[leaf-user] DNAT rule
I inserted the following line in my shorewall rules file: DNATnetloc:192.168.1.1-192.168.1.64tcp6881:6888 -all Hoping to solve a NAT problem with my Arureus bittorrent client. I gave the IP address as a range because I may not always be sure that 192.168.1.1 would get assigned to the particular machine running Azureus. It didn't work - but if I just give one address ie 192.168.1.1, it does. Can I not use a range of IP addresses in this instance? Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] DNAT rule
On Thursday 01 December 2005 10:59, Jim Ford wrote: > I inserted the following line in my shorewall rules file: > > DNATnetloc:192.168.1.1-192.168.1.64tcp6881:6888 - > all > > Hoping to solve a NAT problem with my Arureus bittorrent client. I gave the > IP address as a range because I may not always be sure that 192.168.1.1 > would get assigned to the particular machine running Azureus. It didn't > work - but if I just give one address ie 192.168.1.1, it does. Can I not > use a range of IP addresses in this instance? That is not an appropriate use of a range in the DEST of a DNAT rule. From the documentation of the DEST column: Like in the SOURCE column, a range of IP addresses may be specified in the DEST column as -. When the ACTION is DNAT or DNAT-, connections will be assigned to the addresses in the range in a round-robin fashion (load-balancing). You need to configure your DHCP server to always give the same IP address to the machine running Arureus. -Tom -- Tom Eastep\ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key pgpRUDgJMf3Ve.pgp Description: PGP signature
Re: [leaf-user] DNAT rule
Tom Eastep wrote: On Thursday 01 December 2005 10:59, Jim Ford wrote: I inserted the following line in my shorewall rules file: DNATnetloc:192.168.1.1-192.168.1.64tcp6881:6888 - all Hoping to solve a NAT problem with my Arureus bittorrent client. I gave the IP address as a range because I may not always be sure that 192.168.1.1 would get assigned to the particular machine running Azureus. It didn't work - but if I just give one address ie 192.168.1.1, it does. Can I not use a range of IP addresses in this instance? That is not an appropriate use of a range in the DEST of a DNAT rule. From the documentation of the DEST column: Like in the SOURCE column, a range of IP addresses may be specified in the DEST column as -. When the ACTION is DNAT or DNAT-, connections will be assigned to the addresses in the range in a round-robin fashion (load-balancing). You need to configure your DHCP server to always give the same IP address to the machine running Arureus. -Tom And forward the port range to that IP only. -M --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] DNAT rule
Jim Ford wrote: Hoping to solve a NAT problem with my Arureus bittorrent client. I gave the Or use upnpd.lrp and turn on the UPnP client in Azureus. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] DNAT rule
> Wouldn't it just be easier and more secure to set the machine to a static > IP? > You may need to change the range of static IP addresses - or determine what > it is, but for my money that makes the most sense. I guess so, but I would rather not 'hard wire' anything into the configuration. But I may end up doing so! On 12/7/05, Paul Traina <[EMAIL PROTECTED]> wrote: > > Jim Ford wrote: > > Hoping to solve a NAT problem with my Arureus bittorrent client. I gave > the > > > Or use upnpd.lrp and turn on the UPnP client in Azureus. I understand that there are security issues regarding UPnP. I don't know much about security, so I feel I need to be ultra cautious. I'm acutely aware that one wrong line in the Shorewall rules could blow the door wide open on my firewall! Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] DNAT rule
Andrew Gray MCSE Willowcrest Solutions Pty Ltd Phone:(07) 4128 7401 Mobile: 0418 734 078 > Wouldn't it just be easier and more secure to set the machine to a static > IP? > You may need to change the range of static IP addresses - or determine what > it is, but for my money that makes the most sense. I guess so, but I would rather not 'hard wire' anything into the configuration. But I may end up doing so! On 12/7/05, Paul Traina <[EMAIL PROTECTED]> wrote: > > Jim Ford wrote: > > Hoping to solve a NAT problem with my Arureus bittorrent client. I gave > the > > > Or use upnpd.lrp and turn on the UPnP client in Azureus. I understand that there are security issues regarding UPnP. I don't know much about security, so I feel I need to be ultra cautious. I'm acutely aware that one wrong line in the Shorewall rules could blow the door wide open on my firewall! Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ __ NOD32 1.1316 (20051208) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
RE: [leaf-user] DNAT rule
Why not just use the MAC Address and have dhcp always assign that machine the same address. That way all other settings from dhcp will be applied to the machine every time and changes to the settings applied by dhcp will also be picked up by that machine. This method has been working for me for several years now on one of my servers. Just add the following to the end of the /etc/dhcpd.conf and you are away: host computername{ hardware ethernet 00:00:00:00:00:00; fixed-address 192.168.x.x; } Don't forget to change the relevant variables to suit your network first. Sorry, I clicked sent too early. I should have added the useful information first. Andrew Gray MCSE Willowcrest Solutions Pty Ltd Phone:(07) 4128 7401 Mobile: 0418 734 078 > Wouldn't it just be easier and more secure to set the machine to a static > IP? > You may need to change the range of static IP addresses - or determine what > it is, but for my money that makes the most sense. I guess so, but I would rather not 'hard wire' anything into the configuration. But I may end up doing so! On 12/7/05, Paul Traina <[EMAIL PROTECTED]> wrote: > > Jim Ford wrote: > > Hoping to solve a NAT problem with my Arureus bittorrent client. I gave > the > > > Or use upnpd.lrp and turn on the UPnP client in Azureus. I understand that there are security issues regarding UPnP. I don't know much about security, so I feel I need to be ultra cautious. I'm acutely aware that one wrong line in the Shorewall rules could blow the door wide open on my firewall! Jim Ford --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ __ NOD32 1.1316 (20051208) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] DNAT rule
Andrew Gray (Gil) wrote: Why not just use the MAC Address and have dhcp always assign that machine the same address. That way all other settings from dhcp will be applied to the machine every time and changes to the settings applied by dhcp will also be picked up by that machine. This method has been working for me for several years now on one of my servers. Just add the following to the end of the /etc/dhcpd.conf and you are away: host computername{ hardware ethernet 00:00:00:00:00:00; fixed-address 192.168.x.x; } Don't forget to change the relevant variables to suit your network first. What is the difference between that and putting the line "dhcp-host=00:50:BF:xx:xx:xx,hannibal,192.168.xxx.xxx" in to /etc/dnsmasq.conf? -M --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
Re: [leaf-user] DNAT rule
Hello Marko, >> host computername{ hardware ethernet 00:00:00:00:00:00; fixed-address >> 192.168.x.x; >> } >> >> >> Don't forget to change the relevant variables to suit your network >> first. >> >> > What is the difference between that and putting the line > "dhcp-host=00:50:BF:xx:xx:xx,hannibal,192.168.xxx.xxx" > in to /etc/dnsmasq.conf? > There is no functional difference, only the different program used to accomplish the same (dhcpd verus dnsmasq). Eric --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/