RE: iptables-1.2.9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Make sure that you are loading all of your nat modules also..
i.e: 
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_tables
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max


Adam

if I delete option for transaparant proxy SNAT working properly, is there
any step that I should do ?

----- Original Message -----
From: "Adam Gilstrap" <agilstrap@xxxxxxxxxxxxxxxx>
To: <security-discuss@xxxxxxxxxxxxxxxxx>
Sent: Friday, March 19, 2004 11:45 AM
Subject: RE: iptables-1.2.9


> try the following command...substitute in your subnet for the 192 subnet.
>
> /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -d ! 192.168.0.0/16
> -j MASQUERADE
>
>
> Adam Gilstrap
> agilstrap@xxxxxxxxxxxxxxxx
>
>
> Hi All,
>
> I used iptables-1.2.9 on my firewall, but when i accessed site like :
>
> http://www.slac.stanford.edu/cgi-bin/nph-traceroute.pl
>
> the browser show my private address that used on my PC not public address
on
> my firewall, like this :
>
> You are about to request a traceroute that may be interpreted as an
'attack'
>
> from www.slac.stanford.edu, by a firewall protecting your browser:
> 10.62.22.201 (host with no DNS entry). Have you read the description above
> and is it OK to proceed?
>
>
> What shoud I do in order to make the destination detect only my public
> address ?
> I used this command line ;
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
<Public_Address>
>
> Regards,
> Fendi
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
>          with "unsubscribe" in the subject of the message.
>
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
>          with "unsubscribe" in the subject of the message.
>


------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux