Displaying 20 results from an estimated 24 matches for "ursa".
Did you mean:
rsa
2004 Nov 06
2
Upgrade from Hell
For those of you running SuSE 9.1, I do not recommend upgrading to 9.2
at this time.
Refer to http://shorewall.net/myfiles.htm for information on my
configuration:
a) On Ursa:
1) After the upgrade, both of the NICs were recognized as "configured"
in YAST yet neither of them would start; ifup claimed that no
configuration could be found for either interface. Only got them running
again by deleting and re-adding them.
2) The MAC address of eth0 appeared to c...
2004 Dec 05
13
Adding dynamically more than one host at once?
Hi,
it seems not to be possible to add more than one host at once to a zone.
So
shorewall add br0:eth0:192.168.2.10,eth0:192.168.2.11 work
fails, since "br0:eth0:192.168.2.10,eth0" is interpreted as one interface.
--snip --
iptables v1.2.9: interface name `eth0:192.168.2.10,eth0'' must be shorter
than IFNAMSIZ (15)
Try `iptables -h'' or ''iptables
2009 May 29
5
CONNMARK target and connmark match support in Ubuntu kernel
Hi,
as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html
), it says
"Use of this feature requires that your kernel and iptables include
CONNMARK target and connmark match support (Warning: Standard Debian™
and Ubuntu™ kernels are lacking that support!)."
it means MultiISP wont work properly if i am using Ubuntu server. if
yes whats the
2004 Feb 13
6
Error: Rate Limiting only available with ACCEPT, DNAT[-], REDIRECT[-] and LOG
I think it would be nice to be able to rate limit an action, too..
suppose I have an action named Accept_good_source :
ACCEPT - - tcp - 1024:65535
ACCEPT - - udp - 1024:65535
and that i want to use it in an action called AllowCVS,
i can''t limit the cvs usage, but only the general use of
Accept_good_source...
same goes for userset...
as each rule will give one iptables command,
I
2003 Jan 15
5
HTB. QoS and Shorewall
Group,
I am reading about tc (traffic control) and willing to get my feet wet. As requirement, there should be HTB compiled in the kernel. I grabbed a Mandrake 8.2 distro, and didn''t installed the kernel source.
Anyone knows if the HTB is compiled in Mandrake 8.2, or point a way to find that out? I tried to read the /usr/src/kernel.xxxxx/.config file, but it doesn''t exists.
2004 Aug 17
4
Wild cards in "shorewall add" command
Hi
I am looking at converting a Linux terminal server box to iptables
using Shorewall 2.0. (At the moment it uses ipchains).
The server currently has scripts which are called as each user logs
in which run a series of "ipchains" commands to set the access
rights for that user (and again to cancel them when the user logs
out). My plan is to replace these scripts with ones that call
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2004 Sep 29
12
SPF screening implemented at shorewall.net
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Over the past weekend, I added SPF screening on the MTA at
shorewall.net. SPF is a mechanism for a domain to use DNS to publish a
list of those IP addresses that are used to send legitimate email from
that domain. A receiving MTA can use that published information to
determine if email from a domain is being sent through an MTA belonging
to that
2005 May 18
3
odd line in current CVS for firewall
>From a diff of my current shorewall firewall script with the new one
from the CVS today :
$ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall
[...]
673c910
< for network in $networks; do
---
> for networks in $networks; do
I don''t think that "for networks in $networks" works well.
--
-IAN! Ian! D. Allen Ottawa, Ontario,
2009 Jan 06
9
Test
Given that a 4-day silence on this list is almost unprecedented, thought
I had better send a test post. Apologies for the spam.
------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
2005 Feb 24
2
Re: 2.2 shorewall installation fails on suse 9.2
Laurent Moix wrote:
> Hi,
>
> I try to install shorewall 2.2 on suse 9.2.
>
> # rpm -ivh --nodeps /root/shorewall-2.2.1-1.noarch.rpm
> Preparing... ########################################### [100%]
> 1:shorewall ########################################### [100%]
> shorewall: unknown service
> shorewall: not a runlevel service
>
>
2005 Mar 09
13
Ways to get around DNS names in rules
I''m re-reading the section on dns names in the shorewall docs:
"I personally recommend strongly against using DNS names in
Shorewall configuration files. If you use DNS names and you
are called out of bed at 2:00AM because Shorewall won''t start
as a result of DNS problems then don''t say that you were not
forewarned."
Having been stung by this a few times
2008 Oct 20
1
[Fwd: Question]
I am forwarding this post to the Shorewall Users mailing list. The email
address ''support@shorewall.net'' is reserved for sending large or
confidential attachments to the Shorewall support team.
See http://www.shorewall.net/support.htm
-Tom
-------- Original Message --------
Subject: Question
Date: Mon, 20 Oct 2008 11:30:04 +0000
From: Raul <rfunez@polar.es>
To:
2006 Jan 28
3
Shorewall/Xen setup (correct from-address this time)
...er route/gateway/nameserver configured (set to the fw
IP). For example, when I try to ping 192.168.178.1 (one of the routers between
fw and the evil net) from a loc machine and set up Shorewall to log everything
this keeps popping up in /var/log/messages:
Jan 28 23:05:27 nostromo kernel: Shorewall:ursa2all:ACCEPT:IN=xenbr0 OUT=xenbr0
PHYSIN=vif0.0 PHYSOUT=peth0 SRC=192.168.144.41 DST=192.168.178.1 LEN=84
TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=59455 SEQ=1
Jan 28 23:05:27 nostromo kernel: Performing cross-bridge DNAT requires IP
forwarding to be enabled
I don''t know...
2005 Jan 11
5
Problem starting Shorewall using Bridge configuration
Hi
I have recently reconfigured my system to a Bridge based architecture on the
basis that I have an ADSL Modem/Router with a Public address on the Wan side
and a Private address on the Lan side.
I am running a Debian based system kernel 2.6.7 and the Bridging software is
installed and working correctly, including startup etc.
The problem that I have is in "shorewall start"
The
2004 Dec 08
9
Kernel/iptables question
As suggested here:
http://lists.shorewall.net/pipermail/shorewall-users/2004-October/015097.html
I''ve run:
adam@shrike:~$ /sbin/iptables -m policy --help
iptables v1.2.11
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
--snip--
And:
adam@shrike:~$ sudo
2002 Nov 15
1
MAC Server support
Hi all,
I needed to have a kind of MAC support for rule servers as I do DNAT to
hosts that are
served by a DHCP server.
So I did the following :
When Shorewall script find a MAC address as a server, it tries to get his
IP thru the
arp table and then "resolve" the ARP address to the IP address of the client.
Of course the main limitation of this is that you''ll have to
2006 Mar 15
1
shorewall config
...**************************************
fw firewall #Domain 0
xen ipv4 #Domain 0 on the bridge
dmz ipv4 #other domains
net ipv4
***************************************************
/etc/shorewall/hosts:
***************************************************
ursa xen-br0:vif0.0
dmz xen-br0:vif+
net xen-br0:peth0
***************************************************
So, the problem is that I don''t have peth0 (maybe because i''m using
network-route).
In fact, If I try to contact dom0 or any domU, in the log I see:
Shorewall:FORWARD...
2007 Jul 14
0
tree connect failed: NT_STATUS_ACCESS_DENIED
...encrypt passwords = Yes
hosts allow = All
log file = /var/log/samba/log.%m
usershare max shares = 100
log level = 9
interfaces = eth3 172.31.201.186
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[uploaded_files]
comment = URSA design and renders directory
inherit acls = Yes
path = /srv/www/htdocs/public/uploaded_files/
write list = wwwrun, peter, robb, mike
force user = wwwrun
force group = www
create mask = 0666
directory mask = 0666
I know it's not much to g...
2006 Mar 29
1
ruby in the enterprise
Hi all, please forgive me for such a newbie question, but I thought it would
best to tap the wealth of experience here.
I''m a new Rails guy but I''m evaluating frameworks for use in an intranet at
a back whose internal systems are Oracle on linux. For now all my data will
be on a dedicated box but down the road I may need to make calls into other
databases hosted on other