search for: eth2_fwd

...---------------------------------------------------- Setting up TCP Flags checking... iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0'' not found Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/usr/sbin/iptables -A eth2_fwd -p tcp -s 169.254.0.0/16!169.254.1.0/24 -j tcpflags" Failed Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/shorewall: line 742: 9333 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart -------------------------------------...

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

...in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 302K 170M eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 1095K 409M eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 752K 360M eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:DROP:'' 0 0 DROP all...

...in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 34 15323 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 56 13757 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'' 0 0 reject al...

...in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 302K 170M eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 1095K 409M eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 752K 360M eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:DROP:'' 0 0 DROP all...

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

...tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 26 1688 ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 4 170 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 24 1592 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:...

...e destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 42 2332 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 21 1384 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 6 384 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'' 0 0...

...* 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 29 1555 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 29 1405 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 eth3_fwd all -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags...

...in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 99 4761 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 736 155K eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 579 68667 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 1 packets, 60 bytes) pkts bytes target prot opt in ou...

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

...destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 43951 9522K eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 42821 2267K eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 3636 787K eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt i...

...OP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 413 61925 eth0_fwd ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 237 12324 eth1_fwd ah -- eth1 * 0.0.0.0/0 0.0.0.0/0 176 16908 eth2_fwd ah -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 eth3_fwd ah -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/0...

...0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 17 1080 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 38 2916 br0_fwd all -- br0 * 0.0.0.0/0 0.0.0.0/0 2 96 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:DROP:...

...S tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 55 9423 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0 109 8764 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0 168 52365 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'...

Hi, I get frequent logfile entries from Shorewall similar to the following: Nov 25 11:22:51 10.0.0.248 kernel: Shorewall:net2mill:DROP:IN=eth2 OUT=eth0 SRC=202.96.117.50 DST=10.0.0.10 LEN=56 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=10.0.0.10 DST=202.101.167.133 LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=13591 DF PROTO=TCP INCOMPLETE [8 bytes] ] Could someone explain what the

...' -f /tmp/shorewall.nm8830/iprange '']'' + /sbin/iptables -A eth0_in -m state --state NEW,INVALID -j dynamic + for interface in ''$ALL_INTERFACES'' ++ forward_chain eth2 +++ chain_base eth2 +++ local c=eth2 +++ true +++ case $c in +++ echo eth2 +++ return ++ echo eth2_fwd + createchain eth2_fwd no ++ chain_base eth2_fwd ++ local c=eth2_fwd ++ true ++ case $c in ++ echo eth2_fwd ++ return + local c=eth2_fwd + run_iptables -N eth2_fwd + ''['' -n '''' '']'' + ''['' -n Yes '']'' + ''...

Hy, sorry for my poor english i think i''m having a very unusual problem and very dificult to track, but i''ll try to explain it as best as i can. here is my scenario: a firewall/bridge composed of 3 ethernet devices and 1 virtual one. my bridge (br0 ) is composed of eth0, eth1 and tap0 br0:eth0 is my connection to my router (200.244.92.1) br0:eth1 is my connection to my