[Firewall] transparent dnat timeouts

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Thu Mar 19 11:25:39 CET 2009


The DNAT timeout issue is a different issue than your proxy timing out. 
I don't see how those could be related. Transparent proxy shouldn't have 
problems like this, but maybe I'm forgetting something. Please provide 
some firewall logs which shows the issue...

a.

Kwame Boadu wrote:
> Guys,
> 
>     Sorry but what is the soklution to this problem?  I am dying need of 
> help.. transparent proxy timing out....
> 
> On Wed, Mar 11, 2009 at 10:27 PM, John Eikenberry <jae at zhar.net 
> <mailto:jae at zhar.net>> wrote:
> 
>     Arno van Amersfoort wrote:
> 
>      > IMO this solution looks fine. I don't see any real downside of
>     it, and
>      > isn't this what you wanted: having the clients connect to the server
>      > as-if they connect from the outside? I'm even thinking about
>      > implementing this into the dnat plugin too as the concept is pretty
>      > good....
> 
>     It was exactly what I wanted. I had the slight hesitation caused by a
>     comment in the thread I referenced about not logging the real IPs. It
>     didn't really make sense to me at the time given how the packets are
>     routed, but I thought I'd ask about it anyways in case I was missing
>     something.
> 
>     Thanks for affirming the solution as a good one.
> 
>     --
> 
>     John Eikenberry
>     [jae at zhar.net <mailto:jae at zhar.net> - http://zhar.net]
>     [PGP public key @ http://zhar.net/jae_at_zhar_net.gpg]
>     ______________________________________________________________
>     "Perfection is attained, not when no more can be added, but when no more
>      can be removed." -- Antoine de Saint-Exupery
> 
>     -----BEGIN PGP SIGNATURE-----
>     Version: GnuPG v1.4.9 (GNU/Linux)
> 
>     iEYEARECAAYFAkm4LLEACgkQMVBeMLjc14JgeACg2PnCYqPMu44lBC/4/o7bt+tk
>     x/sAn0D4qteUNLghkp4DPSeYCyB+iZ//
>     =29wH
>     -----END PGP SIGNATURE-----
> 
>     _______________________________________________
>     Firewall mailing list
>     Firewall at rocky.eld.leidenuniv.nl
>     <mailto:Firewall at rocky.eld.leidenuniv.nl>
>     http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>     Arno's (Linux IPTABLES Firewall) Homepage:
>     http://rocky.eld.leidenuniv.nl
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
Arno van Amersfoort
E-mail    : arnova at rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list