Hello!
I am currently running a nameserver at home, using slackware 8.0 with iptables 1.2.2.
I have, during the last weeks, read tonns of docs about iptables, but not yet found an
answer to my problem.
Here we go:
Using bind 9 I run a nameserver. The zone files and named.conf are perfectly
The connection addressing information, including original and translated
addresses are found in the conntrack entry. There you can find
Original source IP/port, NAT source IP/port, original destination IP,
NAT destination IP and a lot more.
Regards
Henrik Nordstrom
ÀÌÈ£Àç wrote:
I'd
On Fri, Mar 22, 2002 at 01:13:13AM +0100, Andras Kis-Szabo wrote:
Hi,
1.
IPv6 AH/ESP matches
AH options:
--ahspi [!] spi[:spi] match spi (range)
--ahlen [!] lengthtotal length of this header
--ahres check the reserved filed, too
ESP
Hello,
I am using: iptables -t nat -A PREROUTING -p udp --dport 53 -i eth0 -j DNAT
--to-destination 192.168.0.9:53 to forward any domain request to my nameserver from
my firewall (192.168.0.1)
I have 2 nic's in the firewall (eth0 = cisco 677i adsl router, eth1 = local network)
you should
On Tue, Feb 19, 2002 at 04:43:12PM +0100, Henrik Nordstrom wrote:
Attached you will find a small patch to runme, to allow runme to be
used in batch mode, not asking for user input unless it has to.
Hi!
I'm now convinced that we should add this feature.
However, your patch doesn't apply
My version of the runme script have evolved slightly since then. Now have
two related extensions
--batch Batch mode operation
--excludeExclude a named patch
I can try to separate the two in different patches if you like, but I have
not yet done so.
Attached you find two
Hi,
As characterized by C. Huitema of Microsoft in
http://www.ietf.org/internet-drafts/draft-ietf-ngtrans-shipworm-05.txt
(IPv6 tunnels through NAT's using UDP), there are basically 4 kinds of
NAT's wrt. how strictly they check the incoming packets to allocated
NAT ports:
--8--
Experience
First of all, thank you for kind answers...
I'm now making xdmcp conntrack/nat module...
I must change the data pointed by iphdr in conntrack_helper_function.
I tried to change the data, but it's not changed...
Is conntrack helper module receiving copy of the packets?
Then is there any
On Mon, Mar 25, 2002 at 10:37:06AM +0100, Wiktor Wodecki wrote:
Hello,
I am using: iptables -t nat -A PREROUTING -p udp --dport 53 -i eth0 -j DNAT
--to-destination 192.168.0.9:53 to forward any domain request to my nameserver from
my firewall (192.168.0.1)
I have 2 nic's in the firewall
On Mon, 25 Mar 2002, Harald Welte wrote:
On Mon, Mar 25, 2002 at 02:48:22PM +0200, Pekka Savola wrote:
Hi,
4) Finally, some NAT map the same internal address and port pair to
different external address and port pairs, depending on the address
of the remote host. These NATs are
Hi everyone,
I am developing a Java wrapper (which I have named JNetFilter) for the
iptables (libiptc) API. This Java wrapper presents an object-oriented view of
the chains and rules. The intention of this Java wrapper library is to make
it easy to write firewall configuration and management
Pekka Savola wrote:
I take it you don't comment on how
ipchains/ipfwadm NAT does this? That knowledge would also be very much
appreciated as there are still (mostly) 2.2 -kernel boxes around.
The NAT capabilities of Linux-2.2 ipchains is quite limited, only having
masquerade NAT. It maps
Hi,
IPv6 fragmentation header match
FRAG v1.2.6a options:
--fragid [!] id[:id] match the id (range)
--fraglen [!] length total length of this header
--fragres check the reserved filed, too
--fragfirst matches on the frst fragment
Hello,
Now it's the turn to the mark match
to be able to match nfmarks bitwise,
as indicated by the TODO. You will
find attached the patch to the
current CVS tree. Hope that helps.
Have a nice day,
Fabrice.
--
Fabrice MARIE
Senior RD Engineer
Celestix Networks
http://www.celestix.com/
Silly
14 matches
Mail list logo