I startup five Services in my Zorp: http,ftp,telnet,finger,ssh(by plug), its work fine all, now I want to add a global SNAT rules for the five Servies but no sample I can found, how do I write my snat rules? any help will be appreciate! //ZhouLi
On Sat, 2005-09-24 at 17:12 +0800, Zhou Li wrote:
I startup five Services in my Zorp: http,ftp,telnet,finger,ssh(by plug), its work fine all, now I want to add a global SNAT rules for the five Servies but no sample I can found, how do I write my snat rules? any help will be appreciate!
A simple sample :) Put this somwhere before your instance definitions: NATPolicy(name="NatName", nat=GeneralNAT( mapping=((InetDomain(addr="1.1.1.1/32"), InetDomain(addr="2.2.2.2/32")),))) You can use it at any service later: Service("servicename", MyProxy, TransparentRouter(forge_addr=TRUE), snat_policy="NatName") MCS
Thank you, MCS! It worked, but I have one more question for NAT, if I want to : from aa to bb then snat aa to source cc, just like netfilter snat rule, iptables -t nat -A POSROUTING -s aa -d bb -j SNAT --to-source cc, how to write the snat rule for zorp? ZhouLi ----- Original Message ----- From: "Major Csaba" <major@balabit.hu> To: "Zorp users mailing list" <zorp@lists.balabit.hu> Sent: Sunday, September 25, 2005 23:51 Subject: Re: [zorp] SNAT
_______________________________________________ zorp mailing list zorp@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/zorp
Thank you, MCS! It worked, but I have one more question for NAT, if I want to : from aa to bb then snat aa to source cc, just like netfilter snat rule, iptables -t nat -A POSROUTING -s aa -d bb -j SNAT --to-source cc, how to write the snat rule for zorp? ZhouLi ----- Original Message ----- From: "Major Csaba" <major@balabit.hu> To: "Zorp users mailing list" <zorp@lists.balabit.hu> Sent: Sunday, September 25, 2005 23:51 Subject: Re: [zorp] SNAT
_______________________________________________ zorp mailing list zorp@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/zorp
I am looking for a integrated nat rule example including source ip address, destination ip address and nat ip address, just like iptables nat rule. iptables -t nat -A POSTROURINT -s 192.168.88.1 -d 192.168.99.1 -j SNAT --to-source 192.168.100.1 any example will be appreciate. //ZhouLi
On Tue, 2005-10-11 at 14:26 +0800, Zhou Li wrote:
I am looking for a integrated nat rule example including source ip address, destination ip address and nat ip address, just like iptables nat rule. iptables -t nat -A POSTROURINT -s 192.168.88.1 -d 192.168.99.1 -j SNAT --to-source 192.168.100.1 any example will be appreciate.
the GeneralNAT class is symmetric and transforms a single side only, and as it stands it cannot perform a transformation based on the IP address of the other side. It could be implemented however with a specialized NAT class. See the examples in NAT.py -- Bazsi
does zorp 3.0.6 support the specialized NAT class you mentioned? I can't found the such example in NAT.py. ----- Original Message ----- From: "Balazs Scheidler" <bazsi@balabit.hu> To: "Zorp users mailing list" <zorp@lists.balabit.hu> Sent: Tuesday, October 11, 2005 16:32 Subject: Re: [zorp] NAT issue
On Tue, 2005-10-11 at 14:26 +0800, Zhou Li wrote:
I am looking for a integrated nat rule example including source ip address, destination ip address and nat ip address, just like iptables nat rule. iptables -t nat -A POSTROURINT -s 192.168.88.1 -d 192.168.99.1 -j SNAT --to-source 192.168.100.1 any example will be appreciate.
the GeneralNAT class is symmetric and transforms a single side only, and as it stands it cannot perform a transformation based on the IP address of the other side.
It could be implemented however with a specialized NAT class. See the examples in NAT.py
-- Bazsi
_______________________________________________ zorp mailing list zorp@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/zorp
participants (3)
-
Balazs Scheidler
-
Major Csaba
-
Zhou Li