Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Portuguese / Chain FORWARD
« on: August 28, 2012, 12:53:21 am »
Senhores,
Preciso incluir uma regra no "Chain Forward" antes do "fnospoof". Como posso fazer isso?
Já usei o firewall.postservice, mas as regras são adcionadas no final.
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
fnospoof all -- anywhere anywhere
fredirects all -- anywhere anywhere
fmodules all -- anywhere anywhere
ffwdrules all -- anywhere anywhere
fnoexternal all -- anywhere anywhere
fdns all -- anywhere anywhere
fobjects all -- anywhere anywhere
fglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
fdrop all -- anywhere anywhere
Preciso incluir uma regra no "Chain Forward" antes do "fnospoof". Como posso fazer isso?
Já usei o firewall.postservice, mas as regras são adcionadas no final.
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
fnospoof all -- anywhere anywhere
fredirects all -- anywhere anywhere
fmodules all -- anywhere anywhere
ffwdrules all -- anywhere anywhere
fnoexternal all -- anywhere anywhere
fdns all -- anywhere anywhere
fobjects all -- anywhere anywhere
fglobal all -- anywhere anywhere
ACCEPT icmp !f anywhere anywhere icmp echo-request state NEW
ACCEPT icmp !f anywhere anywhere icmp echo-reply state NEW
ACCEPT icmp !f anywhere anywhere icmp destination-unreachable state NEW
ACCEPT icmp !f anywhere anywhere icmp source-quench state NEW
ACCEPT icmp !f anywhere anywhere icmp time-exceeded state NEW
ACCEPT icmp !f anywhere anywhere icmp parameter-problem state NEW
fdrop all -- anywhere anywhere
2
Portuguese / Vpn zentyal-zentyal com matriz(RIO) e Filial(SP)
« on: March 24, 2012, 04:46:39 pm »
Senhores,
Estou implementando vpn zentyal-zentyal com matriz(RIO) e Filial(SP).
Cenário
Rio:
Ebox 1.2
Ip local do servidor e Gateway da rede: 192.168.1.1
SP:
Zentyal 2.05
Ip local do servidor e Gateway da rede: 192.168.1.16
Como os dois tem o mesmo range de network, implementei interface alias no servidor RIO com ip 10.100.30.1 e no servidor SP 10.200.30.1
O servidor SP é o Server VPN dentro do Zentyal e RIO é o client. A vpn conecta e os servidores zentyal e ebox consegue pingar um e outro, mas minha rede não consegue. Para testes abri todas as portas nos dois firewalls , mas sem sucesso.
Pesquisando no Google, vi que o problema é rota, mas não sei como vou configurar isso. Já tentei configurar várias rotas no “Static Routes”, mas todos sem sucesso.
Ah! Na configuração da vpn o zentyal colocou automaticamente a rede 192.168.160.0/24
Alguém podia me ajudar ?
Estou implementando vpn zentyal-zentyal com matriz(RIO) e Filial(SP).
Cenário
Rio:
Ebox 1.2
Ip local do servidor e Gateway da rede: 192.168.1.1
SP:
Zentyal 2.05
Ip local do servidor e Gateway da rede: 192.168.1.16
Como os dois tem o mesmo range de network, implementei interface alias no servidor RIO com ip 10.100.30.1 e no servidor SP 10.200.30.1
O servidor SP é o Server VPN dentro do Zentyal e RIO é o client. A vpn conecta e os servidores zentyal e ebox consegue pingar um e outro, mas minha rede não consegue. Para testes abri todas as portas nos dois firewalls , mas sem sucesso.
Pesquisando no Google, vi que o problema é rota, mas não sei como vou configurar isso. Já tentei configurar várias rotas no “Static Routes”, mas todos sem sucesso.
Ah! Na configuração da vpn o zentyal colocou automaticamente a rede 192.168.160.0/24
Alguém podia me ajudar ?
3
Installation and Upgrades / Re: VPN through the Zentyal Firewall
« on: August 15, 2011, 02:03:14 am »
Hello gchr,
I ran the following command line and I think it worked.
insmod / lib/modules/2.6.32-33-generic-pae/kernel/net/ipv4/netfilter/nf_nat_proto_gre.ko
regards,
Alex Assis
I ran the following command line and I think it worked.
insmod / lib/modules/2.6.32-33-generic-pae/kernel/net/ipv4/netfilter/nf_nat_proto_gre.ko
regards,
Alex Assis
4
Installation and Upgrades / Re: VPN through the Zentyal Firewall
« on: August 09, 2011, 10:28:32 pm »
Hello jsalamero,
But, trying to 'sudo insmod nf_nat_proto_gre' I get :
insmod: can't read 'nf_nat_proto_gre': No such file or directory
and for the other modules,too.
Any suggestions?
Can anyone help me?
Regards,
Alex Assis
But, trying to 'sudo insmod nf_nat_proto_gre' I get :
insmod: can't read 'nf_nat_proto_gre': No such file or directory
and for the other modules,too.
Any suggestions?
Can anyone help me?
Regards,
Alex Assis
5
Installation and Upgrades / Re: VPN through the Zentyal Firewall
« on: August 05, 2011, 09:56:56 pm »
How do I load the modules?
6
Installation and Upgrades / VPN through the Zentyal Firewall
« on: August 03, 2011, 09:08:02 pm »
Hello,
I have the following scenario:
Server VPN in Windows 2008 which is on the internet and it makes several connections to various client locations. But within my company I use Zentyal version 2.0.22 where I can connect only one VPN client, the second connection error 800 appears. If put the machines on the Internet directly (without going through the Zentyal Firewall) the VPN works correctly.
Are there any limitations to connect via vpn? Is there any setting?
It was necessary to put 10 machines outside the Zentyal firewall for the VPN connection works.
Can anyone help me?
Alex Assis
I have the following scenario:
Server VPN in Windows 2008 which is on the internet and it makes several connections to various client locations. But within my company I use Zentyal version 2.0.22 where I can connect only one VPN client, the second connection error 800 appears. If put the machines on the Internet directly (without going through the Zentyal Firewall) the VPN works correctly.
Are there any limitations to connect via vpn? Is there any setting?
It was necessary to put 10 machines outside the Zentyal firewall for the VPN connection works.
Can anyone help me?
Alex Assis
7
Installation and Upgrades / Re: Store mail in the Zentyal
« on: January 22, 2011, 07:53:39 pm »
Hi erik,
Thank for help.
Best regards,
Alex Assis
Thank for help.
Best regards,
Alex Assis
8
Installation and Upgrades / Store mail in the Zentyal
« on: January 21, 2011, 06:22:00 pm »
Gentlemen,
I need to record all emails from users of the network passing through the server zentyal in a box on the server and then query this email. Is there any program that has this function?
Does anyone have any tips?
Alex Assis
I need to record all emails from users of the network passing through the server zentyal in a box on the server and then query this email. Is there any program that has this function?
Does anyone have any tips?
Alex Assis
9
Installation and Upgrades / Apache is very slow in ebox 1.5
« on: July 26, 2010, 04:59:10 pm »
Hello,
I'm using Ebox 1.5, I realized that Apache is very slow to respond to requests and also consume much memory and CPU 60%.
My environment:
X3430 Xeon Processor, 2.4 GHz 8M Cache
6 GB memory
250 GB SCSI
Use Apache to display a few pages in HTML and PHP that my company needs to see every day, but with the slow work becomes difficult.
Could anyone help me?
I'm using Ebox 1.5, I realized that Apache is very slow to respond to requests and also consume much memory and CPU 60%.
My environment:
X3430 Xeon Processor, 2.4 GHz 8M Cache
6 GB memory
250 GB SCSI
Use Apache to display a few pages in HTML and PHP that my company needs to see every day, but with the slow work becomes difficult.
Could anyone help me?
10
Installation and Upgrades / Help redirection port 80
« on: May 03, 2010, 04:44:02 pm »
I have a web server into an internat net using ebox like gateway, I'm trying to configure access from external nets to this server using port redirection in the ebox machine. The problem is that the server doesn't receive any petition, if I do the redirection agaisnt a public ip machine it works perfect. This problem occurs only for port 80, ie, internal to that server ebox has FTP services and redirect works correctly What are I doing badly?
My version : ebox 1.2.3
The following is the output of the command iptables-t nat-L-n-v:
Chain PREROUTING (policy ACCEPT 748K packets, 77M bytes)
pkts bytes target prot opt in out source destination
1233 72824 premodules all -- * * 0.0.0.0/0 0.0.0.0/0
4 208 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3390 to:192.XXX.X.250:3389
2 96 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:20 to:192.XXX.X.253:20
2 104 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3391 to:192.XXX.X.251:3389
Chain POSTROUTING (policy ACCEPT 2649K packets, 166M bytes)
pkts bytes target prot opt in out source destination
754 46171 postmodules all -- * * 0.0.0.0/0 0.0.0.0/0
1 48 SNAT all -- * eth1 !200.XXX.XXX.2XX 0.0.0.0/0 to:200.XXX.XXX.2XX
42 2544 SNAT all -- * eth2 !1X.X.X.2 0.0.0.0/0 to:1X.X.X.2
Chain OUTPUT (policy ACCEPT 2774K packets, 174M bytes)
pkts bytes target prot opt in out source destination
Chain postmodules (1 references)
pkts bytes target prot opt in out source destination
Chain premodules (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.251 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.250 !192.XXX.X.252 tcp dpt:80 redir ports 3129
323 15504 REDIRECT tcp -- eth0 * 192.XXX.X.253 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.19 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.163 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.169 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.176 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.214 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.94 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.106 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.38 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.162 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.86 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.201 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.63 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.56 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.158 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.36 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.91 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.77 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.43 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.193 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.32 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 !192.XXX.X.252 tcp dpt:80 redir ports 3129
My version : ebox 1.2.3
The following is the output of the command iptables-t nat-L-n-v:
Chain PREROUTING (policy ACCEPT 748K packets, 77M bytes)
pkts bytes target prot opt in out source destination
1233 72824 premodules all -- * * 0.0.0.0/0 0.0.0.0/0
4 208 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3390 to:192.XXX.X.250:3389
2 96 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:20 to:192.XXX.X.253:20
2 104 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3391 to:192.XXX.X.251:3389
Chain POSTROUTING (policy ACCEPT 2649K packets, 166M bytes)
pkts bytes target prot opt in out source destination
754 46171 postmodules all -- * * 0.0.0.0/0 0.0.0.0/0
1 48 SNAT all -- * eth1 !200.XXX.XXX.2XX 0.0.0.0/0 to:200.XXX.XXX.2XX
42 2544 SNAT all -- * eth2 !1X.X.X.2 0.0.0.0/0 to:1X.X.X.2
Chain OUTPUT (policy ACCEPT 2774K packets, 174M bytes)
pkts bytes target prot opt in out source destination
Chain postmodules (1 references)
pkts bytes target prot opt in out source destination
Chain premodules (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.251 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.250 !192.XXX.X.252 tcp dpt:80 redir ports 3129
323 15504 REDIRECT tcp -- eth0 * 192.XXX.X.253 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.19 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.163 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.169 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.176 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.214 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.94 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.106 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.38 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.162 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.86 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.201 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.63 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.56 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.158 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.36 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.91 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.77 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.43 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.193 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.32 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 !192.XXX.X.252 tcp dpt:80 redir ports 3129
11
Installation and Upgrades / Redirect port 80 Problem
« on: May 03, 2010, 03:39:20 am »
I have a web server into an internat net using ebox like gateway, I'm trying to configure access from external nets to this server using port redirection in the ebox machine. The problem is that the server doesn't receive any petition, if I do the redirection agaisnt a public ip machine it works perfect. This problem occurs only for port 80, ie, internal to that server ebox has FTP services and redirect works correctly What are I doing badly?
The following is the output of the command iptables-t nat-L-n-v:
Chain PREROUTING (policy ACCEPT 748K packets, 77M bytes)
pkts bytes target prot opt in out source destination
1233 72824 premodules all -- * * 0.0.0.0/0 0.0.0.0/0
4 208 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3390 to:192.XXX.X.250:3389
2 96 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:20 to:192.XXX.X.253:20
2 104 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3391 to:192.XXX.X.251:3389
Chain POSTROUTING (policy ACCEPT 2649K packets, 166M bytes)
pkts bytes target prot opt in out source destination
754 46171 postmodules all -- * * 0.0.0.0/0 0.0.0.0/0
1 48 SNAT all -- * eth1 !200.XXX.XXX.2XX 0.0.0.0/0 to:200.XXX.XXX.2XX
42 2544 SNAT all -- * eth2 !1X.X.X.2 0.0.0.0/0 to:1X.X.X.2
Chain OUTPUT (policy ACCEPT 2774K packets, 174M bytes)
pkts bytes target prot opt in out source destination
Chain postmodules (1 references)
pkts bytes target prot opt in out source destination
Chain premodules (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.251 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.250 !192.XXX.X.252 tcp dpt:80 redir ports 3129
323 15504 REDIRECT tcp -- eth0 * 192.XXX.X.253 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.19 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.163 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.169 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.176 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.214 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.94 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.106 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.38 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.162 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.86 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.201 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.63 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.56 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.158 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.36 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.91 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.77 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.43 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.193 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.32 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 !192.XXX.X.252 tcp dpt:80 redir ports 3129
The following is the output of the command iptables-t nat-L-n-v:
Chain PREROUTING (policy ACCEPT 748K packets, 77M bytes)
pkts bytes target prot opt in out source destination
1233 72824 premodules all -- * * 0.0.0.0/0 0.0.0.0/0
4 208 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3390 to:192.XXX.X.250:3389
2 96 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:21 to:192.XXX.X.253:21
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:20 to:192.XXX.X.253:20
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:80 to:192.XXX.X.250:80
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:20 to:192.XXX.X.253:20
2 104 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.4 tcp dpt:3389 to:192.XXX.X.253:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3390 to:192.XXX.X.250:3389
0 0 DNAT tcp -- eth2 * 0.0.0.0/0 1X.X.X.2 tcp dpt:3391 to:192.XXX.X.251:3389
0 0 DNAT tcp -- eth1 * 0.0.0.0/0 200.XXX.XXX.2XX tcp dpt:3391 to:192.XXX.X.251:3389
Chain POSTROUTING (policy ACCEPT 2649K packets, 166M bytes)
pkts bytes target prot opt in out source destination
754 46171 postmodules all -- * * 0.0.0.0/0 0.0.0.0/0
1 48 SNAT all -- * eth1 !200.XXX.XXX.2XX 0.0.0.0/0 to:200.XXX.XXX.2XX
42 2544 SNAT all -- * eth2 !1X.X.X.2 0.0.0.0/0 to:1X.X.X.2
Chain OUTPUT (policy ACCEPT 2774K packets, 174M bytes)
pkts bytes target prot opt in out source destination
Chain postmodules (1 references)
pkts bytes target prot opt in out source destination
Chain premodules (1 references)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.251 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.250 !192.XXX.X.252 tcp dpt:80 redir ports 3129
323 15504 REDIRECT tcp -- eth0 * 192.XXX.X.253 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.19 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.163 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.169 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.176 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.214 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.94 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.106 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.38 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.162 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.86 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.201 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.63 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.56 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.158 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.36 !192.XXX.X.252 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.91 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.77 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.43 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.193 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 192.XXX.X.32 !192.XXX.X.252 tcp dpt:80 redir ports 3129
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 !192.XXX.X.252 tcp dpt:80 redir ports 3129
12
Installation and Upgrades / Traffic balancing for output to HTTP proxy
« on: February 21, 2008, 04:32:20 pm »Hi,
I set two links with various providers and ip direfentes, activated the Traffic balancing function is worked perfectly well, but in the service HTTP proxy is time that comes out through the one ip and soon after by another ip, it is because it has is bad secure sites that fixed ip before you open the transaction and whether the number of changes the site ip desconte because of security. We used the function Multigateway rules and not funciou, the proxy remains left by the two ips.
How do I resolve this?
Thank now.
Alex Assis
Pages: [1]