Hi Tom, I am having a really strange problem. We have two broadband connections from different vendors. I''ve installed VMWARE over a windows XP machine and created two instances of Fedora Core 4 box on it. On each instance I''ve installed Shorewall 3.0.5 and using them as different gateways for users on my LAN. Since almost last 4 months I''ve been using this setup without any problem. Recently our partner offices in US and Japan setup a vpn server to give us access to thier machines. The problem is that while trying to connect to remote VPN servers we get a host of different error codes. And in most cases as a work around it suggested that may be your NATTING device is not functioning properly. Some times though we successfully connect to VPN. Do you or anyboby else know about any such issue with Shorewall or shorewall over a vmware instance OR may be issue with FC4 ? any help would be appriciated greatly ! Regards, - Asim Ahmed. -- Sr. System Engineer Folio3 Pvt. Ltd URL : http://www.clickmarks.com email : asimak77@gmail.com MSN : asimak77@hotmail.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
im not sure about how VMWARE set-up the network card configurations but one thing im sure of is that Shorewall NAT is just working fine. If not, i think most of the shorewall advanced users already in deep trouble... On 8/23/06, Asim Ahmed Khan <asimak77@gmail.com> wrote:> > Hi Tom, > > I am having a really strange problem. We have two broadband connections from > different vendors. I''ve installed VMWARE over a windows XP machine and > created two instances of Fedora Core 4 box on it. On each instance I''ve > installed Shorewall 3.0.5 and using them as different gateways for users on > my LAN. Since almost last 4 months I''ve been using this setup without any > problem. > > Recently our partner offices in US and Japan setup a vpn server to give us > access to thier machines. The problem is that while trying to connect to > remote VPN servers we get a host of different error codes. And in most cases > as a work around it suggested that may be your NATTING device is not > functioning properly. Some times though we successfully connect to VPN. > > Do you or anyboby else know about any such issue with Shorewall or shorewall > over a vmware instance OR may be issue with FC4 ? > > any help would be appriciated greatly ! > > Regards, > > - Asim Ahmed. > > -- > Sr. System Engineer > Folio3 Pvt. Ltd > URL : http://www.clickmarks.com > email : asimak77@gmail.com > MSN : asimak77@hotmail.com > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > >------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Wed, 2006-08-23 at 15:34 +0500, Asim Ahmed Khan wrote: First of all, there are no ''Urgent'' or ''Critical'' problems when free software is involved. When I see either of those words in the title of a mail message, I defer reading the message for at least two hours.> I am having a really strange problem. We have two broadband > connections from different vendors. I''ve installed VMWARE over a > windows XP machine and created two instances of Fedora Core 4 box on > it. On each instance I''ve installed Shorewall 3.0.5 and using them as > different gateways for users on my LAN. Since almost last 4 months > I''ve been using this setup without any problem. > > Recently our partner offices in US and Japan setup a vpn server to > give us access to thier machines.VPN is such a generic term as to be meaningless in this context. a) What VPN technology (IPSEC, IPSEC/L2TP, PPTP, OpenVPN, ...)? b) Where are the clients relative to the Shorewall systems?> The problem is that while trying to connect to remote VPN servers we > get a host of different error codes. And in most cases as a work > around it suggested that may be your NATTING device is not functioning > properly. Some times though we successfully connect to VPN. > > Do you or anyboby else know about any such issue with Shorewall or > shorewall over a vmware instance OR may be issue with FC4 ?I don''t run FC4. I only run VMWare to test installation and basic functioning of Shorewall on different distributions (currently, I have Debian and FC5 running under VMWare). So without knowing more about what is actually happening, I cannot help you. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On 23 Aug 2006 at 15:34, Asim Ahmed Khan wrote:> Do you or anyboby else know about any such issue with Shorewall or > shorewall over a vmware instance OR may be issue with FC4 ?It seems vastly more likely that the problem lies within the windows XP or the Vmware than with shorewall or FC4. Are you using bridged or Nat for your Vmware virtual Nics? I submit for your consideration that you have the setup exactly inside out, and should put Linux on the machine and run windows in Vmware. -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 . ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Wed, 2006-08-23 at 09:03 -0800, John S. Andersen wrote:> On 23 Aug 2006 at 15:34, Asim Ahmed Khan wrote: > > > Do you or anyboby else know about any such issue with Shorewall or > > shorewall over a vmware instance OR may be issue with FC4 ? > > > It seems vastly more likely that the problem lies within the windows > XP or the Vmware than with shorewall or FC4. > > Are you using bridged or Nat for your Vmware virtual Nics? > > I submit for your consideration that you have the setup exactly > inside out, and should put Linux on the machine and run > windows in Vmware. >I agree that the current configuration has a lot of extra "moving parts" which complicate problem diagnosis. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Robert K Coffman Jr - Info From Data
2006-Aug-24 14:46 UTC
Re: Critical Shorewall / VPN problem
> The problem is that while trying to connect to remote VPN servers we > get a host of different error codes. And in most cases as a work > around it suggested that may be your NATTING device is not functioning > properly. Some times though we successfully connect to VPN. > > Do you or anyboby else know about any such issue with Shorewall or > shorewall over a vmware instance OR may be issue with FC4 ?I used to run Leaf Bering/Shorewall on VMWare Workstation, then GSX. I had a problem with accessing Remote Desktop (3389) via DNAT. The logon screen would be displayed, but after entering user/pass, the connection would timeout and drop. In the VMWare logs, I could see error messages relating to "packets slipping" or something like that. So check there. I haven''t tried with any of the recently released VMWare server versions. I concluded that it was a problem in the VMWare virtual switch. Moving back to physical hardware, the problem did not occur. - Bob Coffman ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642