Bridge Connection

Similar Messages

• How to change the NAT type to Open on a Imac using bridged connections

  Hey everyone I have a problem. I play xbox live with my friends and i just moved and dont have a wireless adapter anymore. so i have bridged connections with my imac and xbox via ethernet. It works perfectly, but the only problem is that when i connect it say that my NAT type is strict. To play with all my friends i need a open NAT type. Does anyone know how to make the NAT type on the Imac open. And i do have a D-link router model DIR-625. When i called D-link they said to port forward, i did and it still didnt work, they said it must be the fire wall on the mac, microsoft said the same thing, that it might be the fire wall. I checked the fire wall and it said "All Incoming connections are allowed".
  I would really much appreciate it if someone helped me. Thank you!

  Yes, most likely. Microsoft has provided a list of XBox LIVE!-compatible routers. Since the OS X Internet Sharing feature is limited, there is no way to configure port mapping or placing the XBox in a DMZ with it. Typically, you either use a compatible router or configure port mapping/DMZ for non-compatible routers.

• T43 2687-d3u bsod determined to be short in bridge connecting hdd to mobo now what?

  Greetings,
  So I got the BSOD. Initially thought my hdd died. Purchased a new hdd, still no luck. Determined that the bridge connecting the hdd to the motherboard is loose, presumably from holding the laptop with only 1 hand on the right side of the mouse pad. Now trying to determine my cheapest option. 1 suggestion was to boot off of a external hard drive, but then I loose the portability or make it far more cumbersome.  Another suggestion was to replace the motherboard. Does anyone know if the motherboard in a 15.1inch is the same size and the motherboard in my 14.1inch? Any help/suggestions would be greatly appreciated.
  Regards,
  Ryan

  or you can use the ultrabay as your main hdd compartment, with a ultrabay slim hdd adapter.
  Regards,
  Jin Li
  May this year, be the year of 'DO'!
  I am a volunteer, and not a paid staff of Lenovo or Microsoft

• JDBC ODBC bridge connections using 2.1.1

  Hi,
  I have reviewed a lot of postings related to JDBC and third party drivers and understand how to connect to the packaged drivers such as MySQL and MS SQL Server/Sybase. Where I'm stuck is the reference in the Connections help to JDBC. We have a ODBC system DSN that's not part of the existing JDBC drivers. The help implies it's possible to create a JDBC:ODBC bridge connection and that JDBC:ODBC bridge functionality is part of the JDK therefore should not require additional jar files. However, the JDBC tab is not an available connection type by default. I traced the JDBC ODBC bridge to the rt.jar and tried adding that to the third party extensions but that has not resulted in the JDBC tab becoming available.
  Is the JDBC tab only available when using commercial JDBC ODBC bridge drivers ?
  For all other connections (DB2, TimesTen, Teradata etc) the help is very specific about which jar files you need and any other requirements but the JDBC section it is unclear how you enable JDBC connectivity.
  Thanks
  Steven
  Edited by: slisint on 14-Jan-2011 18:07

  We are using the JDBC-ODBC bridge to do a prepared
  statement. I have seen other bugs that suggest this
  is problematic with older version of JRE, but was
  supposedly fixed in later versions.
  java.sql.SQLException: General errorIf it is not too late, check the following link:
  http://java.sun.com/j2se/1.3/docs/guide/jdbc/getstart/GettingStartedTOC.fm.html
  Sections 6.1.3 and 8 (especially tables at the end).
  I had the same case, and the problem was that the field in the Oracle database was defined as NUMBER(4), witch is equivalent to INTEGER in JDBC types, and function setInt should be used with INTEGER, instead of setLong.
  This is explained in sections I mentioned.

• 3 way SLI bridge connection works with only 2 GPU's

  NF980=G65 Mobo.
   I've read at least one post here a while back about somebody having a problem with a jumpy or flashing screen when in SLI mode with 2 GPU's.  He stated that he tried using 2 ribbon connections & that fixed the problem.
   Well, I'd like to report that I have 2 GTX 260 GPU's installed in SLI mode & they each have 2 ribbon connections.
   This made me wonder if I can use the solid 3 way SLI bridge connection instead of only one ribbon.
  Answer= Yes,, it works,, & it seems that I do have a faster transfer rate when I swap pages from one page to another.
   Example. When I play my favorite online games I always use Ventrilo or Teamspeak2 VOIP applications to talk to my friends & team mates during game play. If I need to see who is on Ventrilo, I use the windows key to swap or change the screen back & forth from the game screen to the Ventrilo screen. I notice that the transfer rate or the time it takes to change screens is almost instant using the 3 way SLI bridge with my 2 duel ribbon connection GTX 260's. Try it if you have GPU's like this. You'll see.  Happy gaming

  Thanks for reporting your findings.   

• [SOLVED]bridge connection to container with static IP

  I have been messing for many days now trying to do a clean setup for a bridge br0 for a linux container managed with systemd-nspawn.
  I run a custom kernel (as I need user space set) 3.13.5-1, systemd-git. The container boots fine. This container is a test server and so aimed at various network services, basically http, ftp, ssh,smtp. This will then be bind to a domain name. Thus I need to "cleanly" separate the container network traffic from my host network one. My idea is then to give each one a specific static IP.
  First question : is it correct to give two IP on the same network or shall I create a sub-network for the container ? (I am looking for a simple configuration).
  I loaded the needed iptable modules as they are not loaded at boot.
  $ lsmod
  iptable_nat
  ip_tables
  iptable_filter
  Now on the host, dhcpcd.service is disabled, iptables is enabled, and here is my netctl profile:
  Description='hortensia static ethernet connection'
  Interface=enp7s0
  Connection=ethernet
  IP=static
  Address=('192.168.1.87/24')
  Gateway='192.168.1.254'
  DNS=('212.147.10.180' '212.147.10.162')
  network is ok. Below some command outputs:
  gabx@hortensia ➤➤ ~ % ip addr
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  valid_lft forever preferred_lft forever
  2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
  link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
  inet 192.168.1.87/24 brd 192.168.1.255 scope global enp7s0
  valid_lft forever preferred_lft forever
  gabx@hortensia ➤➤ ~ % route
  Kernel IP routing table
  Destination Gateway Genmask Flags Metric Ref Use Iface
  default dsldevice.lan 0.0.0.0 UG 202 0 0 enp7s0
  192.168.1.0 * 255.255.255.0 U 202 0 0 enp7s0
  hortensia.lan localhost.local 255.255.255.255 UGH 202 0 0 lo
  gabx@hortensia ➤➤ ~ # iptables -nvL --line-numbers
  Chain INPUT (policy ACCEPT 90 packets, 18862 bytes)
  num pkts bytes target prot opt in out source destination
  Chain FORWARD (policy DROP 0 packets, 0 bytes)
  num pkts bytes target prot opt in out source destination
  Chain OUTPUT (policy ACCEPT 91 packets, 18210 bytes)
  num pkts bytes target prot opt in out source destination
  Now things start to be messy when I want to start the bridge netctl profile
  Description="Bridge connection to container"
  Interface=br0
  Connection=bridge
  BindsToInterfaces=(enp7s0)
  IP=static
  Adress=('192.168.1.94/24')
  when I start this profile, this leave me with a broken network and I can not browse the web. Below some command outputs:
  gabx@hortensia ➤➤ ~ % ip addr
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
  link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  inet 127.0.0.1/8 scope host lo
  valid_lft forever preferred_lft forever
  2: enp7s0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
  link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
  8: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
  link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
  gabx@hortensia ➤➤ ~ % route
  Kernel IP routing table
  Destination Gateway Genmask Flags Metric Ref Use Iface
  Why can't I see the br0 and enp7s0 IP in the $ ip addr command output ?
  I tried some other profiles, but it didn't change. I tried : BindsToInterface0(); adding Gateway and DNS
  Some user tolde me on the mailing 
  Leonid Isaev wrote:* Populate the iptables FORWARD chain to route traffic from your physical
  interface to the bridge and back.
  but I am not sure how to do this.
  Thank you for some help as I already spent days and days on this issue.
  Last edited by gabx (2014-02-28 18:26:07)

  After playing with many netctl profiles in many orders, I found that the bridge profile has to started first and not bind to Ethernet device.
  The two following profiles do the job :
  /etc/netctl/bridge-hortensia
  Description="Bridge connection to container"
  Interface=br0
  Connection=bridge
  BindsToInterfaces=()
  IP=no
  SkipNoCarrier=yes
  /etc/netctl/static-hortensia
  Description='hortensia static ethernet connection'
  Interface=enp7s0
  Connection=ethernet
  After=(bridge-hortensia)
  IP=static
  Address=('192.168.1.87/24')
  Gateway='192.168.1.254'
  DNS=('212.147.10.180' '212.147.10.162')

• WRT54GS router to WET54G bridge question, bridge connect to a wired router?

  Hello Everyone,
  I have a Wireless-G LAN set up using a WRT54GS router.  The existing wireless devices on the LAN are 2 PCs, a TiVo unit (using the TiVo wireless adapter), and 2 WET54G wireless bridges.  One bridge connects by ethernet wire to a LAN printer.  The other bridge connects by ethernet wire to a Sony BDP-S550 Blu-Ray player.
  The security is WPA2-AES.  so far all of that works OK, believe it or not, though I grew a lot older making it happen.
  Now here's what I'd like to do: I'd like to add another wired LAN device where the second WET54G bridge connects to the Blu-Ray player.  The bridge only has one ethernet wire connection, so I have to come up with some other way to get the two devices connected to the wireless LAN.
  I have two other LinkSys devices kicking around here that I can use.  One is a BEFSR41 wired Router.  The other is a WAP54G wireless Access Point.   If I can use one or both of those somehow, I won't have to buy another device.  That's the agenda so far.
  Right now it looks like this:
  WRT54GS Router wireless to WET54G Bridge wire to WAN input of BEFSR41 Router wires to the two LAN devices.
  I'm having trouble making this work, assuming it can even be done.  Can I get this config to work, or do I have to add the Access Point where the bridge is now, or.... ?
  Thanks for your time,
  Big Al Mintaka
  Solved!
  Go to Solution.

  You already have a network working with your existing devices. What you are trying to include in your network is possible and can be done. Instead of connecting the cable from the WET54G to the WAN port on the router, connect the cable the LAN port on the router. Disable the DHCP  and change the lan ip in the range of your existing network. It should work.

• Is Leap supported on a point to point bridge connection within the 350?

  Is Leap supported on a point to point bridge connection within the 350?

  Yes...
  http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350brdgs/brscg/br350ch4.htm

• Bridge Connection Drops & Wont Reconnect

  So, I totally love the PlayBook and think the Bridge concept is awesome! 
  I've been having a consistent problem where the Bridge connects and works fine.  Then when I wake up in the morning there is no Bridge connection and fails to reconnect.  I've found if I uninstall Bridge and reinstall there is no issue with connecting then, but I grow tired of this routine.    Any ideas?  I have a Curve 8520 on v5.0.0.900 and the PlayBook is on 1.0.3.1868 and I appreciate any advice.
  Thanks!

  Do you have more than one Bluetooth device paired with your BlackBerry?

• Bridge connection to 9900

  afternoon
  i hav recently got  a 16gb playbook and a bold 9900, he bridge connection works however i cant access any of the files on my 9900 but can go right into the phone to & mem card folders but it wont show any files and also when it gives you how big the folder is all it says s "0 bytes".
  PLEASE HELP

  Have you asked in the Bridge forum? Bridge General Discussion
  This forum is about the Cloud as a delivery process, not about using individual programs
  If you start at the Forums Index https://forums.adobe.com/welcome
  You will be able to select a forum for the specific Adobe product(s) you use
  Click the "down arrow" symbol on the right (where it says All communities) to open the drop down list and scroll

• Can i use my playbook as a GPS without wifi niether bridge connection?

  can i use my playbook as a GPS without wifi niether bridge connection?
  please help me!!!
  Solved!
  Go to Solution.

  @vanawful, the GPS capability comes from the TI WiLink 7 chip (WL-1283) that provides all the wireless capabilities for the WiFi-only PlayBook.
  Although the jury's still out on whether different units may behave differently, so far it appears likely every unit *can* work, under the right conditions, but problems in the software (OS level) or possibly in the chip itself (nobody's saying yet) mean that it's quite unreliable.
  There is no need to have WiFi enabled for it, and I've used the GPS frequently now with WiFi off and no nearby hotspots, no tethering (I don't even have a smartphone), and just the GPS running.
  If you pick a clear day (i.e. no big rain clouds off to the south, etc), are out in the open without buildings or other things blocking the view of the sky, make certain you are not covering up the lower-right corner of the PlayBook where it appears the GPS antenna is, run the Compass app, and let it sit for 5-10 minutes (if this is your first time using it) so it can find and download ephemeris data from each satellite, you should see it start reporting lat/long positions after that.
  If you do this, and it doesn't work, try again. Then try again. Maybe try another time. Preferably do this on different days too, and possibly after a reboot. Yes, it appears to be that flaky sometimes...
  I've written my own GPS recording app (no fancy map... just records the readings) and done numerous tests at this point. The readings, when they arrive, are generally exceptionally good. The main problem is getting them to actually arrive and, so far, I've found nothing that can force the issue. Even with my own app, I sometimes have to start it up and leave it alone for some minutes, 4-5 times, before I get the first reading, and there are days I've just given up and moved on. The next day it will simply work. It's largely random.
  The three single biggest things you need to remember to get any readings: be outdoors away from big buildings, don't pick a heavily overcast day, and do NOT hold the unit with your right hand covering the bottom right corner (when held in the default landscape orientation with the cameras on top, that is).
  Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
  Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!

• PPM 9.1.1 Bridge connection issues

  Hi!
  I have a PPM 9.1.1 environment with a PPM Bridge connection to a SQL MS Project server environment to retrieve schedule data.  I have the Bridge Extender installed on the Project server, and I have all the Bridge Server Setting correct in the Tools->Bridge section in PPM.  When I try to test the connection I get "Primavera P6 Bridge is not installed on the P6 server."  We do not have P6 installed, so not sure why I'm getting that error.
  Thanks,
  Uthan

  As an update, in case someone runs into the same issue, this has now been brought to Oracle support to the Developing team for OPPM. They believe it might be a glitch with the app, so they will try to resolve and send a patch.  I'll again update when I hear something.

• Site to site vpn for multipoint bridged connection

  I have a point to multipoint wireless bridge connection that the customer wants to secure with an ASA 5505 at each location. Keep in mind that each remote is just an extension of the host network, all on the same IP range.
  I was thinking that I could just setup an ipsec tunnel to each location from the host. Every example I see uses a different IP range for each location.
  My question is, is that possible and how would I do that?

  No, the ASA can't bridge across IPSec VPN connections (I don't believe any IPSec implementation by any vendor directly supports bridging), so I don't think there's an easy solution. If you had IOS routers you could configure bridging across GRE tunnels, even that's not supported by Cisco so you'd still be pushing your luck a little bit. Probably the best solution would be to just bite the bullet, re-address the remote sites, and configure traditional site-to-site VPNs. You could try to get fancy and do NAT across the VPNs so that all the remote hosts would appear to be on the same subnet as the main site, but I think you'd just be asking for trouble doing that.

• Bridge connection problem.

  I'm trying to connect a bridge connection between my laptop and USB connected android phone using this guide:
  http://blog.mycila.com/2010/06/reverse- … id-22.html
  My internet interface is wlan0, not eth0.
  However, I run into problem:
  $ sudo ifconfig wlan0 0.0.0.0
  $ sudo ifconfig usb0 0.0.0.0
  $ sudo brctl addbr br0
  $ sudo brctl addif br0 wlan0
  can't add wlan0 to bridge br0: Operation not supported
  I also tried doing it this way:
  On PC:
  sudo ifconfig usb0 192.168.42.1
  # enable routing
  sysctl net.ipv4.ip_forward=1
  # enable nat
  iptables -t nat -I POSTROUTING -s 192.168.42.129 -j MASQUERADE -o wlan0
  And issue this command on the phone:
  route add -net default gw 192.168.42.1
  But I can't even ping localhost from the phone
  # ping 192.168.42.129
  PING 192.168.42.129 (192.168.42.129) 56(84) bytes of data.
  ^C
  --- 192.168.42.129 ping statistics ---
  161 packets transmitted, 0 received, 100% packet loss, time 160105ms
  # ping localhost
  PING localhost (127.0.0.1) 56(84) bytes of data.
  ^C
  --- localhost ping statistics ---
  4 packets transmitted, 0 received, 100% packet loss, time 2999ms
  # busybox ping localhost
  PING localhost (127.0.0.1): 56 data bytes
  Last edited by Lockheed (2013-01-28 11:37:21)

  Ok, so here's my conf:
  # You should put this config-file in /etc/arno-iptables-firewall/ #
  # --------------------------- Configuration file ------------------------------
  # -= Arno's iptables firewall =-
  # Single- & multi-homed firewall script with DSL/ADSL support
  # (C) Copyright 2001-2012 by Arno van Amersfoort
  # Co-authors : Lonnie Abelbeck & Philip Prindeville
  # Homepage : http://rocky.eld.leidenuniv.nl/
  # Freshmeat : http://freshmeat.net/projects/iptables-firewall/?topic_id=151
  # Email : arnova AT rocky DOT eld DOT leidenuniv DOT nl
  # (note: you must remove all spaces and substitute the @ and the .
  # at the proper locations!)
  # This program is free software; you can redistribute it and/or
  # modify it under the terms of the GNU General Public License
  # version 2 as published by the Free Software Foundation.
  # This program is distributed in the hope that it will be useful, but WITHOUT
  # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  # more details.
  # You should have received a copy of the GNU General Public License along with
  # this program; if not, write to the Free Software Foundation Inc., 59 Temple
  # Place - Suite 330, Boston, MA 02111-1307, USA.
  # External (internet) interface settings #
  # The external interface(s) that will be protected (and used as internet
  # connection). This is probably ppp+ or dsl+ for non-transparent(!) (A)DSL
  # modems otherwise it's probably "ethX" (eg. eth0). Multiple interfaces should
  # be space separated.
  EXT_IF="eth0 wlan0"
  # Enable if THIS machines (dynamically) obtains its IP through (IPv4) DHCP
  # and/or (IPv6) DHCPv6 (from your ISP)
  EXT_IF_DHCP_IP=1
  # (EXPERT SETTING!) Here you can specify your external(!) IPv4 subnet(s). You
  # should only use this if you for example have a corporate network and/or
  # running a DHCP server on your external(!) interface. Home users should
  # normally NOT touch this setting. Multiple subnets should be space separated.
  # Don't forget to specify a proper subnet masker (eg. /24, /16 or /8)!
  #EXTERNAL_NET=""
  # (EXPERT SETTING!) Here you can specify the IPv4 address used for broadcasts
  # on your external subnet. You only need to set this option if you want to use
  # the BROADCAST_XXX_NOLOG variables AND you use a non-standard broadcast
  # address (not *.255.255.255, *.*.255.255 or *.*.*.255)! So normally leaving
  # this empty should work fine. Multiple addresses should be space separated.
  #EXT_NET_BCAST_ADDRESS=""
  # Enable this if THIS MACHINE is running an IPv4 DHCP(BOOTP) server for a subnet
  # on the external(!) interface. Note that you don't need this for internal
  # subnets, as for these nets everything is accepted by default. Don't forget to
  # configure the EXTERNAL_NET variable, to make this work. (IPv4 Only)
  EXTERNAL_DHCP_SERVER=0
  # Enable this if THIS MACHINE is running an IPv6 DHCPv6 server for a Link-Local
  # address on the external(!) interface. Note that you don't need this for internal
  # subnets, as for these nets everything is accepted by default. (IPv6 Only)
  EXTERNAL_DHCPV6_SERVER=0
  # Internal (LAN) interface settings #
  # Specify here your internal network (LAN) interface(s). Multiple(!) interfaces
  # should be space separated. Remark this if you don't have any internal network
  # interfaces. Note that by default ALL traffic is accepted from these
  # interfaces.
  INT_IF="usb0 usb1"
  # Specify here the internal IPv4 subnet(s) which is/are connected to the
  # internal interface(s). For multiple interfaces(!) you can either specify
  # multiple subnets here or specify one big subnet for all internal interfaces.
  # Note that this variable is mainly used for antispoofing.
  INTERNAL_NET="10.1.3.0/24"
  # Set this variable to 0 to disable antispoof checking for the internal nets
  # (EXPERT SETTING!)
  INTERNAL_NET_ANTISPOOF=1
  # (EXPERT SETTING!) Here you can specify the IPv4 address used for broadcasts
  # on your internal subnet. You only need to set this option if you want to use
  # the MAC filter AND you use a non-standard broadcast address
  # (not *.255.255.255, *.*.255.255 or *.*.*.255)! So normally leaving
  # this empty should work fine. Multiple addresses (if you have multiple
  # internal nets) should be space separated.
  #INT_NET_BCAST_ADDRESS=""
  # DMZ (aka DeMilitarized Zone) settings #
  # Put in the following variable the network interfaces that are DMZ-classified.
  # You can also use this interface if you want to shield your Wireless network
  # from your LAN.
  DMZ_IF=""
  # Specify here the subnet which is connected to the DMZ interface (DMZ_IF).
  # For multiple interfaces(!) you can either specify multiple subnets here or
  # specify one big subnet for all DMZ interfaces.
  DMZ_NET=""
  # Set this variable to 0 to disable antispoof checking for the dmz nets
  # (EXPERT SETTING!)
  DMZ_NET_ANTISPOOF=1
  # NAT (Masquerade, SNAT, DNAT) settings (IPv4 only!) #
  # Enable this if you want to perform NAT (masquerading) for your internal
  # network (LAN) (eg. share your internet connection with your internal
  # net(s) connected to eg. INT_IF)
  NAT=1
  # (EXPERT SETTING!) In case you would like to use SNAT instead of
  # MASQUERADING then uncomment and set the IP or IPs here of your static
  # external address(es). Note that when multiple IPs are specified, SNAT
  # multiroute is enabled (load balancing over multiple external (internet)
  # interfaces, check the README file for more info). Note that the order of IPs
  # should match the order of interfaces (they belong to) in $EXT_IF!
  #NAT_STATIC_IP="193.2.1.1"
  # (EXPERT SETTING!) Use this variable only if you want specific subnets or
  # hosts to be able to access the internet. When no value is specified, your
  # whole internal net will have access. In both cases it's obviously only
  # meaningful when NAT is enabled. Note that you can also use this variable if
  # you want to use NAT for your DMZ.
  NAT_INTERNAL_NET="$INTERNAL_NET"
  # (EXPERT SETTING!) Enable this if you want to be able to redirect local ports
  # or protocols on your gateway using NAT forwards.
  NAT_LOCAL_REDIRECT=0
  # NAT TCP/UDP/IP forwards. Forward ports or protocols from the gateway to
  # an internal client through (D)NAT. Note that you can also use these
  # variables to forward ports to DMZ hosts.
  # TCP/UDP form:
  # "{SRCIP1,SRCIP2,...~}PORT1,PORT2-PORT3,...>DESTIP1{~port} \
  # {SRCIP3,...~}PORT3,...>DESTIP2{~port}"
  # IP form:
  # "{SRCIP1,SRCIP2,...~}PROTO1,PROTO2,...>DESTIP1 \
  # {SRCIP3~}PROTO3,PROTO4,...>DESTIP2"
  # TCP/UDP port forward examples:
  # Simple (forward port 80 to internal host 192.168.0.10):
  # NAT_FORWARD_xxx="80>192.168.0.10 20,21>192.168.0.10"
  # Advanced (forward port 20 & 21 to 192.168.0.10 and
  # forward from 1.2.3.4 port 81 to 192.168.0.11 port 80:
  # NAT_FORWARD_xxx="1.2.3.4~81>192.168.0.11~80"
  # IP protocol forward example:
  # (forward protocols 47 & 48 to 192.168.0.10)
  # NAT_FORWARD_IP="47,48>192.168.0.10"
  # NOTE 1: {~port} is optional. Use it to redirect a specific port to a
  # different port on the internal client.
  # NOTE 2: {SRCIPx} is optional. Use it to restrict access for specific source
  # (inet) IP addresses.
  # (IPv4 Only)
  NAT_FORWARD_TCP=""
  NAT_FORWARD_UDP=""
  NAT_FORWARD_IP=""
  # TCP/UDP/IP forwards. Forward IPv6 and non-NAT'ed IPv4 ports or protocols
  # from the gateway to an internal client. Note that you can also use these
  # variables to forward ports to DMZ hosts.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1{~port} \
  # SRCIP3,...>DESTIP2{~port}"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~PROTO \
  # SRCIP3,...>DESTIP2~PROTO"
  # TCP/UDP port forward examples:
  # Simple (IPv6 forward port 80 to internal host 2001:db8::2):
  # INET_FORWARD_TCP="::/0>2001:db8::2~80"
  # Simple (IPv4 non-NAT forward port 80 to internal host 192.168.0.10):
  # INET_FORWARD_TCP="0/0>192.168.0.10~80"
  # Advanced (forward all UDP ports for 2000::/3 net to 2001:db8::/32 net):
  # INET_FORWARD_UDP="2000::/3>2001:db8::/32"
  # IP protocol forward example:
  # (forward protocol 58 (ICMPv6) to 2001:db8::2)
  # INET_FORWARD_IP="::/0>2001:db8::2~58"
  # (IPv6 and non-NAT'ed IPv4 Only)
  INET_FORWARD_TCP=""
  INET_FORWARD_UDP=""
  INET_FORWARD_IP=""
  # General settings #
  # (EXPERT SETTING!) Location of the iptables-binary (use 'locate iptables' or
  # 'whereis iptables' to manually locate it), required for (default) IPv4 support
  IP4TABLES="/usr/sbin/iptables"
  # (EXPERT SETTING!) Location of the ip6tables-binary (use 'locate ip6tables' or
  # 'whereis ip6tables' to manually locate it), required for IPv6 support
  IP6TABLES="/usr/sbin/ip6tables"
  # (EXPERT SETTING!) Location of the environment file
  ENV_FILE="/usr/share/arno-iptables-firewall/environment"
  # (EXPERT SETTING!) Location of plugin binary & config files
  PLUGIN_BIN_PATH="/usr/share/arno-iptables-firewall/plugins"
  PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
  # Most people don't want to get any firewall logs being spit to the console.
  # This option makes the kernel ring buffer only log messages with level
  # "panic".
  DMESG_PANIC_ONLY=1
  # Enable this if you want TOS mangling (RFC)
  MANGLE_TOS=0
  # Enable this if you want to set the maximum packet size via the
  # Maximum Segment Size(through MSS field)
  SET_MSS=1
  # Enable this if you want to increase the TTL value by one in the prerouting
  # chain. This hides the firewall when performing eg. traceroutes to internal
  # hosts. (IPv4 only!)
  TTL_INC=0
  # (EXPERT SETTING!) Enable this if you want to set the TTL value for packets in
  # the OUTPUT & FORWARD chain. Note that this only works with newer 2.6 kernels
  # (2.6.14 or better) or patched 2.4 kernels, which have netfilter TTL target
  # support. Don't mess with this unless you really know what you are doing!
  # (IPv4 only!)
  #PACKET_TTL="64"
  # Enable this to support the IRC-protocol.
  USE_IRC=0
  # (EXPERT SETTING!) Loosen the forward chain for the external interface(s).
  # Enable it to allow the use of protocols like UPnP. Note that it *could* be
  # less secure.
  LOOSE_FORWARD=0
  # (EXPERT SETTING!) Enable (1) to allow IPv6 Link-Local addresses to be
  # forwarded between interfaces. (IPv6 Only)
  FORWARD_LINK_LOCAL=0
  # (EXPERT SETTING!) Disable (0) to not drop all IPv6 packets with
  # Routing Header Type 0. Enabled by default. (IPv6 Only)
  IPV6_DROP_RH_ZERO=1
  # (EXPERT SETTING!) Enable this if you want to drop packets originating from a
  # private address.
  # Note: To enable logging of dropped private addresses set RESERVED_NET_LOG=1
  RESERVED_NET_DROP=0
  # (EXPERT SETTING!) Protect this machine from being abused for a DRDOS-attack
  # ("Distributed Reflection Denial Of Service"-attack). (STILL EXPERIMENTAL!)
  DRDOS_PROTECT=0
  # Enable (1) if you want to enable mixed IPv4/IPv6 traffic support
  # Disable (0) if you want to enable only IPv4 traffic support
  IPV6_SUPPORT=0
  # This option fixes problems with SMB broadcasts when using nmblookup
  NMB_BROADCAST_FIX=0
  # Set this to 0 to suppress "assuming module is compiled in kernel" messages
  COMPILED_IN_KERNEL_MESSAGES=1
  # (EXPERT SETTING!) You can choose the default policy for the INPUT & FORWARD
  # chain here (1=DROP, 0=ACCEPT). The default policy is DROP. This means that
  # when there are no rule(s) available (yet), the packet will be DROPPED. In
  # practice this rule only does something while the firewall is starting. Once
  # it's started and all rules are in place, the default policy doesn't do
  # anything anymore. People that use eg. NFS and let their clients boot from NFS
  # (diskless client systems) probably want to disable this option to fix
  # "NFS server not responding" etc. errors on their clients.
  DEFAULT_POLICY_DROP=1
  # (EXPERT SETTING!) (Other) trusted network interfaces for which ALL IP
  # traffic should be ACCEPTED. (multiple(!) interfaces should be space
  # separated). Be warned that anything TO and FROM these interfaces is allowed
  # (ACCEPTED) so make sure it's NOT routable(accessible) from the outside world
  # (internet)! And of course putting one of your external interfaces here would
  # be extremely stupid.
  TRUSTED_IF=""
  # (EXPERT SETTING!) Put here the interfaces that should trust
  # each other (accept forward traffic). You can use | (piping-sign) to create
  # seperate interface groups. And (again) of course putting one of your external
  # interfaces here would be extremely stupid.
  IF_TRUSTS=""
  # Location of the custom iptables rules file (if any).
  CUSTOM_RULES="/etc/arno-iptables-firewall/custom-rules"
  # Location of the local (user/global) configuration file, if used
  LOCAL_CONFIG_FILE=""
  # (EXPERT SETTING!) Set this (to 1) to disable the use of iptables-save and
  # iptables-restore to add rules in batch rather than one-by-one. Much slower
  # when disabled. BLOCK_HOSTS and BLOCK_HOSTS_FILE utilizes this feature.
  DISABLE_IPTABLES_BATCH=0
  # (EXPERT SETTING!) Set this (to 1) to enable tracing
  TRACE=0
  # Logging options - All logging is rate limited to prevent log flooding #
  # Enable logging for explicitly blocked hosts.
  BLOCKED_HOST_LOG=1
  # Enable logging for various stealth scans (reliable).
  SCAN_LOG=1
  # Enable logging for possible stealth scans (less reliable).
  POSSIBLE_SCAN_LOG=1
  # Enable logging for TCP-packets with bad flags.
  BAD_FLAGS_LOG=1
  # Enable logging of invalid TCP packets. Keep disabled (0) by default to reduce
  # INVALID packets being logged because of lost (legimate) connections. When
  # debugging any problems, you should enable it (temporarily)!
  INVALID_TCP_LOG=0
  # Enable logging of invalid UDP packets. Keep disabled (0) by default to reduce
  # INVALID packets being logged because of lost (legimate) connections. When
  # debugging any problems, you should enable it (temporarily)!
  INVALID_UDP_LOG=0
  # Enable logging of invalid ICMP packets. Keep disabled (0) by default to reduce
  # INVALID packets being logged because of lost (legimate) connections. When
  # debugging any problems, you should enable it (temporarily)!
  INVALID_ICMP_LOG=0
  # Enable (1) logging of source IPs with reserved or private addresses.
  RESERVED_NET_LOG=0
  # Enable logging of fragmented packets.
  FRAG_LOG=1
  # Enable logging of denied local (OUTPUT) connections.
  INET_OUTPUT_DENY_LOG=1
  # Enable logging of denied LAN output (FORWARD) connections.
  LAN_OUTPUT_DENY_LOG=1
  # Enable logging of denied LAN INPUT connections.
  LAN_INPUT_DENY_LOG=1
  # Enable logging of denied DMZ output (FORWARD) connections.
  DMZ_OUTPUT_DENY_LOG=1
  # Enable logging of denied DMZ input (FORWARD) connections.
  DMZ_INPUT_DENY_LOG=1
  # Enable logging of dropped FORWARD packets.
  FORWARD_DROP_LOG=1
  # Enable logging of dropped IPv6 Link-Local forwarded packets.
  # Note: requires FORWARD_LINK_LOCAL=0 (IPv6 Only)
  LINK_LOCAL_DROP_LOG=1
  # Enable logging of dropped ICMP-request packets (ping).
  ICMP_REQUEST_LOG=1
  # Enable logging of dropped "other" ICMP packets.
  ICMP_OTHER_LOG=1
  # Enable logging of normal connection attempts to privileged TCP ports.
  PRIV_TCP_LOG=1
  # Enable logging of normal connection attempts to privileged UDP ports.
  PRIV_UDP_LOG=1
  # Enable logging of normal connection attempts to unprivileged TCP ports.
  UNPRIV_TCP_LOG=1
  # Enable logging of normal connection attempts to unprivileged UDP ports.
  UNPRIV_UDP_LOG=1
  # Enable logging of IPv4 IGMP packets
  IGMP_LOG=1
  # Enable logging of normal connection attempts to "other-IP"-protocols (non
  # TCP/UDP/ICMP/IGMP).
  OTHER_IP_LOG=1
  # Enable logging for ICMP flooding.
  ICMP_FLOOD_LOG=1
  # (EXPERT SETTING!) The location of the dedicated firewall log file. When
  # enabled the firewall script will also log start/stop etc. info to this file
  # as well. Note that in order to make this work, you should also configure
  # syslogd to log firewall messages to this file (see LOGLEVEL below for further
  # info).
  #FIREWALL_LOG="/var/log/firewall.log"
  # (EXPERT SETTING!) Current log-level ("info": default kernel syslog level)
  # "debug": can be used to log to /var/log/firewall.log, but you have to configure
  # syslogd accordingly (see included syslogd.conf examples).
  LOGLEVEL="info"
  # Put in the following variables which hosts you want to log certain incoming
  # connection attempts for.
  # TCP/UDP port format (LOG_HOST_INPUT_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LOG_HOST_INPUT_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  LOG_HOST_INPUT_TCP=""
  LOG_HOST_INPUT_UDP=""
  LOG_HOST_INPUT_IP=""
  # Put in the following variables which hosts you want to log certain outgoing
  # connection attempts for.
  # TCP/UDP port format (LOG_HOST_OUTPUT_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LOG_HOST_OUTPUT_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  LOG_HOST_OUTPUT_TCP=""
  LOG_HOST_OUTPUT_UDP=""
  LOG_HOST_OUTPUT_IP=""
  # Put in the following variables which services you want to log incoming
  # connection attempts for.
  LOG_INPUT_TCP=""
  LOG_INPUT_UDP=""
  LOG_INPUT_IP=""
  # Put in the following variables which services you want to log outgoing
  # connection attempts for.
  LOG_OUTPUT_TCP=""
  LOG_OUTPUT_UDP=""
  LOG_OUTPUT_IP=""
  # Put in the following variable which hosts you want to log incoming connection
  # (attempts) for.
  LOG_HOST_INPUT=""
  # Put in the following variable which hosts you want to log outgoing connection
  # (attempts) to.
  LOG_HOST_OUTPUT=""
  # sysctl based settings (EXPERT SETTINGS!) #
  # Enable for synflood protection (through /proc/.../tcp_syncookies).
  SYN_PROT=1
  # Enable this to reduce the ability of others DOS'ing your machine.
  REDUCE_DOS_ABILITY=1
  # Enable to ignore all ICMP echo-requests (IPv4) on ALL interfaces.
  ECHO_IGNORE=0
  # Enable to log packets with impossible addresses to the kernel log.
  LOG_MARTIANS=0
  # Only disable this if you're NOT using forwarding (required for NAT etc.) for
  # increased security.
  # Note: If enabled and IPV6 enabled, local IPv6 autoconf will be disabled.
  IP_FORWARDING=1
  # (EXPERT SETTING!) Only disable this if IP_FORWARDING is disabled and
  # you do not use autoconf to obtain your IPv6 address.
  # Note: This is ignored if IP_FORWARDING is enabled. (IPv6 Only)
  IPV6_AUTO_CONFIGURATION=1
  # Enable if you want to accept ICMP redirect messages. Should be set to "0" in
  # case of a router.
  ICMP_REDIRECT=0
  # Enable/modify this if you want to be a able to handle a larger (or smaller)
  # number of simultaneous connections. For high traffic machines I recommend to
  # use a value of at least 16384 (note that a higher value (obviously) also uses
  # more memory).
  CONNTRACK=16384
  # Enable ECN (Explicit Congestion Notification) TCP flag. Disabled by default,
  # as some routers are still not compatible with this.
  ECN=0
  # Enable to drop connections from non-routable IPs, eg. prevent source
  # routing. By default the firewall itself also provides rules against source
  # routing. Note than when you use eg. VPN (Freeswan), you should probably
  # disable this setting.
  RP_FILTER=1
  # Protect against source routed packets. Attackers can use source routing to
  # generate traffic pretending to be from inside your network, but which is
  # routed back along the path from which it came, namely outside, so attackers
  # can compromise your network. Source routing is rarely used for legitimate
  # purposes, so normally you should always leave this enabled(1)!
  SOURCE_ROUTE_PROTECTION=1
  # Here we set the local port range (ports from which connections are
  # initiated from our site). Don't mess with this unless you really know what
  # you are doing!
  LOCAL_PORT_RANGE="32768 61000"
  # Here you can change the default TTL used for sending packets. The value
  # should be between 10 and 255. Don't mess with this unless you really know
  # what you are doing!
  DEFAULT_TTL=64
  # In most cases pmtu discovery is ok, but in some rare cases (when having
  # problems) you might want to disable it.
  NO_PMTU_DISCOVERY=0
  # Firewall policies for the LAN (EXPERT SETTINGS!) #
  # LAN_xxx = LAN->localhost(this machine) input access rules #
  # Note that when both LAN_OPEN_xxx & LAN_HOST_OPEN_xxx are NOT used, the #
  # default policy for this chain is accept (unless denied through #
  # LAN_DENY_xxx and/or LAN_HOST_DENY_xxx)! #
  # Enable this to allow for ICMP-requests(ping) from your LAN
  LAN_OPEN_ICMP=1
  # Put in the following variables the TCP/UDP ports or IP protocols TO
  # (remote end-point) which the LAN hosts are permitted to connect to.
  LAN_OPEN_TCP=""
  LAN_OPEN_UDP=""
  LAN_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which LAN hosts are NOT permitted to connect to.
  LAN_DENY_TCP=""
  LAN_DENY_UDP=""
  LAN_DENY_IP=""
  # Put in the following variables the TCP/UDP ports or IP
  # protocols TO (remote end-point) which certain LAN hosts are
  # permitted to connect to.
  # TCP/UDP port format (LAN_INPUT_HOST_OPEN_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LAN_INPUT_HOST_OPEN_xxx):
  # "host1,host2~proto1,proto2 host3,host4~proto3,proto4 ..."
  LAN_HOST_OPEN_TCP=""
  LAN_HOST_OPEN_UDP=""
  LAN_HOST_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which certain LAN hosts are NOT permitted to connect to.
  # TCP/UDP port format (LAN_INPUT_HOST_DENY_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (LAN_INPUT_HOST_DENY_xxx):
  # "host1,host2~proto1,proto2 host3,host4~proto3,proto4 ..."
  LAN_HOST_DENY_TCP=""
  LAN_HOST_DENY_UDP=""
  LAN_HOST_DENY_IP=""
  # LAN_INET_xxx = LAN->internet access rules (forward) #
  # Note that when both LAN_INET_OPEN_xxx & LAN_INET_HOST_OPEN_xxx are NOT #
  # used, the default policy for this chain is accept (unless denied #
  # through LAN_INET_DENY_xxx and/or LAN_INET_HOST_DENY_xxx)! #
  # Enable this to allow for ICMP-requests(ping) for LAN->INET
  LAN_INET_OPEN_ICMP=1
  # Put in the following variables the TCP/UDP ports or IP
  # protocols TO (remote end-point) which the LAN hosts are
  # permitted to connect to via the external (internet) interface.
  LAN_INET_OPEN_TCP=""
  LAN_INET_OPEN_UDP=""
  LAN_INET_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which the LAN hosts are NOT permitted to connect to
  # via the external (internet) interface. Examples of usage are for blocking
  # IRC (TCP 6666:6669) for the internal network.
  LAN_INET_DENY_TCP=""
  LAN_INET_DENY_UDP=""
  LAN_INET_DENY_IP=""
  # Put in the following variables which LAN hosts you want to allow to certain
  # hosts/services on the internet. By default all services are allowed.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple:
  # (Allow port 80 on INET host 1.2.3.4 for all LAN hosts(0/0)):
  # LAN_INET_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced:
  # (Allow port 20 & 21 on INET host 1.2.3.4 for all LAN hosts(0/0) and
  # allow port 80 on INET host 1.2.3.4 for LAN host 192.168.0.10 (only)):
  # LAN_INET_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 192.168.0.10>80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on INET host 1.2.3.4 for all LAN hosts(0/0))
  # LAN_INET_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  LAN_INET_HOST_OPEN_TCP=""
  LAN_INET_HOST_OPEN_UDP=""
  LAN_INET_HOST_OPEN_IP=""
  # Put in the following variables which DMZ hosts you want to deny to certain
  # hosts/services on the internet.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Deny port 80 on INET host 1.2.3.4 for all LAN hosts(0/0)):
  # LAN_INET_HOST_DENY_xxx="0/0>1.2.3.4~80"
  # Advanced (Deny port 20 & 21 on INET host 1.2.3.4 for all LAN hosts(0/0) and
  # deny port 80 on INET host 1.2.3.4 for LAN host 192.168.0.10 (only)):
  # LAN_INET_HOST_DENY_xxx="0/0>1.2.3.4~20,21 192.168.0.10>1.2.3.4~80"
  # IP protocol example:
  # (Deny protocols 47 & 48 on INET host 1.2.3.4 for all LAN hosts(0/0)):
  # LAN_INET_HOST_DENY_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  LAN_INET_HOST_DENY_TCP=""
  LAN_INET_HOST_DENY_UDP=""
  LAN_INET_HOST_DENY_IP=""
  # Firewall policies for the DMZ (EXPERT SETTINGS!) #
  # DMZ_xxx = DMZ->localhost(this machine) input access rules #
  # Enable this to allow ICMP-requests(ping) from the DMZ
  DMZ_OPEN_ICMP=1
  # Put in the following variables which DMZ hosts are permitted to connect to
  # certain the TCP/UDP ports, IP protocols or ICMP. By default all (local)
  # services are blocked for DMZ hosts.
  DMZ_OPEN_TCP=""
  DMZ_OPEN_UDP=""
  DMZ_OPEN_IP=""
  # Put in the following variables which DMZ hosts you want to allow for certain
  # services. By default all (local) services are blocked for DMZ hosts.
  # TCP/UDP port format (DMZ_HOST_OPEN_TCP & DMZ_HOST_OPEN_UDP):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (DMZ_HOST_OPEN_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto3,proto4 ..."
  DMZ_HOST_OPEN_TCP=""
  DMZ_HOST_OPEN_UDP=""
  DMZ_HOST_OPEN_IP=""
  # INET_DMZ_xxx = Internet->DMZ access rules (forward) #
  # Note: As of Version 2.0.0 the default policy has changed to DROP #
  # Previous to Version 2.0.0 the default policy was ACCEPT #
  # Enable this to make the default policy allow for ICMP(ping) for INET->DMZ
  INET_DMZ_OPEN_ICMP=0
  # Put in the following variables which INET hosts are permitted to connect to
  # certain the TCP/UDP ports or IP protocols in the DMZ.
  INET_DMZ_OPEN_TCP=""
  INET_DMZ_OPEN_UDP=""
  INET_DMZ_OPEN_IP=""
  # Put in the following variables which INET hosts are NOT permitted to connect
  # to certain the TCP/UDP ports or IP protocols in the DMZ.
  INET_DMZ_DENY_TCP=""
  INET_DMZ_DENY_UDP=""
  INET_DMZ_DENY_IP=""
  # Put in the following variables which INET hosts you want to allow to certain
  # hosts/services on the DMZ net. By default all services are dropped.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Allow port 80 on DMZ host 1.2.3.4 for all INET hosts(0/0)):
  # INET_DMZ_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced (Allow port 20 & 21 on DMZ host 1.2.3.4 for all INET hosts(0/0) and
  # allow port 80 on DMZ host 1.2.3.4 for INET host 5.6.7.8 (only)):
  # INET_DMZ_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on INET host 1.2.3.4 for all DMZ hosts )
  # INET_DMZ_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  INET_DMZ_HOST_OPEN_TCP=""
  INET_DMZ_HOST_OPEN_UDP=""
  INET_DMZ_HOST_OPEN_IP=""
  # Put in the following variables which INET hosts you want to deny to certain
  # hosts/services on the DMZ net.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Deny port 80 on DMZ host 1.2.3.4 for all INET hosts(0/0)):
  # INET_DMZ_HOST_DENY_xxx="0/0>1.2.3.4~80"
  # Advanced (Deny port 20 & 21 on DMZ host 1.2.3.4 for all INET hosts(0/0) and
  # deny port 80 on DMZ host 1.2.3.4 for INET host 5.6.7.8 (only)):
  # INET_DMZ_HOST_DENY_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Deny protocols 47 & 48 on DMZ host 1.2.3.4 for all INET hosts):
  # INET_DMZ_HOST_DENY_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  INET_DMZ_HOST_DENY_TCP=""
  INET_DMZ_HOST_DENY_UDP=""
  INET_DMZ_HOST_DENY_IP=""
  # DMZ_INET_xxx = DMZ->internet access rules (forward) #
  # Note that when both DMZ_INET_OPEN_xxx & DMZ_INET_HOST_OPEN_xxx are NOT #
  # used, the default policy for this chain is accept (unless denied #
  # through DMZ_INET_DENY_xxx and/or DMZ_INET_HOST_DENY_xxx)! #
  # Enable this to make the default policy allow for ICMP(ping) for DMZ->INET
  DMZ_INET_OPEN_ICMP=1
  # Put in the following variables the TCP/UDP ports or IP
  # protocols TO (remote end-point) which the DMZ hosts are
  # permitted to connect to via the external (internet) interface.
  DMZ_INET_OPEN_TCP=""
  DMZ_INET_OPEN_UDP=""
  DMZ_INET_OPEN_IP=""
  # Put in the following variables the TCP/UDP ports or IP protocols TO (remote
  # end-point) which the DMZ hosts are NOT permitted to connect to
  # via the external (internet) interface. Examples of usage are for blocking
  # IRC (TCP 6666:6669) for the internal network.
  DMZ_INET_DENY_TCP=""
  DMZ_INET_DENY_UDP=""
  DMZ_INET_DENY_IP=""
  # Put in the following variables which DMZ hosts you want to allow to certain
  # hosts/services on the internet. By default all services are allowed.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~sprotocol"
  # TCP/UDP examples:
  # Simple (Allow port 80 on INET host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_INET_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced (Allow port 20 & 21 on INET host 1.2.3.4 for all DMZ hosts(0/0) and
  # allow port 80 on INET host 1.2.3.4 for DMZ host 5.6.7.8 (only)):
  # DMZ_INET_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on INET host 1.2.3.4 for all DMZ hosts):
  # DMZ_INET_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  DMZ_INET_HOST_OPEN_TCP=""
  DMZ_INET_HOST_OPEN_UDP=""
  DMZ_INET_HOST_OPEN_IP=""
  # Put in the following variables which DMZ hosts you want to deny to certain
  # hosts/services on the internet.
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Deny port 80 on INET host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_INET_HOST_DENY_xxx="0/0>1.2.3.4~80"
  # Advanced (Deny port 20 & 21 on INET host 1.2.3.4 for all DMZ hosts(0/0) and
  # deny port 80 on INET host 1.2.3.4 for DMZ host 5.6.7.8 (only)):
  # DMZ_INET_HOST_DENY_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Deny protocols 47 & 48 on INET host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_INET_HOST_DENY_IP="0/0>1.2.3.4:47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  DMZ_INET_HOST_DENY_TCP=""
  DMZ_INET_HOST_DENY_UDP=""
  DMZ_INET_HOST_DENY_IP=""
  # DMZ_LAN_xxx = DMZ->LAN access rules (forward) #
  # Enable this to make the default policy allow for ICMP(ping) for DMZ->LAN
  DMZ_LAN_OPEN_ICMP=0
  # Put in the following variables which DMZ hosts you want to allow to certain
  # hosts/services on the LAN (net).
  # TCP/UDP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~port \
  # SRCIP3,...>DESTIP2~port"
  # IP form:
  # "SRCIP1,SRCIP2,...>DESTIP1~protocol \
  # SRCIP3,...>DESTIP2~protocol"
  # TCP/UDP examples:
  # Simple (Allow port 80 on LAN host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_LAN_HOST_OPEN_xxx="0/0>1.2.3.4~80"
  # Advanced (Allow port 20 & 21 on LAN host 1.2.3.4 for all DMZ hosts (0/0) and
  # allow port 80 for DMZ host 5.6.7.8 (only) on LAN host
  # 1.2.3.4):
  # DMZ_LAN_HOST_OPEN_xxx="0/0>1.2.3.4~20,21 5.6.7.8>1.2.3.4~80"
  # IP protocol example:
  # (Allow protocols 47 & 48 on LAN host 1.2.3.4 for all DMZ hosts(0/0)):
  # DMZ_LAN_HOST_OPEN_IP="0/0>1.2.3.4~47,48"
  # NOTE 1: If no SRCIPx is specified, any source host is used
  # NOTE 2: If no port is specified, any port is used
  DMZ_LAN_HOST_OPEN_TCP=""
  DMZ_LAN_HOST_OPEN_UDP=""
  DMZ_LAN_HOST_OPEN_IP=""
  # Firewall policies for the external (inet) interface (default policy = drop) #
  # Put in the following variable which hosts (subnets) you want have full access
  # via your internet (EXT_IF) connection(!). This is especially meant for
  # networks/servers which use NIS/NFS, as these protocols require all ports
  # to be open.
  # NOTE: Don't mistake this variable with the one used for internal nets.
  FULL_ACCESS_HOSTS=""
  # Put in the following variable which TCP/UDP ports you don't want to
  # see broadcasts from (eg. DHCP (67/68) on your EXTERNAL interface. Note that
  # to make this properly work you also need to set "EXTERNAL_NET"!
  BROADCAST_TCP_NOLOG=""
  #BROADCAST_UDP_NOLOG="67 68"
  # Put in the following variables which hosts you want to allow for certain
  # services.
  # TCP/UDP port format (HOST_OPEN_TCP & HOST_OPEN_UDP):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_OPEN_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  # ICMP protocol format (HOST_OPEN_ICMP):
  # "host1 host2 ...."
  HOST_OPEN_TCP=""
  HOST_OPEN_UDP=""
  HOST_OPEN_IP=""
  HOST_OPEN_ICMP=""
  # Put in the following variables which hosts you want to DENY(DROP) for certain
  # services (and logged).
  # to DENY(DROP) for certain hosts.
  # TCP/UDP port format (HOST_DENY_TCP & HOST_DENY_UDP):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_DENY_IP):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  # ICMP protocol format (HOST_DENY_ICMP):
  # "host1 host2 ...."
  HOST_DENY_TCP=""
  HOST_DENY_UDP=""
  HOST_DENY_IP=""
  HOST_DENY_ICMP=""
  # Put in the following variables which hosts you want to DENY(DROP) for certain
  # services but NOT logged.
  # TCP/UDP port format (HOST_DENY_xxx_NOLOG):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_DENY_IP_NOLOG):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  # ICMP protocol format (HOST_DENY_ICMP_NOLOG):
  # "host1 host2 ...."
  HOST_DENY_TCP_NOLOG=""
  HOST_DENY_UDP_NOLOG=""
  HOST_DENY_IP_NOLOG=""
  HOST_DENY_ICMP_NOLOG=""
  # Put in the following variables which hosts you want to REJECT (instead of
  # DROP) for certain TCP/UDP ports.
  # TCP/UDP port format (HOST_REJECT_xxx):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  HOST_REJECT_TCP=""
  HOST_REJECT_UDP=""
  # Put in the following variables which hosts you want to REJECT (instead of
  # DROP) for certain services but NOT logged.
  # TCP/UDP port format (HOST_REJECT_xxx_NOLOG):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  HOST_REJECT_TCP_NOLOG=""
  HOST_REJECT_UDP_NOLOG=""
  # Put in the following variables which services THIS machine is NOT
  # permitted to connect TO (remote end-point) via the external (internet)
  # interface. For example for blocking IRC (tcp 6666:6669).
  DENY_TCP_OUTPUT=""
  DENY_UDP_OUTPUT=""
  DENY_IP_OUTPUT=""
  # Put in the following variables to which hosts THIS machine is NOT
  # permitted to connect TO for certain services (remote end-point)
  # via the external (internet) interface. In principle you can also
  # use this to put your machine in a "virtual-DMZ" by blocking all traffic
  # to your local subnet.
  # TCP/UDP port format (HOST_DENY_TCP_OUTPUT & HOST_DENY_UDP_OUTPUT):
  # "host1,host2~port1,port2 host3,host4~port3,port4 ..."
  # IP protocol format (HOST_DENY_IP_OUTPUT):
  # "host1,host2~proto1,proto2 host3,host4~proto4,proto4 ..."
  HOST_DENY_TCP_OUTPUT=""
  HOST_DENY_UDP_OUTPUT=""
  HOST_DENY_IP_OUTPUT=""
  # Enable (1) to make the default policy allow for IPv4 ICMP (ping) for INET access
  # Note: Other ICMP variables apply to both IPv4 and IPv6 unless otherwise noted.
  OPEN_ICMP=0
  # Disable (0) to make the default policy drop IPv6 ICMPv6 for INET access
  # Note: Other ICMP variables apply to both IPv4 and IPv6 unless otherwise noted.
  OPEN_ICMPV6=1
  # Put in the following variables which ports or IP protocols you want to leave
  # open to the whole world.
  OPEN_TCP=""
  OPEN_UDP=""
  OPEN_IP=""
  # Put in the following variables the TCP/UDP ports you want to DENY(DROP) for
  # everyone (and logged). Also use these variables if you want to log connection
  # attempts to these ports from everyone (also trusted/full access hosts).
  # In principle you don't need these variables, as everything is already blocked
  # (denied) by default, but just exists for consistency.
  DENY_TCP=""
  DENY_UDP=""
  # Put in the following variables which ports you want to DENY(DROP) for
  # everyone but NOT logged. This is very useful if you have constant probes on
  # the same port(s) over and over again (code red worm) and don't want your logs
  # flooded with it.
  DENY_TCP_NOLOG=""
  DENY_UDP_NOLOG=""
  # Put in the following variables the TCP/UDP ports you want to REJECT (instead
  # of DROP) for everyone (and logged).
  REJECT_TCP=""
  REJECT_UDP=""
  # Put in the following variables the TCP/UDP ports you want to REJECT (instead
  # of DROP) for everyone but NOT logged.
  REJECT_TCP_NOLOG=""
  REJECT_UDP_NOLOG=""
  # Put in the following variable which hosts you want to block (blackhole,
  # dropping every packet from the host).
  BLOCK_HOSTS=""
  # Blocked Hosts are by default blocked in both Inbound and Outbound directions.
  # If only Inbound blocking is desired, set to 0 to disable bidirectional blocking.
  BLOCK_HOSTS_BIDIRECTIONAL=1
  # Uncomment & specify here the location of the file that contains a list of
  # hosts(IPs) that should be BLOCKED. IP ranges can (only) be specified as
  # w.x.y.z1-z2 (eg. 192.168.1.10-15). Note that the last line of this file
  # should always contain a carriage-return (enter)!
  #BLOCK_HOSTS_FILE="/etc/arno-iptables-firewall/blocked-hosts"
  Service status:
  $ 0.status arno-iptables-firewall.service
  arno-iptables-firewall.service - A secure stateful firewall for both single and multi-homed machine
  Loaded: loaded (/usr/lib/systemd/system/arno-iptables-firewall.service; enabled)
  Active: active (exited) since Tue 2013-02-19 12:45:30 CET; 38s ago
  Main PID: 7781 (code=exited, status=0/SUCCESS)
  CGroup: name=systemd:/system/arno-iptables-firewall.service
  which is a bit confusing as it says 'active' and 'exited' at the same time...
  and then I get into my phone through adb shell, and I run:
  root@android:/ # su
  root@android:/ # netcfg usb0 dhcp
  action 'dhcp' failed (Timer expired)
  So apparently something is wrong,

• Networking issues with bridged connection

  So in my network I have a netgear C6300 with a Motorola surfboard(modem/router also with dhcp turned off) connected via Ethernet to provide a separate wifi network on the other side of the house. I've been having frequent connection drops that last for about
  10 seconds. I figured out my wireless adapter(netgear a6210) is bridged to the Motorola(see screenshot) and I'm wondering how to disable this bridge because I think it might be causing the connection issues. But when I try to remove the bridge is says gives
  an error. If I disable the Network bridge my adapter stops working. Any ideas?
  Note: before it was saying Motorola... under the enabled, bridged.
  Edit:
  This: I also noticed it switched from Motorola like the picture below to NETGEAR58-5G(like above)

  Hi slycoder127,
  If yo uare currently running Windows 10 build 10049, then you should take a look at the thread below:
  No access to Internet Protocol (v4 or v6) in 10049
  Which might cause some of the adapter function not working at the current build.
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Unstable Wireless Bridge Connection via 802.11a(Radio 1) of Aironet 1242

  Hi,
  I'm going to setup up an AP 1242 in a remote area to support b/g client via a 802.11a bridge link (all using AP 1242).
  Before the deployment, I tested the configuration in a lab environment. However, I found the bridge link will come up a while and suddenly gone. Resetting the root AP or the non-root AP cannot bring the connection up again. Sometimes, when I shutdown the b/g radio (radio 0) of the remote AP, the bridge link will be established again. Following is the log from the root AP.
  Thanks!
  *Apr  4 12:24:05.013: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to r
  eset
  *Apr  4 12:24:05.054: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Apr  4 12:24:05.665: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
  et0, changed state to down
  *Apr  4 12:24:06.009: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
  1, changed state to up
  *Apr  4 12:24:06.013: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
  0, changed state to down
  *Apr  4 12:24:07.054: %LINK-3-UPDOWN: Interface BVI1, changed state to down
  *Apr  4 12:24:16.091: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associa
  te: No Response
  *Apr  4 12:24:16.811: %LINK-3-UPDOWN: Interface BVI1, changed state to up
  *Apr  4 12:24:17.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, chan
  ged state to upInternal error:  command failed                                                             <<<< Internal error:  command failed ??????
                                                                                                                                 <<<<don't know the meaning of this message
  *Apr  4 12:27:22.206: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to r
  eset
  *Apr  4 12:27:22.233: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Apr  4 12:27:22.233: dot11_mgmt: bad cookie returned from driver for mac 003a.9         <<<<<003a.928.dad0 is radio 1 / non root bridge of remote AP
  928.dad0(expected 0x00000000, got 0x010ADAB0) - force driver to delete client             <<<<<don't know the meaning of this message
  *Apr  4 12:27:22.235: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to r
  eset
  *Apr  4 12:27:22.262: %LINK-3-UPDOWN: Interface Dot11Radio1, changed state to up
  *Apr  4 12:27:23.513: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
  et0, changed state to up
  *Apr  4 12:27:26.993: %DOT11-6-ASSOC: Interface Dot11Radio1, Station T9_QC168_Ca
  ntil 003a.9928.dad0 Reassociated KEY_MGMT[NONE]
  *Apr  4 12:27:28.465: %DOT11-4-MAXRETRIES: Packet to client 003a.9928.dad0 reach
  ed max retries, removing the client
  *Apr  4 12:27:28.465: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating
  Station 003a.9928.dad0 Reason: Previous authentication no longer valid
  *Apr  4 12:27:28.467: %DOT11-4-MAXRETRIES: Packet to client 003a.9928.dad0 reach
  ed max retries, removing the client
  *Apr  4 12:27:31.673: %DOT11-6-ASSOC: Interface Dot11Radio1, Station T9_QC168_Ca
  ntil 003a.9928.dad0 Reassociated KEY_MGMT[NONE]
  *Apr  4 12:27:32.687: %DOT11-6-ADD: Interface Dot11Radio1, Station 003a.9926.e76
  0 Associated to Parent 003a.9928.dad0
  *Apr  4 12:28:46.178: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating
  Station 003a.9928.dad0 Reason: Sending station has left the BSS
  *Apr  4 12:28:46.179: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating
  Station 003a.9926.e760
  *Apr  4 12:28:46.181: %DOT11-6-ASSOC: Interface Dot11Radio1, Station T9_QC168_Ca
  ntil 003a.9928.dad0 Reassociated KEY_MGMT[NONE]
  *Apr  4 12:28:47.196: %DOT11-6-ADD: Interface Dot11Radio1, Station 003a.9926.e76
  0 Associated to Parent 003a.9928.dad0
  *Apr  4 12:29:15.132: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern
  et0, changed state to down
  *Apr  4 12:29:32.442: %DOT11-4-MAXRETRIES: Packet to client 003a.9928.dad0 reach
  ed max retries, removing the client
  *Apr  4 12:29:32.442: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating
  Station 003a.9928.dad0 Reason: Previous authentication no longer valid
  *Apr  4 12:29:32.443: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating
  Station 003a.9926.e760
  *Apr  4 12:29:32.444: %DOT11-4-MAXRETRIES: Packet to client 003a.9928.dad0 reach
  ed max retries, removing the client
  *Apr  4 12:31:10.285: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associa
  te: Rcvd response from 003a.9928.2660 channel 6 2560
  *Apr  4 12:31:18.286: %DOT11-4-CANT_ASSOC: Interface Dot11Radio0, cannot associa
  te: AssociatingInternal error:  command failed
  *Apr  4 12:31:27.021: dot11_mgmt: bad cookie returned from driver for mac 003a.9
  928.2660(expected 0x00000000, got 0x010ADAB0) - force driver to delete client
  *Apr  4 12:31:29.107: %DOT11-4-UPLINK_ESTABLISHED: Interface Dot11Radio0, Associ
  ated To AP T9_SML_LT2_AP2 003a.9928.2660 [None]
  *Apr  4 12:31:29.108: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
  *Apr  4 12:31:30.108: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio
  0, changed state to up

  Thanks dmantill for reminding me to revisit the antenna and related stuff.
  As the setup is in a lab environment, the APs are put on a work bench next to each other, therefore, the radio output power was lowered.
  After adjusting the output powers, it works as expected.
  Thanks Surendra and dmantill.