c******n
发帖数: 4965 | 1 but here's what I dont' understand:
I checked the packets in wireshark.
the first packet sent out by client is REAL_IP_OF_CLIENT_BOX to 127.0.0.1
I thought according to the tutorial http://www.frozentux.net/iptables-tutorial/images/tables_traverse.jpg
after DNAT changes the dest IP, it goes through another routing decision, so
at this step it should be set to the lo interface, so MASQUERADE should set
its source to be 127.0.0.1 ???
also wireshark shows that the return ip is $EXTERNAL_BOX_IP to ... 阅读全帖 |
|
c******n
发帖数: 4965 | 2 just run this on your linux box,
################################
# following is yahoo.com address
EXTERNAL_BOX_IP=67.195.160.76
PORT=10000
sudo iptables -t nat -F
sudo iptables -t nat -A OUTPUT -d $EXTERNAL_BOX_IP -p tcp --dport $PORT -j
DNAT --to-destination 127.0.0.1
sudo iptables -t nat -A POSTROUTING -p tcp --dport $PORT -j MASQUERADE
###############################
then do nc -l 10000
as a fake server
then do nc 67.195.160.76 10000
and type a bunch of characters
you will see that the... 阅读全帖 |
|
c******n
发帖数: 4965 | 3 yes, I only care about my tests on the local box.
the script is used in the context of JMX, please see my previous JMX post.
what I don't understand is basically how kernel is able to properly route
the response packet. it's probably easier to use a plain NAT example.
let's say my box is in a private network ,
my_box 192.168.1.2
||
||
\ /
\/
gateway_box 192.168.1.1 , public_ip : 111.222.333.888
||
||
\ /
\/
yahoo.com 111.222.333.444
on a regular NAT case, my_box sends to yahoo.com, the packe... 阅读全帖 |
|
c******n
发帖数: 4965 | 4 looks my guess is right
http://en.wikipedia.org/wiki/Network_address_translation#NAT_an
"
To avoid ambiguity in the handling of returned packets, a one-to-many NAT
must alter higher level information such as TCP/UDP ports in outgoing
communications and must maintain a translation table so that return packets
can be correctly translated back. RFC 2663 uses the term NAPT (network
address and port translation) for this type of NAT. Other names include PAT
(port address translation), IP masquerading... 阅读全帖 |
|
c******n
发帖数: 4965 | 5 【 以下文字转载自 Java 讨论区 】
发信人: creation (努力自由泳50m/45sec !), 信区: Java
标 题: trick to use JMX on EC2
发信站: BBS 未名空间站 (Fri Sep 16 01:46:21 2011, 美东)
many java applications are written as JMX MBeans
but EC2 presents many problems for JMX
1) normally you have only port 22 open, changing security group is a hassle
if you are just debugging for one shot.
2) the second port used by JMX is determined dynamically, so you don't know
which port to open
3) JMX is going to figure out the *internal* ip of EC2 and le... 阅读全帖 |
|
j*a
发帖数: 14423 | 6 hosta# echo 1 > /proc/sys/net/ipv4/ip_forward
hosta# iptables -t nat -A POSTROUTING -j MASQUERADE
hostb# ip ro add default via
hostb# echo 4.2.2.2 >> /etc/resolv.conf
share |
|
r*****e
发帖数: 8 | 7 i guess your router should not be a http proxy only since it was so-called
'router', it should has ip masquerading/forwarding
connect your notebook to a free port on the router, try ssh via the wired link
if ok then wireless link problem => try to switch different encryption
setting
else maybe your corp server has trusted host configuration => add you
notebook in the list |
|
c******n
发帖数: 4965 | 8 I guess you have to set up you own dns server
in your home network---- the PC+Solaris,
for a router, it just do "IP masquerading" or NAT,
I doubt it has ability to do DHCP,
so you can set up DHCP on solaris, then each machine gets a
local IP automatically,
well, I suggest that you check the IP on PC, it must be a real
internet IP now, not a local IP, because you connect it directly
to modem, time-warner only allows one ip for each modem unless you pay
more.
the other way would be to directly set |
|
w*********s
发帖数: 2136 | 9 Jeffry John Aufderheide
vactruth.com
05/25/2010
http://vactruth.com/2010/05/25/vaccines-rockefeller-social-control/
PART I.
History books proclaim with absolute certainty that the pinnacle of public
health is defined by the polio vaccine program. Disease finally conquered by
science. The polio effort was a benchmark for the public to mentally accept
the concept “shots prevent disease.” However, hidden to most Americans
was an elaborate Public Relations scheme being carefully applied by
Rockefell... 阅读全帖 |
|
p*****m
发帖数: 7030 | 10 http://www.sciencemag.org/content/331/6019/834.full
每个人给2300万刀?一年10个?这帮人没睡醒吧。。。
High-Priced Recruiting of Talent Abroad Raises Hackles
1. Hao Xin
How much would it take to get you to relocate to China? Would 150 million yu
an ($23 million) do the trick? If so, pack your bags—if you are a Nobel lau
reate, that is. Science has learned that the Chinese government will soon an
nounce a new initiative to lure up to 10 winners of prestigious inter nation
al science prizes—including the Nobel Prize—... 阅读全帖 |
|
c**d
发帖数: 3888 | 11 如果去的法学院不是 Top-14,甚至不是 Top 50,没有很强的 patent 背景,希望你们
能避免弯路。下面的故事读起来像小说,但是我可以告诉你们,非常现实。
http://www.autoadmit.com/thread.php?thread_id=1905801&forum_id=2#20761498
In a couple short weeks, a new wave of hapless lemmings will crack open the
shrinkwrap on those heinously overpriced casebooks, boot up their laptops
for some heated note-taking, and commence their voyage down the road of
America’s most overrated, miserable, and saturated industry: the practice
of law. A pompous, overpaid professor will sau... 阅读全帖 |
|
w*********s
发帖数: 2136 | 12 Jeffry John Aufderheide
vactruth.com
05/25/2010
http://vactruth.com/2010/05/25/vaccines-rockefeller-social-control/
PART I.
History books proclaim with absolute certainty that the pinnacle of public
health is defined by the polio vaccine program. Disease finally conquered by
science. The polio effort was a benchmark for the public to mentally accept
the concept “shots prevent disease.” However, hidden to most Americans
was an elaborate Public Relations scheme being carefully applied by
Rockefell... 阅读全帖 |
|
m****s
发帖数: 18160 | 13 ☆─────────────────────────────────────☆
whiteclouds (/ 参考消息 /) 于 (Tue Mar 22 18:47:29 2011, 美东) 提到:
投诉人: Whiteclouds
投诉对象:我爱宝宝版主mitbbx及版副catdoudou
投诉标题:投诉我爱宝宝版主mitbbx及版副catdoudou大搞新闻网禁误导广大家长
投诉目标:罢免
投诉理由:
1. 事关每个人身心健康。你们凭什么封禁医药界的负面消息和非主流消息?
2. 关于疫苗利弊的讨论早已进入主流媒体了。你凭什么不让大家看到?
3. 药品(包括疫苗)近年屡有recall. 你凭什么禁止有关信息来误导家里有小宝宝的父母去盲目迷信药品质量?
4. 美加庸医遍地都是,医疗事故屡见不鲜。你凭什么制造版面气氛让家长对处方和诊断不过脑子的去盲信?
5. 凡事要听多方面意见,有点科学精神,你们动辄删贴封人缺乏领导版面的基本素质
6. 为人父母要首先自己要学会尊重不同意见,不然以后怎么教育好孩子?
7. 综上所述,建议罢免!
发信人: whiteclouds (/ 参考消息... 阅读全帖 |
|
s******v
发帖数: 477 | 14 Masqueraders in dermatology:
Onychomycosis vs nail psoriasis
Dermatitis or mycosis fungoides ( T cell lymphoma)
Rocacea vs Lupus
Steroid dermatitis/Acne
Furuncle vs carbuncle
Carbuncle vs Hidradenitis suppuritiva ( Myth for hidradenitis, it is not due
to poor hygiene, excess androgens, deodorants, antiperspirants, shaving,
bacterial infection. It can have 2nd bacterial infection. Obesity and
smoking are not causative but exacerbate)
Solar lentigo vs Lentigo Maligna
Asteatotic dermatitis vs scabi... 阅读全帖 |
|
o**********e
发帖数: 18403 | 15 1. National Prime Time Apology acknowledging the Blame-China-For-Every-
Bad-Thing undertone of the original question and the consequent "solution"
suggested by the kid was unacceptable entertainment material for airing.
Apology has to address our core concerns of racist bias and violent hate
speech, masquerading as "jokes".
http://www.mitbbs.com/article_t/CivilSociety/551.html
2. Kimmel has to either a) be fired or b) has to wear a Panda t-shirt (with
"Chinese" prominently printed) on air for... 阅读全帖 |
|
e***y
发帖数: 1152 | 16 关于那个hotspot via vpn, 大体上我们有需要运行类似这样的脚本
iptables -t filter -F FORWARD
iptables -t nat -F POSTROUTING
iptables -t filter -I FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
ip rule add from 192.168.42.0/24 lookup 61
ip route add default dev tun0 scope link table 61
ip route add 192.168.42.0/24 dev rndis0 scope link table 61
ip route add broadcast 255.255.255.255 dev rndis0 scope link table 61
来实现。我记得你搞过一个一键运行的widget, 可那个链接失效了, 可否再贴一次?
目前运行很麻烦, 要开terminal,然后su,再cd, 在sh。。。
: 我自己还没... 阅读全帖 |
|
S********0
发帖数: 5749 | 17
确定不是zoom in 加 masquerade的结果? |
|
y****z
发帖数: 1635 | 18 "Demons"
When the days are cold
And the cards all fold
And the saints we see
Are all made of gold
When your dreams all fail
And the ones we hail
Are the worst of all
And the blood’s run stale
I wanna hide the truth
I wanna shelter you
But with the beast inside
There’s nowhere we can hide
No matter what we breed
We still are made of greed
This is my kingdom come
This is my kingdom come
When you feel my heat
Look into my eyes
It’s where my demons hide
It’s where my demons hide
Don’t get too close
... 阅读全帖 |
|
|
|
|
m*********k
发帖数: 10521 | 22 成功奖励 20 伪币的用户:
sinanchina, stratifin, fishing, nanocam, zenohuang, thex, benchmark,
cloudbluesky, goergetown, brucebrucexu, getitforfun, mylon, webornot,
jiayingzi, obamasdad, needbreak, zlight, castroite, richardji, milkswan, atu
, huge999, taizong, huaimao1124, mua, cookiejar, jekky, vanmark,
FunnyFishing, lavaice, google2005, qwxqwsean, panzerkiller, singlebear,
redrivermoon, lavaice, shuang, fish888, brucebrucexu, backdoor, Tagore
奖励版面:(Food)20伪币成功
奖励版面:(gardening)20伪币成功
奖励版面:(GunsAndGears)2... 阅读全帖 |
|
