Networking :: IP Forwarding /NAT Doesn't Work After System Update?
Oct 22, 2009
I used the following 2 rules in iptables to forwarding some packagesiptables -t nat -A PREROUTING -p tcp --dport 8000 -j DNAT --to-destination 192.168.0.244:8000iptables -t nat -A POSTROUTING -p tcp --dport 8000 -j MASQUERADEIt works perfectly before, the kernel was 2.6.18-92.1.22.el5.After we did a update, the kernel now is 2.6.18-128.7.1.el5.and the forwarding is stop.I just wondering where can I get some debug information. I checked /var/log/message, dmesg ... seems nothing there.
I have 2 guest machines on 1 VBox host installed : - one guest with hostname 'debian' is configured as follows and has IP Forwarding enabled to be able to route traffic from eht1 to eth0.
Code: eth0 Link encap:Ethernet HWaddr 08:00:27:f1:ef:5f inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fef1:ef5f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
we have here a few openSUSE-machines (some 11.1 and 11.2) which mounts their /home from a NFS-Server and imports the users via NIS. I now wanted to use X-Forwarding via SSH, but that doesn't work with NIS-Users.On my machine I use Gnome and my XAUTHORITY-Variable points to /var/run/gdm/auth-for-bup_deg-E3TMSz/database
Why isn't the default ~/.Xauthority-File used for my cookies? What do I have to change to get X-Forwarding in my Setup running?
I have 2 different networks: the first one is gateway machine (eth0), and the second is a private machine (eth1). So, I've configured the iptables and forwarding stuff and when I try to ping google.com on the gateway machine, it works, while it doesn't work on the private network. Note: I am using VmWare 7. I need your quick assistance about this issue.
I updated my system from FC13 2.6.34.7-66 to 2.6.34.8-68 for both the kernel and the kmod-wl RPM's. After doing so, iwconfig wlan0 key 1234567890 no longer works. I get an error indicating 'invalid argument'. If I reboot using the previous kernel/wl.ko module, it works The size of the wl.ko module increased in size by almost 30%. Did I somehow get the wrong RPM?
I use FC9. Yesterday after system update I turned of the computer, but today when it booted the wireless didn't work, ndiswrapper device wlan0:1 does not seem to be present, delaying initialization.I have removed and again installed the wireless driver and looks like it is ok,
[root@localhost utils]# ./ndiswrapper -r bcmwl6 [root@localhost utils]# ./ndiswrapper -i /fatfs/Archiv/Softwere/Drivers/Dr_software/bcmwl6.inf installing bcmwl6 ... [root@localhost utils]# after ndiwwrapper -m it gives warning( or error )[root@localhost utils]# ./ndiswrapper -m module configuration already contains alias directive [Code]....
For the background, I'll be using my router as a firewall with snort-inline enabled. I got 3 NIC's: one for the WAN, the second will be bridged to the WAN NIC for queuing traffic which snort-inline requires, and the third is the LAN NIC (the computer I use for everyday work). Here's how I have my interfaces set up:
Code:
# /etc/network/interfaces # Loopback interface auto lo iface lo inet loopback
[code]....
From what I understand, queuing needs to be set up on the bridge. From the documentation I've read it's done like this:
Code:
iptables -A INPUT -j QUEUE And then to forward traffic, I did:
Code:
iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
I've done this and am able to ping the router, obtain a DNS address from dnsmasq from the LAN computer. From the router I am able to connect to the internet (ping, links <address>...). From the LAN computer trafficking isn't getting forwarded, Firefox, links, ping all don't resolve.
I have a question regarding port forwarding. I have a fedora server, with two eth cards: eth0 ---> external IP, eth1 ----> LAN IP I use SNAT for connection sharing. I also have an internet domain hosted on this server... let's call it [URL] Anyway, one of our computers in the LAN has some kind of web server on it, which must be accessed from the internet on the port 23700.
So, using iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 23700 -j DNAT --to 192.168.1.25 (the IP of the network computer) Everything works perfectly fine from outside the lan. When I type [URL], I connect to that computer. My problem is that inside the lan, typing [URL] does not work! It only works if I enter it by IP 192.168.1.25:23700 Is there any way to make the server forward my request to that specific computer even if I'm inside the LAN?
I'm trying to understand and set up port forwarding with iptables. So far I've read a lengthy tutorial on iptables, and I've Googled for hours, searched this forum, but I've been unable to come up with a solution that works for me.The situation I would like to achieve is the following: on one machine, there is a TCP server running bound to its external IP, port 9999. I would like to let another machine connect to this TCP server on port 9000 by forwarding port 9000 to 9999.All the policies of the iptables chains are set to ACCEPT; and I have set net.ipv4.ip_forward = 1. I have no problems using SNAT/MASQUERADE on the same server machine.I have tried the following:
In order to test this rule, I started a TCP echo server on port 9999. I can connect to it on port 9999, but not on port 9000- this gives me 'connection timed out'. When I do 'iptables -t nat -L -v', I can see that the rule does get matched once per connection attempt.
I have a Trendnet TEW652BRP wireless router, HW/ V2.1R, FW/ V2.00b34. I have read that these routers had a problem, with the stock firmware, where port forwarding was concerned. And indeed, I do have some problems with it. Ie; canyouseeme.org can't see me when I open ports, and I am not on a proxy server. I have tried this with the appropriate exception rules (in/out) in ufw, and on the router settings with UPnP enabled and disabled. In the latter case, I also tried router firewall rules, port forwarding and access rules. Still could not see me (timed out in all cases).
Now, this being an area I have little experience with, I am not sure if this version of firmware was supposed to have fixed the PF problems. To the questions...
1. Has anyone here who had an analogous experience found a solution, with the stock firmware?
2. I have read about the DD-WRT option to flash the router firmware (which says fixes the issue), but I am wary. I believe this is a Linux based replacement firmware, which is not a bad thing in my book, but does anyone have any recommendations or heads up on issues with it, from experience, apart from what is commented in the documentation at [URL]
I've been beating myself over the head with iptables and CANNOT get port forwarding to work. Here's my situation: Static LAN IP on eth0 Static internet IP on eth1 ip_forward is turned on by uncommenting in sysctl.conf Here's the output of iptables-save:
Code: # Generated by iptables-save v1.4.4 on Tue Mar 8 10:34:12 2011 *nat :PREROUTING ACCEPT [2443:347058]
[Code]...
Edit: by the way, the intended purpose of this machine is to server as a gateway and firewall. MASQUERADE is working, for whatever that is worth. And the host behind the firewall that is serving up http is definitely working too. All that is not working is getting hosts on the internet talking to hosts behind the firewall.
I upgraded from 10.10 to 11.04 and when i try to check for updates in the update manager it says:
W:Failed to fetch http://ppa.launchpad.net/and471/kaza...source/Sources 404 Not Found , W:Failed to fetch http://ppa.launchpad.net/and471/kaza...amd64/Packages 404 Not Found
Update was successful (I didn't see any errors). Then I rebooted pc and found out that my web is extreamly slow. In httpd logs I found: php -> file_get_contents [URL] always dies (timeout error, but somedomain.com is fine, I can telnet it easy on 80) I was wounder if it's update problem and tried yum:
>yum update Loaded plugins: fastestmirror Determining fastest mirrors Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=5&arch=i386&repo=os error was [Errno 4] IOError: <urlopen error (-3, 'Temporary failure in name resolution')> Error: Cannot find a valid baseurl for repo: base
so you doesn't work too... I have no proxies, I tried to reboot pc, I tried: yum clean all
I installed from scratch 11.2, but i see now that the Automatic update doesn't work. I run "Refresh" on Updater Applet and it come up with an error: PackageKit Error repo-not-available:
I've installed the GNOME Update Manager (0.68-debian.7) from the official Debian package archive. However, after checking for new packages and clicking "Install the updates", the update manager asks for rights and then just checks for new updates again. Selecting different packages didn't help either, it just checks for updates again and doesn't update anything. Has anyone experienced the same problem
I just performed a KDE update from 4.7.0 to 4.7.1 on my OpenSUSE 11.3 64-bit machine and my desktop is in bad shape: the plasma stuff doesn't seem to work at all...and I don't have any panels...the default one on the bottom of the screen is gone also. I tried creating a new user in Yast, but when I log in I get a blank black screen. KDE seems to be pooched!
I got this error message today when i ran sudo update
E: Type 'See' is not known on line 2 in source list /etc/apt/sources.list E: Type 'n' is not known on line 2 in source list /etc/apt/sources.list.d/ubuntu-wine-ppa-karmic.list
and i cant burn dvd with brasero also my sis760 doesnt work on this
im trying to switch back to windows but i need to copy the image to a dvd but brasero doesnt work and when ever i use the software center i see nothing under the categories
I've got a double boot system (Windows XP Pro and Ubuntu Maverick). Since I updated Grub2, Grub doesn't work anymore! I'd tried this (because I HAD that error). But since than, I'd a black screen (harddisk didn't anything, and Grub too...) And now, after using a couple of these commands via the Ubuntu Lucid Lynx Live CD I get a mini bash in Grub, but no entry's to one of the two systems! What's wrong, and what do I have to do? (and what did I wrong?
I'm having problems with the time on one of my computers. It's loosing nearly 4 minute per hour. I installed the ntp program, but for some reason it won't work on this computer (a fresh install of Ubuntu 11.04 32bit).The defaults didn't work the same as my other computers. I used the command to stop apparmor (sudo invoke-rc.d apparmor teardown) in case that was the problem. As far as I know, no firewall is started by default. I checked and couldn't find any.My /etc/ntp.conf file is exactly as it is on the machine that is working:egrep -v "^#|^$" /etc/ntp.conf
I've patched my kernel to enable my IDE-mode SATA drivers (ata_piix.c), and everything works fine. But when I attempt to create a Driver Update Disk with this structure, it doesn't work (though the same format works for SLES11):
i have huawei usb stick modem, i'm connecting to internet with wvdial command, i have configured the file "wvdial.conf" to be able to connect, everything works fine i guess but the update applet still show me the message
Code: Unable to check whether updates are available
connect to the internet and connection manager too .. it tell me i'm not connected, i think i must configure my connection in an other way .. but i don't know how ..
(Beginner)Just installed openSUZE 11.1 Dual boot with Vista. I can set up my wireless settings, wep, etc and it says it connects just fine. But when I try to USE the internet it doesn't work. Nothing in update, nothing in firefox. It says it is connected but it's acting like something is blocking it.
