search for: ipt_conntrack

Hello, I''ve tried to change ipt_conntrack hashsize and con under my debian charge but doesn''t work ! Ive got 2876Mb available for conntrack so I''ve done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002...

Hello, I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18 homemade kernel). When I start shorewall I got the following errors. Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30 11:13:57 fwr last message repeated 2 times Oct 30 11:14:06 fwr root: Shorewall Restarted The "shorewall status" output...

Hi! Taking into consideration the great speed with which the use of P2P filesharing systems is expanding, is there any plan of including ipp2p and ipt_CONNTRACK support into shorewall? I''m sure that many admins managing gateways would be very happy about it... Thanx, -- Mario R. Pizzolanti <mario@zavood.ee> Zavood O?

...4128 0 ip_conntrack_h323 4132 0 ipv6 232416 16 ipt_TOS 2240 12 ipt_MASQUERADE 3424 1 ipt_REJECT 6464 4 ipt_pkttype 1536 4 ipt_LOG 5312 10 ipt_state 1728 25 ipt_multiport 1856 0 ipt_conntrack 2304 0 iptable_mangle 2624 1 ip_nat_irc 4112 0 ip_nat_tftp 3376 0 ip_nat_ftp 4720 0 iptable_nat 23596 6 ip_nat_h323,ipt_MASQUERADE,ip_nat_irc,ip_nat_tftp,ip_nat_ftp ip_conntrack_irc 71316 1 ip_nat_irc ip_conntrack_tftp...

...'' -n /var/lib/shorewall/shorewall.xykwKq '']'' + rm -f /var/lib/shorewall/shorewall.xykwKq + set +x # lsmod Module Size Used by ipt_SAME 2560 0 ipt_REJECT 5504 0 ipt_state 2176 2 ipt_multiport 2304 0 ipt_conntrack 2560 0 iptable_mangle 2688 0 ip_nat_irc 4080 0 ip_nat_tftp 3280 0 ip_nat_ftp 4720 0 iptable_nat 21156 4 ipt_SAME,ip_nat_irc,ip_nat_tftp,ip_nat_ftp ip_conntrack_irc 71060 1 ip_nat_irc ip_conntrack_tftp 3476 0 ip_...

...Kernel 2.6.15-rc6 OOPS: > > kernel: general protection fault: 0000 [#1] > kernel: SMP > kernel: Modules linked in: ipt_REDIRECT ipt_LOG ipt_TOS ipt_TCPMSS ipt_tos > ip_nat_ftp ipt_tcpmss iptable_nat ip_nat iptable_mangle iptable_filter > ipt_multiport ipt_mac ipt_state ipt_limit ipt_conntrack ip_conntrack_ftp > ip_conntrack ip_tables af_packet ipv6 pcspkr floppy i2c_piix4 i2c_core > ohci_hcd usbcore aic7xxx scsi_transport_spi psmouse ide_disk ide_cd > cdrom genrtc > kernel: CPU: 0 > kernel: EIP: 0060:[<c019d70f>] Not tainted VLI > kernel: EFLAGS: 0001...

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

...root]# ls /lib/modules/2.4.18/kernel/net/ipv4/netfilter/ ip_conntrack_egg.o iptable_nat.o ipt_MARK.o ipt_REDIRECT.o ip_conntrack_ftp.o ip_tables.o ipt_MASQUERADE.o ipt_REJECT.o ip_conntrack_h323.o ipt_ah.o ipt_MIRROR.o ipt_state.o ip_conntrack_irc.o ipt_conntrack.o ipt_mport.o ipt_string.o ip_conntrack.o ipt_dscp.o ipt_multiport.o ipt_tcpmss.o ip_conntrack_rpc_tcp.o ipt_DSCP.o ipt_NETLINK.o ipt_TCPMSS.o ip_conntrack_rpc_udp.o ipt_esp.o ipt_nth.o ipt_time.o ip_nat_ftp.o ipt_helper.o ipt...

...s what I get for thinking. There is obviously something I am missing here but I am stumped ohyeah, [root@fumcbafw shorewall]# lsmod |grep mac ipt_mac 1144 2 (autoclean) ip_tables 14488 13 [ipt_mac ipt_TOS ipt_MASQUERADE ipt_REJECT ipt_LOG ipt_state ipt_multiport ipt_conntrack iptable_filter iptable_mangle iptable_nat] Any tips appreciated. Bret

....168.1.105) at 00:0C:6E:D7:65:D1 [ether] on eth0 ? (10.0.0.138) at 00:90:D0:39:56:A7 [ether] on eth1 Modules ipt_MASQUERADE 3968 1 ipt_REJECT 6528 4 ipt_LOG 6272 10 ipt_TCPMSS 4480 1 ipt_state 2304 16 ipt_pkttype 2048 4 ipt_recent 10252 0 ipt_iprange 2048 0 ipt_physdev 2320 0 ipt_multiport 2304 2 ipt_conntrack 2816 0 ip_nat_irc 4464 0 ip_nat_tftp 3696 0 ip_nat_ftp 4976 0 ip_conntrack_irc 71600 1 ip_nat_irc ip_conntrack_tftp 3888 0 ip_conntrack_ftp 72240 1 ip_nat_ftp ip_conntrack 32520 10 ipt_MASQUERADE,ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ipt able_nat,ip_conntrack_irc,ip_conntrack_tf...

...0 > > Modules > > ipt_REJECT 6912 4 > ipt_LOG 7232 10 > ipt_state 1920 17 > ipt_pkttype 1664 4 > ipt_recent 11276 0 > ipt_iprange 1792 0 > ipt_multiport 2496 0 > ipt_conntrack 2560 4 > ip_nat_irc 2432 0 > ip_nat_ftp 3136 0 > ip_conntrack_irc 72080 1 ip_nat_irc > ip_conntrack_ftp 73040 1 ip_nat_ftp > ip_conntrack 45208 7 ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_ftp,iptable_nat,ip_conntrack_...

...1184 4 ipt_CONNMARK 1696 0 ipt_MARK 1984 0 ipt_ROUTE 4260 0 ipt_connmark 1216 0 ipt_owner 2432 0 ipt_recent 9292 0 ipt_iprange 1312 0 ipt_physdev 1744 0 ipt_multiport 2112 0 ipt_conntrack 1792 0 ip_set_portmap 3840 0 ip_set_macipmap 3780 0 ip_set_ipmap 3872 0 ip_set_iphash 5924 0 ip_set 18876 8 ip_set_portmap,ip_set_macipmap,ip_set_ipmap,ip_set_iphash ip_nat_irc 1824 0 ip_nat_tftp 1216...

...eq snd_seq_device snd_pcm_oss snd_mixer_oss snd_intel8x0 snd_ac97_codec snd_pcm snd_timer snd_page_alloc snd soundcore lp parport_pc ppdev parport ipt_REJECT ipt_LOG ipt_state ipt_pkttype ipt_set ipt_CONNMARK ipt_MARK ipt_ROUTE ipt_connmark ipt_owner ipt_recent ipt_iprange ipt_physdev ipt_multiport ipt_conntrack iptable_mangle ip_set_portmap ip_set_macipmap ip_set_ipmap ip_set_iphash ip_set ip_nat_irc ip_nat_tftp ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_tftp ip_conntrack_ftp ip_conntrack iptable_filter ip_tables 8139too mii af_packet ide_cd loop ext3 jbd nls_iso8859_1 nls_cp850 vfat fat intel_a...

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

...moduleloader=modprobe ++ qt which modprobe ++ which modprobe +++ lsmod +++ grep ip_tables ++ ''['' -z ''ip_tables 23936 19 ipt_ROUTE,ipt_MASQUERADE,ipt_MARK,ipt_mark,ipt_CONNMARK,ipt_connmark,ipt_owner,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_REJECT,ipt_conntrack,ipt_pkttype,ipt_LOG,ipt_state,iptable_mangle,iptable_nat,iptable_filter'' '']'' ++ loadmodule iptable_filter ++ local modulename=iptable_filter ++ local modulefile ++ local suffix ++ moduleloader=modprobe ++ qt which modprobe ++ which modprobe +++ lsmod +++ grep iptable_filt...

...4032 1 ipt_REJECT 7104 4 ipt_LOG 6656 8 ipt_TCPMSS 4480 0 ipt_state 2112 19 ipt_pkttype 1792 4 ipt_recent 11148 0 ipt_iprange 1856 0 ipt_physdev 2192 14 ipt_multiport 2112 2 ipt_conntrack 2688 0 ip_nat_irc 4400 0 ip_nat_tftp 3504 0 ip_nat_ftp 5104 0 ip_conntrack_irc 71472 1 ip_nat_irc ip_conntrack_tftp 3760 0 ip_conntrack_ftp 72368 1 ip_nat_ftp ip_conntrack 35144 10 ipt_MASQUERADE,ipt_state,ipt_conn...

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Hello, You will find in attachment the layout of my current physical configuration. For now, the Cable ISP is not used. Since it is a dynamic ISP, my mailserver is rejected and my domain name registers on blacklists like ORDB and al. I want it to be used as a default gateway except for my mail server that would be seen as coming from my "honest" ADSL ISP. Here is

I''m tracking performance on the machine I installed yesterday. mutt running on one Xen instance, accessing via imap to another instance, accessing via nfs the maildir in another instances, seems little laggy when moving up and down the message index list. Network latency seems low < 30ms on average. So I was tracking vmstat. On the mutt instances is seems reasonable: [nic@shell:~]