Hi,
I''ve installed and configured shorewall on a Redhat Linux 9 box
successfully. I am also able to share its internet connection to my LAN
users. I''m faced with two problems which i m sure would be as easy as
rest
of LINUX :p but since i m relative new to Linux based firewalls, so any help
would be appriciated
1. I made a DNAT rule like this to accomplish this task
i want to redirect all port 21 (i.e. ftp) traffic from internet to a
host on my local network machine with specified iP (4.10)
DNAT net loc:192.168.4.10 ftp 21 (but it is not working ... any
suggestions ?)
2. I have two broadband connections (512 Kbps each) from two different
provides (for sake of redundancy & load sharing). Now what i want is to
divide users in two groups and have them consume bandwidth from two
connections. My idea is to Specify a zone / group of users IP range (e.g.
4.10 to 4.30) to use Broadband connection 1 & other group (e.g. 4.51 to
4.70)
to use broadband connection 2.
Now i need to know
a ) how could i define such groups in firewall (shorewall)
b ) is that possible to terminate two broadband connections in one firewall
or i need to setup two firewall boxes ?
Regards,
Asim Ahmed .
Asim Ahmed, If you find yourself often needing help "Immediately" then open source software may not be for you. When you post on a mailing list like this one and ask for help, you are asking busy people to take time out of their day to assist you for free. Of necessity, the demands of job and family will come before any requests to help you, no matter how urgent you believe the situation to be. Commercial software, on the other hand, offers support facilities where you can get assistance "Immediately"; at a price, of course. On Tuesday 07 March 2006 04:47, Asim Ahmed Khan wrote:> Hi, > > I''ve installed and configured shorewall on a Redhat Linux 9 box > successfully. I am also able to share its internet connection to my LAN > users. I''m faced with two problems which i m sure would be as easy as rest > of LINUX :p but since i m relative new to Linux based firewalls, so any > help would be appriciated > > 1. I made a DNAT rule like this to accomplish this task > i want to redirect all port 21 (i.e. ftp) traffic from internet to a > host on my local network machine with specified iP (4.10) > > DNAT net loc:192.168.4.10 ftp 21 (but it is not working ... any > suggestions ?)Yes. a) Read and follow the DNAT troubleshooting tips in Shorewall FAQs 1a and 1b. b) Read about how FTP works with Netfilter/Shorewall at http://www.shorewall.net/FTP.html.> > 2. I have two broadband connections (512 Kbps each) from two different > provides (for sake of redundancy & load sharing). Now what i want is to > divide users in two groups and have them consume bandwidth from two > connections. My idea is to Specify a zone / group of users IP range (e.g. > 4.10 to 4.30) to use Broadband connection 1 & other group (e.g. 4.51 to > 4.70) to use broadband connection 2. > Now i need to know > a ) how could i define such groups in firewall (shorewall) > b ) is that possible to terminate two broadband connections in one firewall > or i need to setup two firewall boxes ?The answers to your questions are available in the Shorewall documentation. Please see: http://www.shorewall.net/MultiISP.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Tuesday 07 March 2006 04:47, Asim Ahmed Khan wrote:> Hi, > > I''ve installed and configured shorewall on a Redhat Linux 9 box > successfully. I am also able to share its internet connection to my LAN > users. I''m faced with two problems which i m sure would be as easy as rest > of LINUX :p but since i m relative new to Linux based firewalls, so any > help would be appriciated > > 1. I made a DNAT rule like this to accomplish this task > i want to redirect all port 21 (i.e. ftp) traffic from internet to a > host on my local network machine with specified iP (4.10) > > DNAT net loc:192.168.4.10 ftp 21 (but it is not working ... any > suggestions ?)I assume that the rule doesn''t actually look like that -- there is no protocol named ''ftp''. So your rule should look something like: DNAT net loc:192.168.4.10 tcp 21 or DNAT net loc:192.168.4.10 tcp ftp -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Thanx for your tips dude ! but i assume that must''ve been a BAD BAD day for you when you got my mail :) cuz when you see "BUSY / PROFESSIONAL" people writing a 150 words para on a single inappropriate work "immediately" then this it does not match the context of para :P any way i''ll checkout those tips and once again thanx for your help - Asim On 3/7/06, Tom Eastep <teastep@shorewall.net> wrote:> > Asim Ahmed, > > If you find yourself often needing help "Immediately" then open source > software may not be for you. When you post on a mailing list like this one > and ask for help, you are asking busy people to take time out of their day > to > assist you for free. Of necessity, the demands of job and family will come > before any requests to help you, no matter how urgent you believe the > situation to be. Commercial software, on the other hand, offers support > facilities where you can get assistance "Immediately"; at a price, of > course. > > On Tuesday 07 March 2006 04:47, Asim Ahmed Khan wrote: > > Hi, > > > > I''ve installed and configured shorewall on a Redhat Linux 9 box > > successfully. I am also able to share its internet connection to my LAN > > users. I''m faced with two problems which i m sure would be as easy as > rest > > of LINUX :p but since i m relative new to Linux based firewalls, so any > > help would be appriciated > > > > 1. I made a DNAT rule like this to accomplish this task > > i want to redirect all port 21 (i.e. ftp) traffic from internet to a > > host on my local network machine with specified iP (4.10) > > > > DNAT net loc:192.168.4.10 ftp 21 (but it is not working ... any > > suggestions ?) > > Yes. > > a) Read and follow the DNAT troubleshooting tips in Shorewall FAQs > 1a and 1b. > b) Read about how FTP works with Netfilter/Shorewall at > http://www.shorewall.net/FTP.html. > > > > 2. I have two broadband connections (512 Kbps each) from two different > > provides (for sake of redundancy & load sharing). Now what i want is to > > divide users in two groups and have them consume bandwidth from two > > connections. My idea is to Specify a zone / group of users IP range (e.g > . > > 4.10 to 4.30) to use Broadband connection 1 & other group (e.g. 4.51 to > > 4.70) to use broadband connection 2. > > Now i need to know > > a ) how could i define such groups in firewall (shorewall) > > b ) is that possible to terminate two broadband connections in one > firewall > > or i need to setup two firewall boxes ? > > The answers to your questions are available in the Shorewall > documentation. > Please see: > > http://www.shorewall.net/MultiISP.html > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > >-- Sr. System Engineer Folio3 Pvt. Ltd URL : http://www.clickmarks.com email : asimak77@gmail.com MSN : asimak77@hotmail.com
yo ashim. I think FTP is solved by changing this line "DNAT net loc:192.168.4.10 ftp 21 " to FTP/DNAT net loc:192.168.4.10 anyway. that "ftp 21" thing you use is FATAL (or?) . btw. Id use SCP and not FTP --- the other problem you mentioned I cant answer. But I can say that Tom Eastep is an cool guy contributing lots of useful stuff to the linux-community. as the others that help on the project too. RTFM isnt what helps immediately, but its the right start. it wont work trying to make some billions a month but only spend 10bucks for infrastructure. If I had toms postal address Id send him chrismas presents since years. claus Asim Ahmed Khan schrieb:> Thanx for your tips dude ! but i assume that must''ve been a BAD BAD day for > you when you got my mail :) cuz when you see "BUSY / PROFESSIONAL" people > writing a 150 words para on a single inappropriate work "immediately" then > this it does not match the context of para :P > any way i''ll checkout those tips and once again thanx for your help > > - Asim > > > On 3/7/06, Tom Eastep <teastep@shorewall.net> wrote: >> Asim Ahmed, >> >> If you find yourself often needing help "Immediately" then open source >> software may not be for you. When you post on a mailing list like this one >> and ask for help, you are asking busy people to take time out of their day >> to >> assist you for free. Of necessity, the demands of job and family will come >> before any requests to help you, no matter how urgent you believe the >> situation to be. Commercial software, on the other hand, offers support >> facilities where you can get assistance "Immediately"; at a price, of >> course. >> >> On Tuesday 07 March 2006 04:47, Asim Ahmed Khan wrote: >>> Hi, >>> >>> I''ve installed and configured shorewall on a Redhat Linux 9 box >>> successfully. I am also able to share its internet connection to my LAN >>> users. I''m faced with two problems which i m sure would be as easy as >> rest >>> of LINUX :p but since i m relative new to Linux based firewalls, so any >>> help would be appriciated >>> >>> 1. I made a DNAT rule like this to accomplish this task >>> i want to redirect all port 21 (i.e. ftp) traffic from internet to a >>> host on my local network machine with specified iP (4.10) >>> >>> DNAT net loc:192.168.4.10 ftp 21 (but it is not working ... any >>> suggestions ?) >> Yes. >> >> a) Read and follow the DNAT troubleshooting tips in Shorewall FAQs >> 1a and 1b. >> b) Read about how FTP works with Netfilter/Shorewall at >> http://www.shorewall.net/FTP.html. >>> 2. I have two broadband connections (512 Kbps each) from two different >>> provides (for sake of redundancy & load sharing). Now what i want is to >>> divide users in two groups and have them consume bandwidth from two >>> connections. My idea is to Specify a zone / group of users IP range (e.g >> . >>> 4.10 to 4.30) to use Broadband connection 1 & other group (e.g. 4.51 to >>> 4.70) to use broadband connection 2. >>> Now i need to know >>> a ) how could i define such groups in firewall (shorewall) >>> b ) is that possible to terminate two broadband connections in one >> firewall >>> or i need to setup two firewall boxes ? >> The answers to your questions are available in the Shorewall >> documentation. >> Please see: >> >> http://www.shorewall.net/MultiISP.html >> >> -Tom >> -- >> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >> Shoreline, \ http://shorewall.net >> Washington USA \ teastep@shorewall.net >> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key >> >> >> > > > -- > Sr. System Engineer > Folio3 Pvt. Ltd > URL : http://www.clickmarks.com > email : asimak77@gmail.com > MSN : asimak77@hotmail.com >-- Claus Westerkamp Systems Engineering Raytion GmbH Kaiser-Friedrich-Ring 74 40547 Duesseldorf Fon +49-211-550266-0 Fax +49-211-550266-19 http://www.raytion.com ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
Thanx claus, i didn''t mean to deny the usefull stuff sent by members here ... i really appriciate that but that was just natural to show hurry to get solution to get answer ... not actually forcing anyone .... - Asim On 3/8/06, claus westerkamp <claus.westerkamp@raytion.com> wrote:> > yo ashim. > > I think FTP is solved by changing this line > > "DNAT net loc:192.168.4.10 ftp 21 " > > to > > FTP/DNAT net loc:192.168.4.10 > > anyway. that "ftp 21" thing you use is FATAL (or?) . > btw. Id use SCP and not FTP > > --- > > the other problem you mentioned I cant answer. But I can say that Tom > Eastep is an cool guy contributing lots of useful stuff to the > linux-community. as the others that help on the project too. > RTFM isnt what helps immediately, but its the right start. it wont work > trying to make some billions a month but only spend 10bucks for > infrastructure. > > If I had toms postal address Id send him chrismas presents since years. > > claus > > > Asim Ahmed Khan schrieb: > > Thanx for your tips dude ! but i assume that must''ve been a BAD BAD day > for > > you when you got my mail :) cuz when you see "BUSY / PROFESSIONAL" > people > > writing a 150 words para on a single inappropriate work "immediately" > then > > this it does not match the context of para :P > > any way i''ll checkout those tips and once again thanx for your help > > > > - Asim > > > > > > On 3/7/06, Tom Eastep <teastep@shorewall.net> wrote: > >> Asim Ahmed, > >> > >> If you find yourself often needing help "Immediately" then open source > >> software may not be for you. When you post on a mailing list like this > one > >> and ask for help, you are asking busy people to take time out of their > day > >> to > >> assist you for free. Of necessity, the demands of job and family will > come > >> before any requests to help you, no matter how urgent you believe the > >> situation to be. Commercial software, on the other hand, offers support > >> facilities where you can get assistance "Immediately"; at a price, of > >> course. > >> > >> On Tuesday 07 March 2006 04:47, Asim Ahmed Khan wrote: > >>> Hi, > >>> > >>> I''ve installed and configured shorewall on a Redhat Linux 9 box > >>> successfully. I am also able to share its internet connection to my > LAN > >>> users. I''m faced with two problems which i m sure would be as easy as > >> rest > >>> of LINUX :p but since i m relative new to Linux based firewalls, so > any > >>> help would be appriciated > >>> > >>> 1. I made a DNAT rule like this to accomplish this task > >>> i want to redirect all port 21 (i.e. ftp) traffic from internet to > a > >>> host on my local network machine with specified iP (4.10) > >>> > >>> DNAT net loc:192.168.4.10 ftp 21 (but it is not working ... > any > >>> suggestions ?) > >> Yes. > >> > >> a) Read and follow the DNAT troubleshooting tips in Shorewall > FAQs > >> 1a and 1b. > >> b) Read about how FTP works with Netfilter/Shorewall at > >> http://www.shorewall.net/FTP.html. > >>> 2. I have two broadband connections (512 Kbps each) from two different > >>> provides (for sake of redundancy & load sharing). Now what i want is > to > >>> divide users in two groups and have them consume bandwidth from two > >>> connections. My idea is to Specify a zone / group of users IP range ( > e.g > >> . > >>> 4.10 to 4.30) to use Broadband connection 1 & other group (e.g. 4.51to > >>> 4.70) to use broadband connection 2. > >>> Now i need to know > >>> a ) how could i define such groups in firewall (shorewall) > >>> b ) is that possible to terminate two broadband connections in one > >> firewall > >>> or i need to setup two firewall boxes ? > >> The answers to your questions are available in the Shorewall > >> documentation. > >> Please see: > >> > >> http://www.shorewall.net/MultiISP.html > >> > >> -Tom > >> -- > >> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > >> Shoreline, \ http://shorewall.net > >> Washington USA \ teastep@shorewall.net > >> PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > >> > >> > >> > > > > > > -- > > Sr. System Engineer > > Folio3 Pvt. Ltd > > URL : http://www.clickmarks.com > > email : asimak77@gmail.com > > MSN : asimak77@hotmail.com > > > > -- > Claus Westerkamp > Systems Engineering > > Raytion GmbH > Kaiser-Friedrich-Ring 74 > 40547 Duesseldorf > Fon +49-211-550266-0 > Fax +49-211-550266-19 > http://www.raytion.com > > > ------------------------------------------------------- > This SF.Net email is sponsored by xPML, a groundbreaking scripting > language > that extends applications into web and mobile media. Attend the live > webcast > and join the prime developer group breaking into this new coding > territory! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Sr. System Engineer Folio3 Pvt. Ltd URL : http://www.clickmarks.com email : asimak77@gmail.com MSN : asimak77@hotmail.com