search for: physout

...Oct 25 00:19:42 host3 --NAT-PREROUTING--IN=bridge OUT= PHYSIN=eth0 MAC=00:e0:4c:ff:02:5e:00:0a:95:f5:1b:fc:08:00 SRC=10.22.2.4 DST=212.27.33.225 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=2197 PROTO=ICMP TYPE=8 CODE=0 ID=233 SEQ=0 Oct 25 00:19:42 host3 --FILTER-FORWARD--IN=bridge OUT=bridge PHYSIN=eth0 PHYSOUT=eth1 SRC=10.22.2.4 DST=212.27.33.225 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=2197 PROTO=ICMP TYPE=8 CODE=0 ID=233 SEQ=0 Oct 25 00:19:42 host3 --NAT-POSTROUTING--IN= OUT=bridge PHYSIN=eth0 PHYSOUT=eth1 SRC=10.22.2.4 DST=212.27.33.225 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=2197 PROTO=ICMP TYPE=8 CODE=0 ID=...

...an0: Oct 6 17:05:46 cassini kernel: [ 2696.527510] IN=wlan0 OUT=eth0 SRC=192.168.200.10 DST=192.168.100.100 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=27165 DF PROTO=TCP SPT=59444 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Oct 6 17:05:46 cassini kernel: [ 2696.527588] IN=xenbr0 OUT=xenbr0 PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.200.10 DST=192.168.100.100 LEN=60 TOS=0x10 PREC=0x00 TTL=63 ID=27165 DF PROTO=TCP SPT=59444 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Oct 6 17:05:46 cassini kernel: [ 2696.527829] IN=xenbr0 OUT=xenbr0 PHYSIN=peth0 PHYSOUT=vif0.0 SRC=192.168.100.100 DST=192.168.200.10 LEN=60 TOS...

...e. If I boot Windows without /GPLPV option, everything works fine. I did some investigation and found out that the packages arrive differently if GPLPV is enabled. "br_inet" is a bridge connected to the DSL router via peth1. With /GPLPV: iptables log: IN=br_inet OUT=br_inet PHYSIN=tap3 PHYSOUT=peth1 SRC=10.10.11.250 DST=209.85.129.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=465 DF PROTO=TCP SPT=1050 DPT=80 WINDOW=65535 RES=0x00 ACK URGP=0 => Those packets are never forwarded to peth1. To be sure I verified this by using port mirroring on the switch that connects peth1 with the DSL rou...

...p flags:0x06/0x06 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x16/0x02 Jun 27 16:30:08 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap2 SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=46363 PROTO=UDP SPT=137 DPT=137 LEN=58 Jun 27 16:30:08 loc2road:ACCEPT:IN=br0 OUT=br0 PHYSIN=eth1 PHYSOUT=tap1 SRC=192.168.3.10 DST=192.168.3.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=46363 PROTO=UDP SPT=137 DPT=137 LEN...

...:f5:f0:26:00:18:01:5b:a8:72:08:00 SRC=207.172.176.168 DST= 192.168.1.6 LEN=52 TOS=0x00 PREC=0x00 TTL=253 ID=32555 DF PROTO=TCP SPT=45664 DPT=48232 WINDOW=8192 RES=0x00 SYN URGP=0 openvpn (3 types) Sep 14 23:46:54 veridian kernel: [618517.248260] Shorewall:vpn2phys:ACCEPT:IN=br0 OUT=br0 PHYSIN=tap0 PHYSOUT=eth0 SRC= 192.168.1.225 DST=192.168.1.255 LEN=96 TOS=0x00 PREC=0x00 TTL=128 ID=33 PROTO=UDP SPT=137 DPT=137 LEN=76 Sep 14 23:46:53 veridian kernel: [618516.835299] Shorewall:fw2lan:ACCEPT:IN= OUT=br0 SRC=192.168.1.6 DST=192.168.1.255 LEN=185 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=6...

Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards,

The bridging documentation (http://shorewall.net/2.0/bridge.html) has been expanded and there is a refresh of the bridging code (ftp://shorewall.net/pub/shorewall/Bridging and http://shorewall.net/pub/shorewall/Bridging). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

...xen-br0:peth0 *************************************************** So, the problem is that I don''t have peth0 (maybe because i''m using network-route). In fact, If I try to contact dom0 or any domU, in the log I see: Shorewall:FORWARD:REJECT:IN=xen-br0 OUT=xen-br0 PHYSIN=eth0 PHYSOUT=vif1.0 How can I intercept packet from eth0 in this case? :(( the "net" interface seems to ignore eth0 -- Davide Corio davide.corio@redomino.com Redomino S.r.l. C.so Monte Grappa 90/b - 10145 Torino - Italy Tel: +39 011 19502871 - Fax: +39 0...

...ome input into the proper way to set this up so that I can do all the normal Shorewall things properly like blocking like normal, port forwards, etc. ? I think my current setup mostly works, but I''m seeing messages like: Shorewall:FORWARD:REJECT:IN=vmbr0 OUT=vmbr0 PHYSIN=vmtab101i0 PHYSOUT=vmtab102i0 SRC=10.10.42.3 DST=10.10.42.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61722 DF PROTO=TCP SPT=47118 DPT=3260 WINDOW=5840 RES=0x00 SYN URGP=0 (some of these are from external machines to a virtual machine and mention eth1 as the physical - this one is both virtual machines) I''...

Hello, I have the need to connect 2 remote site with vpn, the windows pc of the 2 site it can share the HD and printer. This is my configuration : LOCAL NETWORK A : ip from 192.168.10.2 to 192.168.10.99 | | | | eth0: 192.168.10.1 FIREWALL A : ( with debian ; openvpn ver. 2.0.beta15 ; shorewall ver 2.0.11 ) eth1 : xxx.xxx.xxx.xxx ( pubblic ip address ) | | | | INTERNET | | | eth1 :

Hi Vene, Would appreciate any help you can give as I am not sure which NAT you are talking about. A little more background. I am replacing a Windows 2000 routing and remote access machine that was acting as the gateway and performing NAT for Internet access for our local clients. In this setup the cisco VPN clients had no problem connecting to the vpn concentrator. The only difference in any

...nfigured on top of a bridge (br0). Everything works fine but when I try to create firewall rules base on traffic that should go through tunnel0, the rule is not match. I have activated LOG for this particular issue and here is how the traffic is percieved by iptables : IN=br0 OUT=br0 PHYSIN=eth0 PHYSOUT=eth1 SRC=10.35.8.46 DST=10.10.30.251 LEN=84 TOS=0x00 PREC=0x00 TTL=61 ID=1 DF PROTO=ICMP TYPE=8 CODE=0 ID=61218 SEQ=1 IN=br0 OUT=tunnel0 PHYSIN=eth1 SRC=10.10.30.251 DST=10.35.8.46 LEN=84 TOS=0x00 PREC=0x00 TTL=62 ID=26665 PROTO=ICMP TYPE=0 CODE=0 ID=61218 SEQ=1 traffic in is seen on tunnel0 where...

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=479 ------- Additional Comments From kaber@trash.net 2006-05-22 14:42 MET ------- It is not entirely clear what you are trying to show with that LOG line. How is the traffic flowing, what do you expect? And why is it visible in plaintext on the br0 device? Please also include your kernel version. -- Configure bugmail:

...s: Feb 20 18:31:36 intel6550 kernel: martian source 217.237.149.142 from 192.168.0.4, on dev eth1 Feb 20 18:31:36 intel6550 kernel: ll header: 00:a0:24:29:5b:25:00:60:b0:67:2a:af:08:00 or on my own firewall-rules: Feb 20 18:36:46 intel6550 kernel: Forward-Routing: IN=xenbr0 OUT=xenbr0 PHYSIN=peth1 PHYSOUT=vif0.0 SRC=192.168.0.3 DST=217.237.150.205 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=35617 DF PROTO=UDP SPT=1060 DPT=53 LEN=40 how can I use routing with started xen-bridge? Every Computer at home has a fixed / hard IP-address (from the 192.168.0.x net) and only my internet-computer / gateway (192.168.0...

Hy, sorry for my poor english i think i''m having a very unusual problem and very dificult to track, but i''ll try to explain it as best as i can. here is my scenario: a firewall/bridge composed of 3 ethernet devices and 1 virtual one. my bridge (br0 ) is composed of eth0, eth1 and tap0 br0:eth0 is my connection to my router (200.244.92.1) br0:eth1 is my connection to my

Could the problem be that the e100 can do IP receive checksumming on the board, but the eepro driver doesn't enable it. When the board is doing checksum offload, then the csum field isn't set. Please try disabling receive checksumming on the e100 driver modprobe e100 XsumRX=0 If this is the problem, it exists both 2.4 and 2.6. On Wed, 27 Aug 2003 18:24:57 +0200 Hannes Schulz

Hi, I''m testing out Xen on FC4. I''m using bridging for networking, as well as iptables to firewall, configured with the standard Fedora ''system-config-security-level'' tool. However I have really strange problem with conntrack not seeming to catch outbound connections. This prevents outbound connections working from dom0. Connections from domU''s

...fw IP). For example, when I try to ping 192.168.178.1 (one of the routers between fw and the evil net) from a loc machine and set up Shorewall to log everything this keeps popping up in /var/log/messages: Jan 28 23:05:27 nostromo kernel: Shorewall:ursa2all:ACCEPT:IN=xenbr0 OUT=xenbr0 PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.144.41 DST=192.168.178.1 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=59455 SEQ=1 Jan 28 23:05:27 nostromo kernel: Performing cross-bridge DNAT requires IP forwarding to be enabled I don''t know what to do with the last line shown. Googling for tha...