Page 1 of 1
NAT with csf
Posted: 09 Feb 2011, 22:42
by webbhotell
I try to find solution but I could not find anything that works for me...
Have been usining CSF on some servers and donate some money...
trying to use server as gateway for my local network....
i am not iptables guru...
I have
eth1 connected to internet
eth0 my local network
This work without firewall on:
/sbin/iptables -t nat --flush
/sbin/iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
I have try to put this in csfpre.sh and csfpost.sh (in many combination)...
No way to get it work with CSF...
Any suggestion where to look or what to do...
regards,
Pera
Re: NAT with csf
Posted: 01 Mar 2011, 09:26
by chirpy
Using a csfpost.sh file is the way to go with this. Be sure to read the readme.txt file carefully for instructions on how to use it and check that the rules are being created after csf starts.
Re: NAT with csf
Posted: 24 Oct 2011, 14:00
by cyonch
Did you find a solution using a server as gateway with csf?
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
These rules work without csf, but not with csf in csfpost\.sh or csfpre\.sh...
Any suggestions?
brgds
Re: NAT with csf
Posted: 12 Apr 2012, 14:27
by lorcopotia
Hi, ... I've been testing some configurations in csfpost dot sh and csfpre dot sh to make NAT working but have no positive result. Yes, I read readme dot txt and all that, I do serach in google, etc, etc... but nothing.
Could someone share csfpost/csfpre with working nat config?
Thanks for read this.
Re: NAT with csf
Posted: 15 Apr 2013, 15:53
by waeking
I am having the same results.
Code: Select all
iptables -t nat -L -n -v
Chain POSTROUTING (policy ACCEPT 3029 packets, 185K bytes)
pkts bytes target prot opt in out source destination
5 300 MASQUERADE all -- * * 10.10.0.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.3.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * * 192.168.2.0/24 0.0.0.0/0
7 524 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0
I think there may be a rule that is not allowing traffic to come back from the internet once it has been sent. Has anyone got this to work
Re: NAT with csf
Posted: 15 Apr 2013, 16:06
by waeking
Solved for me at least.
I needed to add:
Code: Select all
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
before my postrouting rules.
Re: NAT with csf
Posted: 30 Jul 2019, 05:02
by vijay62020
Hi Suppor team,
We getting the same issue. We are not able to do telnet to port 443.
When we have stopped the csf it allows to connect but when it is in running state, it don't
Please check and provide the solution.
Thanks
Re: NAT with csf
Posted: 14 Mar 2021, 13:52
by gleffy
I solved this problem using DNAT in
csf.redirect config file.
eth0_src_IP|portA|eth1_dst_IP|portB|tcp/udp