search for: eth1_masq

In the panic of replacing our firewall(s) earlier in the week, we ended up moving our original shorewall 1.4 config onto a machine with 2.0.10 already installed, overwriting all the 2.0.10 config files. Most things seem to work fine, except for our masq entries. I''ve examined the default 2.0.10 files compared with our 1.4 files, and can''t spot the problem. What am I missing?

I just recompiled a plain vanilla 2.4.28 kernel, and used the Shorewall.net kernel config as a guideline. For some reason, I get this: Nov 30 12:05:34 fw shorewall: Shorewall has detected the following iptables/netfilter capabilities: Nov 30 12:05:34 fw shorewall: NAT: Available Nov 30 12:05:34 fw shorewall: Packet Mangling: Available Nov 30 12:05:34 fw shorewall: Multi-port Match:

...CEPT) target prot opt source destination net_dnat all -- 0.0.0.0/0 0.0.0.0/0 net_dnat all -- 0.0.0.0/0 0.0.0.0/0 loc_dnat all -- 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth1_masq all -- 0.0.0.0/0 0.0.0.0/0 eth2_masq all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain eth1_masq (1 references) target prot opt source destination MASQUERADE all -- 192.168.0.0/24...

...c 24.235.240.15 ip rule add from 66.11.173.224 table 11 ip rule add from 24.235.240.15 table 12 My iptables "nat" setup looks like this: Chain POSTROUTING (policy ACCEPT 364 packets, 26735 bytes) pkts bytes target prot opt in out source destination 258 19801 eth1_masq all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 ppp0_masq all -- * ppp0 0.0.0.0/0 0.0.0.0/0 Chain eth1_masq (1 references) pkts bytes target prot opt in out source destination 252 19021 SNAT all -- * * 10.75....

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi All, As you probably all know :-) I''m trying to do the multi-isp thing. I''ve resolved my last issue with the route_rules as suggested by Tom and Jerry suggested. Lately I have been seeing "transient" (I say transient because the problem will persist for a while and then magically clear itself up some number of minutes later) situations where my gateway will log:

...ACCEPT) target prot opt source destination net_dnat all -- anywhere anywhere net_dnat all -- anywhere anywhere loc_dnat all -- anywhere anywhere Chain POSTROUTING (policy ACCEPT) target prot opt source destination eth1_masq all -- anywhere anywhere eth2_masq all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain eth1_masq (1 references) target prot opt source destination masq2 all -- 192.168.2.0/24...

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

...source > destination > 1 60 MARK tcp -- * * 0.0.0.0/0 ! > 192.168.0.0/16 tcp dpt:22 MARK set 0x5 > 7 420 MARK tcp -- * * 0.0.0.0/0 ! > 192.168.0.0/16 tcp dpt:25 MARK set 0x5 > > Chain eth1_masq (1 references) > pkts bytes target prot opt in out source > destination > 7 420 SNAT all -- * * 192.168.0.2 > 0.0.0.0/0 to:80.18.151.125 > 10 677 SNAT all -- * * 0.0.0.0/0 > 0.0.0.0/0 to:80...

...ROTO=TCP SPT=1062 DPT=4662 WINDOW=65535 RES=0x00 SYN URGP=0 NAT Table Chain PREROUTING (policy ACCEPT 321 packets, 17177 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 151 packets, 9048 bytes) pkts bytes target prot opt in out source destination 1 60 eth1_masq all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 145 packets, 9162 bytes) pkts bytes target prot opt in out source destination Chain eth1_masq (1 references) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 192.168.1.0/24 0.0.0.0/0 Mangle Table Chain P...

...GP=0 NAT Table Chain PREROUTING (policy ACCEPT 2221K packets, 115M bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 2530K packets, 117M bytes) pkts bytes target prot opt in out source destination 7200 433K eth1_masq all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 630K packets, 51M bytes) pkts bytes target prot opt in out source destination Chain eth1_masq (1 references) pkts bytes target prot opt in out source destination 9...