Re: problem with pasive MODE and NAT

> Hello, > > I has a proftpd server on a linux debian woody with a NAT sheeme. So my > proftpd is listening on the 192.168.0.X private ip and my router has > mapping the ports from 4 to 40010 from the public ip to the > 192.168.0.X ip in order to allow pasive port transf

problem with pasive MODE and NAT

Hello, I has a proftpd server on a linux debian woody with a NAT sheeme. So my proftpd is listening on the 192.168.0.X private ip and my router has mapping the ports from 4 to 40010 from the public ip to the 192.168.0.X ip in order to allow pasive port transfers from internet. So i has this

Re: problem with pasive MODE and NAT

Ce jour Mon, 15 Nov 2004, Francisco Castillo a dit: > > > Hello, > > > when i connect from a cuteftp client from a 192.168.0.Y ip the client get > the correct pasive port to get data (4) from the proftpd server but > if i try to access from a public client ip (with cuteftp too) the server

problem with pasive MODE and NAT

Hello,I has a proftpd server on a linux debian woody with a NAT sheeme. So myproftpd is listening on the 192.168.0.X private ip and my router hasmapping the ports from 4 to 40010 from the public ip to the192.168.0.X ip in order to allow pasive port transfers from internet. Soi has this

problem with pasive MODE and NAT

Hello, I has a proftpd server on a linux debian woody with a NAT sheeme. So my proftpd is listening on the 192.168.0.X private ip and my router has mapping the ports from 4 to 40010 from the public ip to the 192.168.0.X ip in order to allow pasive port transfers from internet. So i has this

gateway-tc-nat-iptables-userstats - v 2

onal, prioriry peering, class for out provider servers unshaped / 80MBs, and HTB for outgoing traffic, class for insite servers - mail,dns,web - auto nat-ing scrpit for adding internal hosts for useing i-net service based on dns,wins,smb,ping lookup - web statist

Re: gateway-tc-nat-iptables-userstats - v 2

Tanx Arnt, i download it now, and i'll check it. > > > G'day, > > > > From: "Konstantin Kostadinov" <[EMAIL PROTECTED]> > > > i need to rebuild our gateway machine, and the services that is > > > needed are : > > > traffic shaper [ in/out/interactive/icmp packets class,priority > > > group], fi

Re: gateway-tc-nat-iptables-userstats - v 2

On Sun, 19 Sep 2004 16:11:45 +1000, Donovan wrote in message <[EMAIL PROTECTED]>: > G'day, > > From: "Konstantin Kostadinov" <[EMAIL PROTECTED]> > > i need to rebuild our gateway machine, and the services that is > > needed are : > > traffic shaper [ in/out/interactive/icmp packets class,priori

Re: gateway-tc-nat-iptables-userstats - v 2

G'day again, - Original Message - From: "Konstantin Kostadinov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, September 19, 2004 7:39 PM Subject: Re: gateway-tc-nat-iptables-userstats - v 2 > Tanks Donovan, > > i read wondershaper info

Re: gateway-tc-nat-iptables-userstats - v 2

Tanks Donovan, i read wondershaper info, it is good for starting point, and for stats i mean internal hosts [ lan ], for radius we have other billing system ;-) tanx a lot > G'day, > > From: "Konstantin Kostadinov" <[EMAIL PROTECTED]> > > i need to rebuild our gateway machine, and the servi

Re: gateway-tc-nat-iptables-userstats - v 2

G'day, From: "Konstantin Kostadinov" <[EMAIL PROTECTED]> > i need to rebuild our gateway machine, and the services that is needed > are : > traffic shaper [ in/out/interactive/icmp packets class,priority group], > firewall rules, > and some user stats. > > so my question is if anybody knows ready

gateway-tc-nat-iptables-userstats - v 2

Hi Again Folks, ;-), sorry i hit the enter by mistake and the previous message is incomplete ;-( Here is the case : i need to rebuild our gateway machine, and the services that is needed are : traffic shaper [ in/out/interactive/icmp packets class,priority group], firewall rules, and some user st

gateway-tc-nat-iptables-userstats

Hi Folks, Here is the case : i need to rebuild our gateway machine, and the services that is needed are : -- Training is everything. The peach was once a bitter almond; cauliflower is nothing but cabbage with a college education. -- Mark Twain, "Pudd'nhead Wilson's Calenda

Re: nat ipchains on debian woody

n to get up and running. > How can i Knew what is the soft or version of kernel-image i must use > in my hard system? Anyone else? I've found stock kernels work fine for me, but I've occasionally run into hardware that doesn't run with them. > Could be posible to has a k

Re: nat ipchains on debian woody

n to get up and running. > How can i Knew what is the soft or version of kernel-image i must use > in my hard system? Anyone else? I've found stock kernels work fine for me, but I've occasionally run into hardware that doesn't run with them. > Could be posible to has a k

Re: nat ipchains on debian woody

what is the soft or version of kernel-image i must use in my hard system? In other way (because i has had too much problem with the new kernel install) i answer: Could be posible to has a kernel 2.2 of woody and a nat configuration (ipmasquerade) ? Could i do it with ipchanis? What could be this

Re: nat ipchains on debian woody

what is the soft or version of kernel-image i must use in my hard system? In other way (because i has had too much problem with the new kernel install) i answer: Could be posible to has a kernel 2.2 of woody and a nat configuration (ipmasquerade) ? Could i do it with ipchanis? What could be this

Re: nat ipchains on debian woody

Francisco Castillo wrote: > But my problem now is another different. When I installed my woody i > put a floppy disk bootting system in order to load my debian woody > kernel (this is a large history because i have 2 hard disk on this > machine and I cant start debian in a classic lilo) Why not?

Re: nat ipchains on debian woody

Francisco Castillo wrote: > But my problem now is another different. When I installed my woody i > put a floppy disk bootting system in order to load my debian woody > kernel (this is a large history because i have 2 hard disk on this > machine and I cant start debian in a classic lilo) Why not?

Re: nat ipchains on debian woody

ernel) to load a new kernel which have been installed on /boot/"kernel 2.4 " ? Thanks for your previous numerous interested response. Francisco. - Original Message - From: "Kris Deugau" <[EMAIL PROTECTED]> To: Sent: Tuesday, June 29, 2004 5:30 PM Subject

Re: nat ipchains on debian woody

ernel) to load a new kernel which have been installed on /boot/"kernel 2.4 " ? Thanks for your previous numerous interested response. Francisco. - Original Message - From: "Kris Deugau" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June

..wee nit on nat ipchains on debian woody

On Mon, 28 Jun 2004 15:09:09 -0500, Enrique wrote in message <[EMAIL PROTECTED]>: > On Mon, 28 Jun 2004 21:35:40 +0200 > Christoph Löffler <[EMAIL PROTECTED]> wrote: > Hello Fraancisco: > The first thinng you must do is to install a kernel with IPTABLES > support, the ipchains is not recomendable

..wee nit on nat ipchains on debian woody

On Mon, 28 Jun 2004 15:09:09 -0500, Enrique wrote in message <[EMAIL PROTECTED]>: > On Mon, 28 Jun 2004 21:35:40 +0200 > Christoph Löffler <[EMAIL PROTECTED]> wrote: > Hello Fraancisco: > The first thinng you must do is to install a kernel with IPTABLES > support, the ipchains is not recomendable

Re: nat ipchains on debian woody

> Sorry, iptables is already the newest version. > It seems to be iptables installed but the previos errors said that > iptables where not avaliable. iptables is not usually available in 2.2-series kernels; ipchains is. The original error message you got with iptables: > modprobe: Can

Re: nat ipchains on debian woody

> Sorry, iptables is already the newest version. > It seems to be iptables installed but the previos errors said that > iptables where not avaliable. iptables is not usually available in 2.2-series kernels; ipchains is. The original error message you got with iptables: > modprobe: Can

Re: nat ipchains on debian woody

ipq and libiptc reaim - Enable AIM and MSN file transfer on Linux iptables based NAT shorewall - Shoreline Firewall (Shorewall) shorewall-doc - Shoreline Firewall (Shorewall) Documentation then apt-cache show tells you more on a specific package: i.e.: apt-cache show shorewall perhaps you can inst

Re: nat ipchains on debian woody

ipq and libiptc reaim - Enable AIM and MSN file transfer on Linux iptables based NAT shorewall - Shoreline Firewall (Shorewall) shorewall-doc - Shoreline Firewall (Shorewall) Documentation then apt-cache show tells you more on a specific package: i.e.: apt-cache show shorewall perhaps you can inst

Re: nat ipchains on debian woody

sages when i try to do > > > this. > > > > For what reason do you want to use ipchains? If you just set up > > debian successfully i think you have also an actual kernel (> > 2.4.x) > > > > From Version 2.4.x there is a new packet filter which is

Re: nat ipchains on debian woody

ay, June 28, 2004 10:09 PM Subject: Re: nat ipchains on debian woody On Mon, 28 Jun 2004 21:35:40 +0200 Christoph LÃffler <[EMAIL PROTECTED]> wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomendable for kernels up to 2

Re: nat ipchains on debian woody

n www.netfilter.org you find a lot of documentation. > > > Did you know how to give a NAT (ipmasquerade support) on a debian > > woody kernel in order to solve my problem? > > Sorry, do not know about that. > > > Chris > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >

Re: nat ipchains on debian woody

Hi Mark, I have test your script but my woody give me this response: morpheo:~# cat compartir2 echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth

Re: nat ipchains on debian woody

an actual kernel (> 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris

Re: nat ipchains on debian woody

an actual kernel (> 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that. Chris

Re: nat ipchains on debian woody

Have you tried iptables instead? If your kernel supports iptables, then: echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j MASQUERADE iptables also does the firewalling in

nat ipchains on debian woody

  Hello Gurus,   I have installed a debian woody with to interfaces eth0 and eth1. I has configured the internet conexion on eth0 which has got a static ip on internet. And on eth1 i want to put a interface to do a proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it

Re: nat ipchains on debian woody

sages when i try to do > > > this. > > > > For what reason do you want to use ipchains? If you just set up > > debian successfully i think you have also an actual kernel (> > 2.4.x) > > > > From Version 2.4.x there is a new packet filter which is

Re: nat ipchains on debian woody

ROTECTED]> Sent: Monday, June 28, 2004 10:09 PM Subject: Re: nat ipchains on debian woody On Mon, 28 Jun 2004 21:35:40 +0200 Christoph LÃffler <[EMAIL PROTECTED]> wrote: Hello Fraancisco: The first thinng you must do is to install a kernel with IPTABLES support, the ipchains is not recomend

Re: nat ipchains on debian woody

n www.netfilter.org you find a lot of documentation. > > > Did you know how to give a NAT (ipmasquerade support) on a debian > > woody kernel in order to solve my problem? > > Sorry, do not know about that. > > > Chris > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >

Re: nat ipchains on debian woody

Hi Mark, I have test your script but my woody give me this response: morpheo:~# cat compartir2 echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/eth0/rp_filter echo 1 > /proc/sys/net/ipv4/conf/eth1/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth

Re: nat ipchains on debian woody

an actual kernel (> 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that.

Re: nat ipchains on debian woody

an actual kernel (> 2.4.x) From Version 2.4.x there is a new packet filter which is called iptables. On www.netfilter.org you find a lot of documentation. Did you know how to give a NAT (ipmasquerade support) on a debian woody kernel in order to solve my problem? Sorry, do not know about that

Re: nat ipchains on debian woody

Have you tried iptables instead? If your kernel supports iptables, then: echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/$both_eth_devs/rp_filter iptables -t nat -I POSTROUTING -s 192.168.0.0/24 -i eth1 -o eth0 -j MASQUERADE iptables also does the firewalling in

nat ipchains on debian woody

  Hello Gurus,   I have installed a debian woody with to interfaces eth0 and eth1. I has configured the internet conexion on eth0 which has got a static ip on internet. And on eth1 i want to put a interface to do a proxy nat gateway on my internal lan (i want to put a 192.168.0.1 on it

Re: [Help] Dose Anyone have Debian Woody FreeS/WAN through NAT Howto ???

NOT use FreeS/WAN server through NAT .. You don't show in your diagram where the NAT device is. What type of NAT device are you using is also important. > Anyone have this document or Howto that can share us [EMAIL PROTECTED]@ http://jixen.tripod.com/ -- Fraser Campbell <[EMA

Re: [Help] Dose Anyone have Debian Woody FreeS/WAN through NAT Howto ???

]Windows2000/XP client But...i CAN NOT use FreeS/WAN server through NAT .. Anyone have this document or Howto that can share us [EMAIL PROTECTED]@ Thanks very much.

[Help] Dose Anyone have Debian Woody FreeS/WAN through NAT Howto ???

As subject..Please Help me.. Now, my freeswan can implement to : 1. FreeS/WAN server(Debian woody) [X.509 auth]FreeS/WAN client(Debian woody) 2. FreeS/WAN server(Debian woody) [X.509 auth]Windows2000/XP client But...i CAN NOT use FreeS/WAN server through NAT

Re: Incoming file transfers for multiple ICQ users with NAT

http://www.linuxselfhelp.com/HOWTO/IP-Masquerade-HOWTO/icq.html - Original Message - From: "Chris Hilts" <[EMAIL PROTECTED]> To: Sent: Tuesday, April 22, 2003 6:50 PM Subject: Incoming file transfers for multiple ICQ users with NAT > I have several users on my L

Incoming file transfers for multiple ICQ users with NAT

I have several users on my LAN who use ICQ, and would like to have incoming file transfer capability. We've only got the one "real" IP on the server, everything else is done using IP masquerading. I've tried setting up a SOCKS5 proxy (dante-server), but that doesn't seem to do the trick. If anyo

>>Bind and NAT

Hi, I´m trying to configure named to response queries that comes fron Internet, but ma named is on nat ambient. Is it possible? Scenario: |--| netA |--| Internet->|router|##-| my named | |--| |--| net A: 10.0.0.0 My IP on

Re: Static and Dynamic NAT

On Wed, Apr 25, 2001 at 12:14:14PM -0600, Bill Fowler wrote: > I setting up a linux system to be a router and want to do static and dynamic > NAT with a pool of public IPs (as opposed to masquerading with one IP). I'm > using 2.2.18 kernel. If someone could point me in the rig

Re: Static and Dynamic NAT

Bill, On Wed, 25 Apr 2001, Bill Fowler wrote: > I setting up a linux system to be a router and want to do static and dynamic > NAT with a pool of public IPs (as opposed to masquerading with one IP). I'm Do you mean you want to masquerade some public IPs to become other public IPs?

Static and Dynamic NAT

I setting up a linux system to be a router and want to do static and dynamic NAT with a pool of public IPs (as opposed to masquerading with one IP). I'm using 2.2.18 kernel. If someone could point me in the right direction I would appreciate it. Thanks, Bill Fowler Mesa Networks

Re: Static and Dynamic NAT

On Wed, Apr 25, 2001 at 12:14:14PM -0600, Bill Fowler wrote: > I setting up a linux system to be a router and want to do static and dynamic > NAT with a pool of public IPs (as opposed to masquerading with one IP). I'm > using 2.2.18 kernel. If someone could point me in the rig

Re: Static and Dynamic NAT

Bill, On Wed, 25 Apr 2001, Bill Fowler wrote: > I setting up a linux system to be a router and want to do static and dynamic > NAT with a pool of public IPs (as opposed to masquerading with one IP). I'm Do you mean you want to masquerade some public IPs to become other public IPs?

Static and Dynamic NAT

I setting up a linux system to be a router and want to do static and dynamic NAT with a pool of public IPs (as opposed to masquerading with one IP). I'm using 2.2.18 kernel. If someone could point me in the right direction I would appreciate it. Thanks, Bill Fowler Mesa Networks --

Re: NAT problems

nnected to my workstation segment using "real" ip > > and now I must add a fourth net: > eth3 192.168.10.1/24 ond I want to NAT those adresses when they access > internet (through eth0) > > The problem is that when I add the rule for masqurading it translates > all 192.16

Re: NAT problems

e this in kernel 2.2? I'm not sure I entirely understand your dilema but it should be possible under 2.2. You need to use the iproute2 package and have an appropriately compiled Linux kernel. I've used policy routing in a few places and it enables you to masquerade/NAT as any address you

NAT problems

.x.y.z1/27 is connected to my server segment using "real" ip eth2 a.x.y.z2/27 is connected to my workstation segment using "real" ip and now I must add a fourth net: eth3 192.168.10.1/24 ond I want to NAT those adresses when they access internet (through eth0) The problem i

Re: NAT problems

nnected to my workstation segment using "real" ip > > and now I must add a fourth net: > eth3 192.168.10.1/24 ond I want to NAT those adresses when they access > internet (through eth0) > > The problem is that when I add the rule for masqurading it translates > all 192.16

Re: NAT problems

e this in kernel 2.2? I'm not sure I entirely understand your dilema but it should be possible under 2.2. You need to use the iproute2 package and have an appropriately compiled Linux kernel. I've used policy routing in a few places and it enables you to masquerade/NAT as any

NAT problems

.x.y.z1/27 is connected to my server segment using "real" ip eth2 a.x.y.z2/27 is connected to my workstation segment using "real" ip and now I must add a fourth net: eth3 192.168.10.1/24 ond I want to NAT those adresses when they access internet (through eth0) The problem i

RE: nat

secure. Matthew Sherborne > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Florian Kunkel > Sent: Wednesday, 11 October 2000 10:20 p.m. > To: [EMAIL PROTECTED] > Subject: Re: nat > > > Matthew Sherborne wrote: > > issued m

Re: nat

Matthew Sherborne wrote: > issued mail clients that support CRAM-MD5 authentication to everyone and ... wich mail client do you use than ? do you know of any others supporting CRAM-MD5 auth ? where can I read more on CRAM-MD5 auth ? tia Florian! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED

RE: Re[2]: nat

- > From: brian moore [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, 11 October 2000 11:57 a.m. > To: [EMAIL PROTECTED] > Subject: Re: Re[2]: nat > > > On Tue, Oct 10, 2000 at 07:42:36PM +0200, Russell Coker wrote: > > On Sun, 08 Oct 2000, Kevin wrote: > > >Wou

Re: Re[2]: nat

On Tue, Oct 10, 2000 at 07:42:36PM +0200, Russell Coker wrote: > On Sun, 08 Oct 2000, Kevin wrote: > >Wouldn't that also prevent the users from using legitimate outside > > mail servers? > > Are there any legitimate outside mail servers? Sure, lots. > If a mail server accepts mail from anywher

Re: Re[2]: nat

On Sun, 08 Oct 2000, Kevin wrote: >Wouldn't that also prevent the users from using legitimate outside > mail servers? Are there any legitimate outside mail servers? If a mail server accepts mail from anywhere and relays it then it is probably listed in ORBS and MAPS and mail sent to it won't g

Re[2]: nat

your server if you don't have each user >>authenticate and the connections all apear to hit the mail server from the >>firewall. >> >>That's what vetoed ours for a long time. >> >>Then we just got a few more class C's ;) NAT is a pluss for secu

Re: nat

>That's what vetoed ours for a long time. > >Then we just got a few more class C's ;) NAT is a pluss for security, a >minus for latency and a minus for accountability for who does what outside >th firewall. Why not redirect the port 25 connections to port 25 on your mail r

Re[2]: nat

Ps. It makes security and scalability > (clustering load balancing) a little easier. I've deployed http, dns, > smtp, ssh, imap, simap, pop3, etc. using the combination of NAT, port > forwarding, ipchains and private addresses ... no problem. It's slightly > more pain up front b

Re: nat

t he doesn't want it either. Any > info/link/short coming of age stories would be greatly appreciated. I think it's great to use Internal IPs. It makes security and scalability (clustering load balancing) a little easier. I've deployed http, dns, smtp, ssh, imap, simap, pop3, e

Re: nat

you get an idea it doesen't work? of course from behind firewall acitivating side bust be outside ( if you're behind NAT you can accept dcc chat/send/whatever but can't successfully initiate one without a little of magic, but that's obvious, that's the way single ip <-&

Re: nat

> if I assigned internal ips to our customers and used ipmasq. tcp/ip was designed based on idea that one ip means one network interface, various problems arises with introduction of NAT - things like gnutella and napster don't work very well from behind NAT, there are problem

Re: nat

On Fri, 6 Oct 2000, Kevin wrote: > > I was wondering if anyone can tell me sort of problems I would have > if I assigned internal ips to our customers and used ipmasq. > Basically I don't want to do this, but I need some sort of firepower > to persuade my boss that he doesn't want it eit

Re: nat

On Fri, Oct 06, 2000 at 04:59:39PM -0700, Kevin wrote: > I was wondering if anyone can tell me sort of problems I would have > if I assigned internal ips to our customers and used ipmasq. Merely thinking about it says 'no' .. Since there might be protocols using IPs within themselves that ar

Re: nat

just got a few more class C's ;) NAT is a pluss for security, a minus for latency and a minus for accountability for who does what outside th firewall. -Nathan On Fri, 6 Oct 2000, Kevin wrote: > > I was wondering if anyone can tell me sort of problems I would have > if I

Re: nat

't want it either. Any > info/link/short coming of age stories would be greatly appreciated. Sometimes NAT doesn't work very well with VPN clients. In my experience, I had to set up some special firewall rules and I had to patch the kernel for my particular VPN to work. But I also

nat

I was wondering if anyone can tell me sort of problems I would have if I assigned internal ips to our customers and used ipmasq. Basically I don't want to do this, but I need some sort of firepower to persuade my boss that he doesn't want it either. Any info/link/short coming of age st