display the rule in the list also.
If somebody knows about the cause and solution please
help me.
thanks
Babula
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
^ permalink raw reply [flat|nested] 5+ messages in thread
* configuration again :)
2004-06-22 11:54 How to fill a ipt_entry structure to add a rule using iptc_append_entry() babula allu
@ 2004-06-23 8:31 ` Krystian
2004-06-23 9:05 ` Antony Stone
0 siblings, 1 reply; 5+ messages in thread
From: Krystian @ 2004-06-23 8:31 UTC (permalink / raw)
To: netfilter
Hi
I wanted to ask how to configure iptables in my envirement.
The nerwork:
Modem<->Linux Router<->Internal Network
my modem has an ip address of 80.25.25.61
my linux router has a ip address of 80.25.25.62 and a broadcast of
80.25.25.67.
Puposes:
I want the remaining public ip addresses (80.25.25.63-66)to be mapped
into couple of Internal Network computers (yes I know it's a nono to do).
How should I configure my box?
Krystian
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: configuration again :)
2004-06-23 8:31 ` configuration again :) Krystian
@ 2004-06-23 9:05 ` Antony Stone
2004-06-23 12:08 ` Krystian
0 siblings, 1 reply; 5+ messages in thread
From: Antony Stone @ 2004-06-23 9:05 UTC (permalink / raw)
To: netfilter
On Wednesday 23 June 2004 9:31 am, Krystian wrote:
> Modem<->Linux Router<->Internal Network
>
> my modem has an ip address of 80.25.25.61
> my linux router has a ip address of 80.25.25.62 and a broadcast of
> 80.25.25.67.
>
> Puposes:
> I want the remaining public ip addresses (80.25.25.63-66)to be mapped
> into couple of Internal Network computers.
> How should I configure my box?
Which of the tutorials or HOWTOs at http://www.netfilter.org/documentation
have you read and had problems in following the advice from?
Regards,
Antony.
--
There are only 10 types of people in the world:
those who understand binary notation,
and those who don't.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: configuration again :)
2004-06-23 12:08 ` Krystian
@ 2004-06-23 11:49 ` Antony Stone
0 siblings, 0 replies; 5+ messages in thread
From: Antony Stone @ 2004-06-23 11:49 UTC (permalink / raw)
To: netfilter
On Wednesday 23 June 2004 1:08 pm, Krystian wrote:
> >Which of the tutorials or HOWTOs at http://www.netfilter.org/documentation
> >have you read and had problems in following the advice from?
>
> Almost all, but I had doubts the configuration i came up with would work.
No harm in trying it to see whether it does, and then asking us a specific
question if you have problems... :)
> so teoreticly :)
> for every IP i will need 2 rules for my linux box: one for DNAT'ing
> incomming traffic and one for SNAT'ing outgoing one.
You need a DNAT rule (only) if you want to allow connections *to* the machine
on your network (reply packets will work automatically).
You do not need an SNAT rule unless you want connections *from* the machine in
your network to appear from a specific address (otherwise they would get
handled just the same as any other packets from internal machines to the
Internet - I presume you have a general-purpose MASQUERADE rule for these).
> but i'm not sure my linux box will receive the traffic destined for
> other ip's in the network without subinterfaces configured to those ip's.
Correct - you have to add the extra public IP addresses which you want the
firewall to accept packets for (and pass them on to something inside your
network) to your external interface:
ip addr add 11.22.33.44 dev eth0
etc.
Antony.
--
Anything that improbable is effectively impossible.
- Murray Gell-Mann, Nobel Prizewinner in Physics
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: configuration again :)
2004-06-23 9:05 ` Antony Stone
@ 2004-06-23 12:08 ` Krystian
2004-06-23 11:49 ` Antony Stone
0 siblings, 1 reply; 5+ messages in thread
From: Krystian @ 2004-06-23 12:08 UTC (permalink / raw)
To: netfilter
>Which of the tutorials or HOWTOs at http://www.netfilter.org/documentation
>have you read and had problems in following the advice from?
>
>Regards,
>
>Antony.
>
>
Almost all, but I had doubts the configuration i came up with would work.
so teoreticly :)
for every IP i will need 2 rules for my linux box: one for DNAT'ing
incomming traffic and one for SNAT'ing outgoing one.
but i'm not sure my linux box will receive the traffic destined for
other ip's in the network without subinterfaces configured to those ip's.
Krystian
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-06-23 12:08 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-22 11:54 How to fill a ipt_entry structure to add a rule using iptc_append_entry() babula allu
2004-06-23 8:31 ` configuration again :) Krystian
2004-06-23 9:05 ` Antony Stone
2004-06-23 12:08 ` Krystian
2004-06-23 11:49 ` Antony Stone
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox