* Re: Error in Masquerade ??
@ 2006-03-10 15:37 Leandro Silva
2006-03-10 15:48 ` Rob Sterenborg
0 siblings, 1 reply; 6+ messages in thread
From: Leandro Silva @ 2006-03-10 15:37 UTC (permalink / raw)
To: netfilter, davila
Hello Jorge !
Thanks for the response.
When i have a fixed ip i can use SNAT, but i have some dsl links with
dynamic ip so i can't use SNAT :-(
Leandro
-------
Leandro:
You need another rule to alter the source ip address of the outgoing packets.
iptables -t nat -A POSTROUTING -o eth0 \ -j SNAT --to-source <server_address>
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Jorge.
El vie, 10-03-2006 a las 12:01 -0300, Leandro Silva escribió:
> I have the following rule in my firewall:
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE And that's the
> only rule if postrouting chain. It's working fine but from time to
> time a packet leaves the server with the original ip and not with the
> server's. It's happening like 1 "wrong" packet for 100 or 200 ok.
> I've tried in other servers with same results and different
> "Mandrakes" ( 9.1, 10,1 and 2006.0 ). And different cpus ( p3, p4,
> amd, all with 512 mb ram ).
> Any ideias ?
>
> Thanks a lot
> Leandro
>
--
Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 808 2478
davila@nicaraguaopensource.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Error in Masquerade ??
2006-03-10 15:37 Error in Masquerade ?? Leandro Silva
@ 2006-03-10 15:48 ` Rob Sterenborg
0 siblings, 0 replies; 6+ messages in thread
From: Rob Sterenborg @ 2006-03-10 15:48 UTC (permalink / raw)
To: netfilter
On Fri, March 10, 2006 16:37, Leandro Silva wrote:
> Hello Jorge !
>
> Thanks for the response.
> When i have a fixed ip i can use SNAT, but i have some dsl links with
> dynamic ip so i can't use SNAT :-(
>
> Leandro
If you have a ppp adapter you need MASQUERADE.
If you have DSL with a static or "dynamic" (dynamically assigned, but it
doesn't change) IP address on an eth interface you can still use SNAT. E.g. I
have a DSL line which assignes a static IP address. I use SNAT.
> -------
> Leandro:
>
> You need another rule to alter the source ip address of the outgoing packets.
>
> iptables -t nat -A POSTROUTING -o eth0 \ -j SNAT --to-source <server_address>
>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
You do *not* need both rules.
Gr,
Rob
> El vie, 10-03-2006 a las 12:01 -0300, Leandro Silva escribió:
>> I have the following rule in my firewall:
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE And that's the
>> only rule if postrouting chain. It's working fine but from time to
>> time a packet leaves the server with the original ip and not with the
>> server's. It's happening like 1 "wrong" packet for 100 or 200 ok.
>> I've tried in other servers with same results and different
>> "Mandrakes" ( 9.1, 10,1 and 2006.0 ). And different cpus ( p3, p4,
>> amd, all with 512 mb ram ).
>> Any ideias ?
>>
>> Thanks a lot
>> Leandro
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Error in Masquerade ??
@ 2006-03-10 17:20 Leandro Silva
0 siblings, 0 replies; 6+ messages in thread
From: Leandro Silva @ 2006-03-10 17:20 UTC (permalink / raw)
To: netfilter
Thanks all !
Is there a bug in netfilter ? It's working fine but some packets are
leaving the server without being masqueraded. Although it's working
now, maybe one day somebody is going to use something that can have
problems ...
Leandro
^ permalink raw reply [flat|nested] 6+ messages in thread
* Error in Masquerade ??
@ 2006-03-10 15:01 Leandro Silva
2006-03-10 15:27 ` Jorge Davila
0 siblings, 1 reply; 6+ messages in thread
From: Leandro Silva @ 2006-03-10 15:01 UTC (permalink / raw)
To: netfilter
I have the following rule in my firewall:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
And that's the only rule if postrouting chain. It's working fine but
from time to time a packet leaves the server with the original ip and
not with the server's. It's happening like 1 "wrong" packet for 100
or 200 ok.
I've tried in other servers with same results and different
"Mandrakes" ( 9.1, 10,1 and 2006.0 ). And different cpus ( p3, p4,
amd, all with 512 mb ram ).
Any ideias ?
Thanks a lot
Leandro
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Error in Masquerade ??
2006-03-10 15:01 Leandro Silva
@ 2006-03-10 15:27 ` Jorge Davila
2006-03-10 15:57 ` Nathaniel Hall
0 siblings, 1 reply; 6+ messages in thread
From: Jorge Davila @ 2006-03-10 15:27 UTC (permalink / raw)
To: Leandro Silva; +Cc: netfilter
Leandro:
You need another rule to alter the source ip address of the outgoing
packets.
iptables -t nat -A POSTROUTING -o eth0 \
-j SNAT --to-source <server_address>
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Jorge.
El vie, 10-03-2006 a las 12:01 -0300, Leandro Silva escribió:
> I have the following rule in my firewall:
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> And that's the only rule if postrouting chain. It's working fine but
> from time to time a packet leaves the server with the original ip and
> not with the server's. It's happening like 1 "wrong" packet for 100
> or 200 ok.
> I've tried in other servers with same results and different
> "Mandrakes" ( 9.1, 10,1 and 2006.0 ). And different cpus ( p3, p4,
> amd, all with 512 mb ram ).
> Any ideias ?
>
> Thanks a lot
> Leandro
>
--
Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 808 2478
davila@nicaraguaopensource.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Error in Masquerade ??
2006-03-10 15:27 ` Jorge Davila
@ 2006-03-10 15:57 ` Nathaniel Hall
0 siblings, 0 replies; 6+ messages in thread
From: Nathaniel Hall @ 2006-03-10 15:57 UTC (permalink / raw)
To: Jorge Davila; +Cc: netfilter
You shouldn't have to use SNAT at all. Here is an example of a rule
that I use
and it works great.
iptables -t nat -A POSTROUTING -s <network>/<subnet> -o eth0 -j MASQUERADE
I have to add a new rule for every rule that I want masqueraded, but I don't
have to do any SNAT rules.
Nathan
Quoting Jorge Davila <davila@nicaraguaopensource.com>:
> Leandro:
>
> You need another rule to alter the source ip address of the outgoing
> packets.
>
> iptables -t nat -A POSTROUTING -o eth0 \
> -j SNAT --to-source <server_address>
>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> Jorge.
>
> El vie, 10-03-2006 a las 12:01 -0300, Leandro Silva escribió:
>> I have the following rule in my firewall:
>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>> And that's the only rule if postrouting chain. It's working fine but
>> from time to time a packet leaves the server with the original ip and
>> not with the server's. It's happening like 1 "wrong" packet for 100
>> or 200 ok.
>> I've tried in other servers with same results and different
>> "Mandrakes" ( 9.1, 10,1 and 2006.0 ). And different cpus ( p3, p4,
>> amd, all with 512 mb ram ).
>> Any ideias ?
>>
>> Thanks a lot
>> Leandro
>>
> --
> Jorge Isaac Davila Lopez
> Nicaragua Open Source
> +505 808 2478
> davila@nicaraguaopensource.com
>
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2006-03-10 17:20 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-03-10 15:37 Error in Masquerade ?? Leandro Silva
2006-03-10 15:48 ` Rob Sterenborg
-- strict thread matches above, loose matches on Subject: below --
2006-03-10 17:20 Leandro Silva
2006-03-10 15:01 Leandro Silva
2006-03-10 15:27 ` Jorge Davila
2006-03-10 15:57 ` Nathaniel Hall
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox