Hi All!
I have a Pentium 100 (32 MBRAM) with FreeBSD 4.4 installed on it and I am using it as a gateway. When I am downloading (or uploading) stuff simultaneously I see that natd is using up to 100% of the cpu capacity, hence the internet connection becomes blocked.
My guess is I will have... (1 Reply)
i have a firewall with two interfaces eth0 and eth1, eth0 is connected to an external network, and eth0 is connected to a private lan.
im using this command for NAT
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 223.0.0.3
my questions are :
1) how can i... (4 Replies)
Hi gurus.
Not such a problem, more of a proof of concept.
Ive got two zones :- database-1 and database-dr-1 on two different servers. Both zones have different ip addresses.
I want to copy the whole zone database-1 over to database-dr-1, which is simple enough, but I want to install... (0 Replies)
hellou, can anybody help me with nat detection in real time ? i prefer some detection script because i try some nat detection program's for example p0f or i'm using tcpdump, but i would get contain of specific packet. Some ideas? (1 Reply)
Hi everybody,
I'm running on Solaris 10 X86 (update 1009).
I would like to make NAT's rule. I explain you.
On Solaris, I configure the principal interface e1000g0 with IP : 192.168.0.33
I created the first logical interface like that :
ifconfig e1000g0 addif 192.168.0.40 netmask... (0 Replies)
Hello,
I am facing this scenario: three or more remote LAN (peripheral offices), with the same devices (printers, NAS) in each of them. Those LANs have the same network addresses, i.e.192.168.1.* (are connected to WAN via NAT).
I need to collect snmp traps from a central server (public IP).... (4 Replies)
Hi, I am learning IPTables have this question.
My server is behind a firewall that does a PAT & NAT to the LAN address.
Internet IP: 68.1.1.23
Port: 10022
Server LAN IP: 10.1.1.23
port: 22
Allowed Internet IPs: 131.1.1.23, 132.1.1.23
I want to allow a set of IPs are to be able to... (1 Reply)
Hi.
I am attempting to set up an OpenVPN server on my Solaris 11 box by following all the Linux guides. Thus far I have a working VPN that I can connect to and ssh onto my VPN server over which is great but not what I require long term.
I would like to route all VPN client requests for addresses... (0 Replies)
Discussion started by: nickb1976
0 Replies
LEARN ABOUT LINUX
iptables-xml
IPTABLES-XML(8)IPTABLES-XML(8)NAME
iptables-xml -- Convert iptables-save format to XML
SYNOPSIS
iptables-xml [-c] [-v]
DESCRIPTION
iptables-xml is used to convert the output of iptables-save into an easily manipulatable XML format to STDOUT. Use I/O-redirection pro-
vided by your shell to write to a file.
-c, --combine
combine consecutive rules with the same matches but different targets. iptables does not currently support more than one target per
match, so this simulates that by collecting the targets from consecutive iptables rules into one action tag, but only when the rule
matches are identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
-v, --verbose
Output xml comments containing the iptables line from which the XML is derived
iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j targets in
order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between
a target like SNAT and another chain.
Some sample output is:
<iptables-rules>
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<sport>8443</sport>
</tcp>
</conditions>
<actions>
<call>
<check_ip/>
</call>
<ACCEPT/>
</actions>
</rule>
</chain>
</table> </iptables-rules>
Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using libxsltproc
or similar; in this fashion:
xsltproc iptables.xslt my-iptables.xml | iptables-restore
BUGS
None known as of iptables-1.3.7 release
AUTHOR
Sam Liddicott <azez@ufomechanic.net>
SEE ALSO iptables-save(8), iptables-restore(8), iptables(8)
Jul 16, 2007 IPTABLES-XML(8)