search for: lan3

Dear Friends, I have been using shorewall for some years. I want to set up "shorewall 2" router behind firewall, accordind to this picture: I have lost at setuping "zone"-s (wifi, lan1, net). Plese help me ! Thanks, psw net | | SHOREWALL 1 ------- lan 1 | | |wifi | | SHOREWALL 2 ------- lan 2 | ---------------- lan 3

...in tcp-server mode VLAN's: lan2.201 lan2.202 lan2.203 tap1.201 tap1.202 tap1.203 Bridges: br201 (lan2.201, tap1.201) br202 (lan2.202, tap1.202) br203 (lan2.203, tap1.203) On the other end, the same type of server: Physical ethernet: lan1 - Ethernet port (Internet) lan2 - Ethernet port (LAN) lan3 - Ethernet port (LAN) lan4 - Ethernet port (LAN) Tunnel: tap1 - OpenVPN in tcp-client mode VLAN's: tap1.201 tap1.202 tap1.203 Bridges: br201 (lan2, tap1.201) br202 (lan3, tap1.202) br203 (lan4, tap1.203) Both servers are connected over Internet. This setup works. The server with the trunk p...

...loaded along the > way. A major problem with my system. I'm sorry for perhaps asking something entirely obvious, but have you tried: kernel-dir $ rsync -avr tools/testing/selftests/ root@$board:selftests/ board $ cd selftests/drivers/net/dsa/ board $ ./bridge_locked_port.sh lan0 lan1 lan2 lan3 ? This is how I always run them, and it worked fine with both Debian (where it's easy to add missing packages to the rootfs) or with a more embedded-oriented Buildroot.

I would like to route ssh in my network via DSL2 and all other trafic via DSL1. So far I menaged to do it for LAN2 but there are still WLAN1,LAN3 and LAN1 to go. On all routers I added table "pilicka" with rule for fwmark and I fwmarked ssh. # ip rule show 0: from all lookup local 32765: from all fwmark 0x3 lookup pilicka 32766: from all lookup main 32767: from all lookup default # iptables -L -t mangle Chain PREROUTING...

...--------------------- ETH1 ETH2 ETH3 ETH0 ETH4 -------------> DMZ ------------------------------ | | | -------------- Internal Router -------------- LAN1 LAN2 LAN3 I''ve add 3 records to rt_tables file T1, T2 and T3, and wrote scritp: ## -------------------------------- #1ISP P1_NET1="83.16.76.112" ETH1="eth1" IP1="83.16.76.114" R1="83.16.76.113" #2ISP P2_NET2="80.55.42.32" ETH2="eth2" IP...

...$gw1 Some more iptables rules which ban sending mails from different vlans/lans directly to public ips (both 1 and 2) $IPTABLES -A INPUT -p tcp -s $lan1 -d $publicip1 --dport $SMTP -j DROP \ $IPTABLES -A INPUT -p tcp -s $lan2 -d $publicip1 --dport $SMTP -j DROP \ $IPTABLES -A INPUT -p tcp -s $lan3 -d $publicip1 --dport $SMTP -j DROP \ Same rules we have for publicip2. But still we are not able to send emails from the $smtpserver running in the local lan to outside. Our requirement is like this smtpserver1 which is running postfix should only send/receive emails through publicip1 and smtps...

Dear Tom, Very, very thanks the quikly answer. It''s working. I made mistake on shorewall2 here, i wrote "wifi" zone to "eth0" /etc/shorewall/interfaces: net eth0 192.168.2.255 <---------- lan2 eth1 192.168.3.255 lan3 eth2 192.168.4.255 and don''t kept my mind the order in zone file. Thanks Tom Psw

Hello! I've got a problem with DNS,VPN and SAMBA. I do have 3 Linux servers on distinct subnets. (192.168.1.1 ,192.168.2.1 and 192.168.3.1). I have done a VPN between the 3 subnets and I could do a ping from 192.168.1.1 to the others without problems. Each sever has 2 network cards. One of them is connected to ADSL.

...|| \/ || LAN3 Internet <<<<ISP<<<UPlink <<<<Cisco router|| what i have done on linux is just a simple NAT and a redirect to Squid to force transparent cach...

...A major problem with my system. > > I'm sorry for perhaps asking something entirely obvious, but have you tried: > > kernel-dir $ rsync -avr tools/testing/selftests/ root@$board:selftests/ > board $ cd selftests/drivers/net/dsa/ > board $ ./bridge_locked_port.sh lan0 lan1 lan2 lan3 > > ? > > This is how I always run them, and it worked fine with both Debian > (where it's easy to add missing packages to the rootfs) or with a more > embedded-oriented Buildroot. I am not entirely clear of your idea. You need somehow to boot into a system with the patched n...

We switched over from a bordermanager firewall to a shorewall firewall. Some stuff is not working now. I realized that I had not created the route for the network that is not working however once I created it, it still didn''t work. Most of our network is fine however some pieces are not working. [Net] - [Shorewall] - [LAN] - [Cisco] - [Clients and servers not working] The firewall

On Tue, Mar 28, 2023 at 19:40, Ido Schimmel <idosch at nvidia.com> wrote: > On Sun, Mar 26, 2023 at 05:41:06PM +0200, Hans Schultz wrote: >> On Mon, Mar 20, 2023 at 10:44, Ido Schimmel <idosch at nvidia.com> wrote: >> >> + $MZ $swp1 -c 1 -p 128 -t udp "sp=54321,dp=12345" \ >> >> + -a $mac -b `mac_get $h2` -A 192.0.2.1 -B 192.0.2.2 -q >>

...isting. - have a AP in VLAN 4 on port a13 - And other 8 VLAN for other purpose. a1 | a3 a13 b12 b14 b23 |--------------------------------------------------------------------------------------------------| | VLAN1 LAN3 VLAN2 | |--------------------------------------------------------------------------------------------------| HP switch | VLAN2 | |-----------------------------------------...

...A major problem with my system. > > I'm sorry for perhaps asking something entirely obvious, but have you tried: > > kernel-dir $ rsync -avr tools/testing/selftests/ root@$board:selftests/ > board $ cd selftests/drivers/net/dsa/ > board $ ./bridge_locked_port.sh lan0 lan1 lan2 lan3 > > ? > > This is how I always run them, and it worked fine with both Debian > (where it's easy to add missing packages to the rootfs) or with a more > embedded-oriented Buildroot. The memory problems are of course on the embedded target. In that case I think it would be a ve...

Tom, I was upgrading a remote firewall, when upon restart, shorewall found a rule with a wrong zone and decided to not continue and stop itself. The problem now, is I cannot access that firewall over ssh anymore. One suggestion would be to instead of "shorewall stop" to have a basic emergency rule with only ACCEPT:info all all tcp ssh rule instead with DROP all policy. Shorewall could