I try to find solution but I could not find anything that works for me...
Have been usining CSF on some servers and donate some money...
trying to use server as gateway for my local network....
i am not iptables guru...
I have
eth1 connected to internet
eth0 my local network
This work without firewall on:
/sbin/iptables -t nat --flush
/sbin/iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
I have try to put this in csfpre.sh and csfpost.sh (in many combination)...
No way to get it work with CSF...
Any suggestion where to look or what to do...
regards,
Pera
NAT with csf
-
webbhotell
- Junior Member
- Posts: 2
- Joined: 09 Feb 2011, 22:34
- Contact:
Re: NAT with csf
Using a csfpost.sh file is the way to go with this. Be sure to read the readme.txt file carefully for instructions on how to use it and check that the rules are being created after csf starts.
Re: NAT with csf
Did you find a solution using a server as gateway with csf?
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
These rules work without csf, but not with csf in csfpost\.sh or csfpre\.sh...
Any suggestions?
brgds
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
These rules work without csf, but not with csf in csfpost\.sh or csfpre\.sh...
Any suggestions?
brgds
-
lorcopotia
- Junior Member
- Posts: 1
- Joined: 12 Apr 2012, 14:09
Re: NAT with csf
Hi, ... I've been testing some configurations in csfpost dot sh and csfpre dot sh to make NAT working but have no positive result. Yes, I read readme dot txt and all that, I do serach in google, etc, etc... but nothing.
Could someone share csfpost/csfpre with working nat config?
Thanks for read this.
Could someone share csfpost/csfpre with working nat config?
Thanks for read this.
Re: NAT with csf
I am having the same results.
I think there may be a rule that is not allowing traffic to come back from the internet once it has been sent. Has anyone got this to work
Code: Select all
iptables -t nat -L -n -v
Chain POSTROUTING (policy ACCEPT 3029 packets, 185K bytes)
pkts bytes target prot opt in out source destination
5 300 MASQUERADE all -- * * 10.10.0.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.3.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.2.0/24 0.0.0.0/0
7 524 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0 Re: NAT with csf
Solved for me at least.
I needed to add:
before my postrouting rules.
I needed to add:
Code: Select all
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT-
vijay62020
- Junior Member
- Posts: 1
- Joined: 30 Jul 2019, 05:00
Re: NAT with csf
Hi Suppor team,
We getting the same issue. We are not able to do telnet to port 443.
When we have stopped the csf it allows to connect but when it is in running state, it don't
Please check and provide the solution.
Thanks
We getting the same issue. We are not able to do telnet to port 443.
When we have stopped the csf it allows to connect but when it is in running state, it don't
Please check and provide the solution.
Thanks
Re: NAT with csf
I solved this problem using DNAT in csf.redirect config file.
eth0_src_IP|portA|eth1_dst_IP|portB|tcp/udp
eth0_src_IP|portA|eth1_dst_IP|portB|tcp/udp
Code: Select all
192.168.1.1|*|10.0.0.1|*|tcp