Hi all, Thanks in advance for comments... I recently moved my office and changed ISPs. My old connection I had control over my own routing, with the new connection I specified that the ISP handle the upstream routing. My plan was to simply bridge my DMZ and control it in that manner. I''m having a problem with connection rate throttling across the bridge, and I''m wondering if I''m missing something. I have this in the hosts file: DMZIN br0:eth2 DMZEX br0:eth3 And a rule like this seems to not work: ACCEPT:info DMZEX DMZIN tcp 3389,3390,3391,3392,3393,3394 - - 1/min:2 shorewall.conf is set: BRIDGING=Yes And the box is running RHE4 (CentOS). -- Michael Cozzi cozzi@cozziconsulting.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Michael Cozzi wrote:> > I''m having a problem with connection rate throttling across the > bridge, and I''m wondering if I''m missing something. > > I have this in the hosts file: > > DMZIN br0:eth2 > DMZEX br0:eth3Which will cease working when you install kernel 2.6.20 -- you have been warned.> > And a rule like this seems to not work:"seems to not work"... Does that mean: a) Shorewall fails to start? b) Shorewall starts and your firewall immediately bursts into flames? c) Shorewall starts but the rule passes no traffic? d) Shorewall starts and passes all traffic? e) Shorewall starts but the rule allows 1.5 connections per minute? ...> > ACCEPT:info DMZEX DMZIN tcp > 3389,3390,3391,3392,3393,3394 - - 1/min:2 > > shorewall.conf is set: BRIDGING=YesPlease provide a complete problem report (including shorewall dump output) as described at http://www.shorewall.net/support.htm#Guidelines. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>> I''m having a problem with connection rate throttling across the >> bridge, and I''m wondering if I''m missing something. >> >> I have this in the hosts file: >> >> DMZIN br0:eth2 >> DMZEX br0:eth3 > >Which will cease working when you install kernel 2.6.20 -- you have been >warned.I don''t mean to hijack this thread, but is that because of dropping physdev support? -Russel -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.4/705 - Release Date: 2/27/2007 3:24 PM ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Russel wrote:>>> I''m having a problem with connection rate throttling across the >>> bridge, and I''m wondering if I''m missing something. >>> >>> I have this in the hosts file: >>> >>> DMZIN br0:eth2 >>> DMZEX br0:eth3 >> Which will cease working when you install kernel 2.6.20 -- you have been >> warned. > > I don''t mean to hijack this thread, but is that because of dropping physdev > support?Yes. It isn''t being completely dropped but it is being reduced to the point that it can no longer support Shorewall zone definition. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV