01-10-2012
How to configure Full Cone NAT using iptables ?
Hi Experts;
I want to find the right iptables commands combination to address the following need:
- NEs are NATed thru the linux box (using iptables) towards the WAN cloud, where the NTP servers are situated.
- In order to achieve redundancy, the NTP Servers are in a load balancing cluster with one virtual IP address (172.30.4.245)
- The problem is that when the NEs request for NTP updates using the 172.30.4.245, the NTP response is received from one of the actual IP addresses (.200, .230 .240).
Example:
The iptables is not allowing this flow, which is a normal behaviour since the requested vs responding address are not the same (172.30.4.245 vs 172.30.4.230) :
Request : UDP 10.68.2.11:23445 ---> 172.30.4.245:123 (this is Before NAT, of course after NAT the source is 10.23.14.72)
Response: UDP 172.30.4.230:123 ---> 10.23.14.72:23445 (Response to the WAN address)
I'm wondering if there is any way to let iptables establish the UDP flow only based on the (s-port/d-port) regardless of the IP addresses, and execute the NAT back to the LAN based on that.
UDP/NTP is just an example, almost all the needed services are setup in the same way (load balancing in Cluster).
Appreciate your help !
Thanks & Regards
lvl1s7a
10 More Discussions You Might Find Interesting
1. SuSE
How do I configure full duplex on suse 8.2
I tried
ethtool -s eth0 speed 100 duplex full autoneg off
the above works but when I reboot the machine the configure was lost.
How do I configure full duplex so that when the machine get rebooted the configuration will stay.
My interface... (4 Replies)
Discussion started by: hassan2
4 Replies
2. UNIX for Advanced & Expert Users
Hello Guys,
I have a debian machine that work as a firewall (iptables + squid 2.6) with two physical interfaces: eth0 (public interface) and eth1 (internal interface LAN). I have created an alias eth1:1 in order to have two subnets on same physical interface:
cat/etc/network/interfaces
auto... (0 Replies)
Discussion started by: sincity2006
0 Replies
3. Debian
Hello, the Nat and the forward worked on my debian server up to the reboot of machines.
The following rules*:
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth2 -d xxx.xxx.xxx.xxx --dport 29070 -j DNAT --to-destination 10.0.1.7:29070
/sbin/iptables -A FORWARD -p tcp -i eth2 -o eth0 -d... (0 Replies)
Discussion started by: titoms
0 Replies
4. IP Networking
Good morning,
I'm a newbie of iptables and as far as I've seen on tutorials on the Internet it seems that both prerouting and postrouting NAT chains are undergone both by a packet that goes from an internal LAN to the Internet and of a one that goes in the opposite direction (from the Internet to... (0 Replies)
Discussion started by: giac85
0 Replies
5. Red Hat
Hello, please can you help and explain me.
I have two servers. Both are RHEL6.
I use the first one like router and the second one for apache.
Router forwards 80 port on the second server and I can open that from the internet (mysite.com, for example). But I can not open mysite.com if i try to... (0 Replies)
Discussion started by: 6765656755
0 Replies
6. Cybersecurity
Hi, I am learning IPTables have this question.
My server is behind a firewall that does a PAT & NAT to the LAN address.
Internet IP: 68.1.1.23
Port: 10022
Server LAN IP: 10.1.1.23
port: 22
Allowed Internet IPs: 131.1.1.23, 132.1.1.23
I want to allow a set of IPs are to be able to... (1 Reply)
Discussion started by: capri_guy84
1 Replies
7. IP Networking
Hi all,
I have a following situation:
- I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it:
/usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12
--dport 1500 -j DNAT --to-destination 192.168.10.20:2000
... (3 Replies)
Discussion started by: ahmerin
3 Replies
8. IP Networking
Hello,
Recently I discovered an issue with packet routing in the latest Android releases (4.4+ KitKat & Lollipop).
It seems that the problem Android specific, but essentially it comes from the Linux kernel.
I already filed a bug report to Google. You can see the details by searching for... (0 Replies)
Discussion started by: Vladislav
0 Replies
9. IP Networking
Hi guys
I'm running on debian on a small embedded system. I have a ppp interface that is connected to the internet (and works). My unit also has wifi access point (which works and I can connect to it).
I want to allow connections to the wifi to be able to use the internet from ppp0... (1 Reply)
Discussion started by: alirezan1
1 Replies
10. Cybersecurity
good day good people
hi
first to tell that firewall and vpn is working as expected, but I notice something strange.
I have host system 11.11.11.11(local ip) firewall is blocking everything except port to vpn.
I have vpn on virtualized system 22.22.22.22 (CentOS both host and virtual). ... (0 Replies)
Discussion started by: end
0 Replies
LEARN ABOUT MOJAVE
vconsole.conf
VCONSOLE.CONF(5) vconsole.conf VCONSOLE.CONF(5)
NAME
vconsole.conf - configuration file for the virtual console
SYNOPSIS
/etc/vconsole.conf
DESCRIPTION
The /etc/vconsole.conf file configures the virtual console, i.e. keyboard mapping and console font.
The basic file format of the vconsole.conf is a newline-separated list environment-like shell-compatible variable assignments. It is
possible to source the configuration from shell scripts, however, beyond mere variable assignments no shell features are supported,
allowing applications to read the file without implementing a shell compatible execution engine.
Note that the kernel command line options vconsole.keymap=, vconsole.keymap.toggle=, vconsole.font=, vconsole.font.map=,
vconsole.font.unimap= may be used to override the console settings at boot.
Depending on the operating system other configuration files might be checked for configuration of the virtual console as well, however only
as fallback.
OPTIONS
The following options are understood:
KEYMAP=, KEYMAP_TOGGLE=
Configures the key mapping table of for they keyboard. KEYMAP= defaults to us if not set. The KEYMAP_TOGGLE= can be used to configured
a second toggle keymap and is by default unset.
FONT=, FONT_MAP=, FONT_UNIMAP=
Configures the console font, the console map and the unicode font map. FONT= defaults to latarcyrheb-sun16.
EXAMPLE
Example 1. German keyboard and console
/etc/vconsole.conf:
KEYMAP=de-latin1
FONT=latarcyrheb-sun16
SEE ALSO
systemd(1), loadkeys(1), setfont(8), locale.conf(5)
AUTHOR
Lennart Poettering <lennart@poettering.net>
Developer
systemd 10/07/2013 VCONSOLE.CONF(5)