Re: iptables-1.2.9

From: Yusuf Effendi (sufendi_at_softhome.net)
Date: 03/19/04

  • Next message: fendi: "Script for DMZ"
    To: <security-discuss@linuxsecurity.com>
    Date: Fri, 19 Mar 2004 13:01:42 +0700
    
    

    if I delete option for transaparant proxy SNAT working properly, is there
    any step that I should do ?

    ----- Original Message -----
    From: "Adam Gilstrap" <agilstrap@infoprogroup.com>
    To: <security-discuss@linuxsecurity.com>
    Sent: Friday, March 19, 2004 11:45 AM
    Subject: RE: iptables-1.2.9

    > try the following command...substitute in your subnet for the 192 subnet.
    >
    > /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -d ! 192.168.0.0/16
    > -j MASQUERADE
    >
    >
    > Adam Gilstrap
    > agilstrap@infoprogroup.com
    >
    >
    > Hi All,
    >
    > I used iptables-1.2.9 on my firewall, but when i accessed site like :
    >
    > http://www.slac.stanford.edu/cgi-bin/nph-traceroute.pl
    >
    > the browser show my private address that used on my PC not public address
    on
    > my firewall, like this :
    >
    > You are about to request a traceroute that may be interpreted as an
    'attack'
    >
    > from www.slac.stanford.edu, by a firewall protecting your browser:
    > 10.62.22.201 (host with no DNS entry). Have you read the description above
    > and is it OK to proceed?
    >
    >
    > What shoud I do in order to make the destination detect only my public
    > address ?
    > I used this command line ;
    > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
    <Public_Address>
    >
    > Regards,
    > Fendi
    > ------------------------------------------------------------------------
    > To unsubscribe email security-discuss-request@linuxsecurity.com
    > with "unsubscribe" in the subject of the message.
    >
    > ------------------------------------------------------------------------
    > To unsubscribe email security-discuss-request@linuxsecurity.com
    > with "unsubscribe" in the subject of the message.
    >

    ------------------------------------------------------------------------
         To unsubscribe email security-discuss-request@linuxsecurity.com
             with "unsubscribe" in the subject of the message.


  • Next message: fendi: "Script for DMZ"