EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 29 December 2024, 11:23:15 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Visit the official Endian Community Mailinglist
HERE
14262
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Loopback Nat
0 Members and 1 Guest are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Loopback Nat (Read 20163 times)
muehle
Jr. Member
Offline
Posts: 3
Loopback Nat
«
on:
Wednesday 18 January 2012, 12:10:11 pm »
Hi, I've two mail server behind the Endian2.5 firewall in the orange zone. Each mail server should be able to reach the other over the public ip.
Furthermore also the user in the green zone should be able to reach the mail server over their public ip's.
I've tried every sort of dnat and snat rules but no one worked.
Then I've tied to setup the following rule manually, but without success
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -d 192.168.1.104 -p tcp --dport XX -j SNAT --to-source XX...
efwsupport.com/index.php?topic=1196.0
Hope that somebody has a solution for this problem.
Thanks a lot
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Loopback Nat
«
Reply #1 on:
Wednesday 18 January 2012, 12:52:38 pm »
If both have some domain name (eg mail1.domain.com and mail2.domain.com), use edit hosts to masq their IPs to the internal ones.
Logged
muehle
Jr. Member
Offline
Posts: 3
Re: Loopback Nat
«
Reply #2 on:
Wednesday 18 January 2012, 08:59:59 pm »
The problem is that there are many domains on the server and I don't want to enter for every hosted domain manually his masq ip.
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Loopback Nat
«
Reply #3 on:
Thursday 19 January 2012, 05:05:00 am »
If you want to force ip rules, don't do it manually, you need to change the iptables templates to add those custom iptables rules:
Check the
/etc/firewall/dnat/rules.tmpl
and
/etc/firewall/snat/rules.tmpl
file, they're templates for DNAT and SNAT.
The processed files from the templates are saved to /etc/firewall/dnat/iptablesdnat and /etc/firewall/snat/iptablessnat
Don't do changes on the processed files, they're always rewritten.
Once you change the template, use the command
setsnat.py -d
or
setdnat.py -d
to reload the rules and see the debug logs.
Also check that the processed files match what you need.
Logged
muehle
Jr. Member
Offline
Posts: 3
Re: Loopback Nat
«
Reply #4 on:
Thursday 19 January 2012, 06:08:50 am »
After creating the snat rule the /etc/firewall/snat/iptablessnat look like this
iptables -t nat -F SOURCENAT
iptables -t nat -A SOURCENAT -s 192.168.60.0/24 -d 192.168.60.10 -o eth1 -j SNAT --to-source redif1
iptables -t nat -A SOURCENAT -s 0/0 -d 0/0 -o eth1 -j SNAT --to-source redif0
the rule doesn't work.
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Loopback Nat
«
Reply #5 on:
Thursday 19 January 2012, 11:55:34 am »
Don't put your real IP's here, it isn't needed.
That's an iptables related problem, and I'm not very fond of them.
I just only point you to the iptables template files.
There you can add any custom iptable rule, without worrying about restarts.
But I cannot help you about the correct iptables rules to make this work.
Sorry
Logged
kikilinux
Full Member
Offline
Posts: 47
Re: Loopback Nat
«
Reply #6 on:
Monday 20 January 2014, 09:06:32 pm »
Hi
It's very interesting post.
will the changes be effective on startup when we change the .tmpl files ?
will these rules be added permanently ?
for example i want to add a dnat rule to outgoing traffic while the endian firewall does not support it, how can we perform this ?
tnx a lot
Logged
mrkroket
Hero Member
Offline
Posts: 495
Re: Loopback Nat
«
Reply #7 on:
Tuesday 28 January 2014, 02:52:56 am »
On these templates. This is not really supported, but many config files are recreated from termplates so you need to tweak templates to get permanent changes.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com