search for: vonau

----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, August 19, 2004 08:06 Subject: Re: [Shorewall-users] Two Links and DNAT > > > > Btw, by "shorewall show nat" I just noticed that I wa...

...and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but none is changed Many thanks to All > Da: > Jerry Vonau <jvonau@shaw.ca> > Rispondi-a: > shorewall-users@lists.sourceforge.net > A: > shorewall-users@lists.sourceforge.net > Oggetto: > Re: [Shorewall-users] Multiple > ISPs: How to force > tr...

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

hi list, oh it''s not really a problem. Each time i fire shorewall, i run a custom iptables script: (for the openvpn machines to have route back from my bridge/fw - $SOURCEIP is the ip of my OpenVPN/Fw/bridge) iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP i wish to better integrate it within shorewall, so is there any config files that could achieve the

Hello, I have been running Shorewall for quite some time at an ISP client of mine to protect his LAN. We have just upgraded to 2.2.4 and he now wants to put his servers in a DMZ. The servers have public IPs in two classes xxx.xxx.79.0 and xxx.xxx.242.0. The public IP on the router for each class is xxx.xxx.79.126 and xxx.xxx.242.126. I am using masq and 192.168.1.0 on eth0 LAN I have tried

Hello, I tried to find the answer to my problem already but it is a specialised one I think because nothing was found. I previously have a ISP who was very fast ("extreme speed" service from Cable Modem) but that blocked SMTP port and some other for poor non-commercial users... And it gives dynamic addresses so no DNS at home without tricks... So I went to another

I have produced RedHat 9.2.2-22 RPMS that include the ISC "delegate-only" patch that helps thwart Verisign''s wildcard .com and .net hijacking. These RPMs seem to run fine on RH9 (I''ve been running them since yesterday on ns1.shorewall.net). ftp://shorewall.net/pub/misc/ -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net

Hi! I guess I just overread the part I need, I checked the FAQ and online-documentation, but could not find the solution for my problem: I have a server with 1 external IP and a LAN behind, where I need ports to be forwarded like this: external 1.2.3.4:81 forwarded to internal 192.168.1.1:80 external 1.2.3.4:82 forwarded to internal 192.168.1.2:80 and so on .. (for configuring/accessing the

Hi to all. I previously have a working shorewall setup running under Fedora Core 3 with shorewall version 2.0.13-1 and iptables version 1.2. I simply performed an rpm -Uvh and after that I tried starting shorewall and its giving me a "cant find iptables executable". I thought I need to upgrade iptables so I upgraded to version 1.3.0 but shorewall still has the same error. I already check

My need: Considering a Sendmail relay running on the firewall (IP: 200.1.1.1), I need all TCP/SMTP outgoing connections to the Internet appers to be from another ISP allocated external IP (200.1.1.2), not the main FW''s IP. As stated in Docs (http://shorewall.net/shorewall_quickstart_guide.htm#id2485947), I read Setup Guide to try to solve my problem but I cannot figure out how to change

The Shorewall support page advocates including the output of "shorewall status" with problem reports that involve some sort of connection problem. I suspect that the number of people who feel comfortable analyzing problems through use this output is small. To help, I''ve created http://shorewall.net/AnalyzingShorewallStatus.html I suspect that the document isn''t

...tual hosts. Thanks for any suggestions you can make ... rc -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net on behalf of Tom Eastep Sent: Mon 8/1/2005 8:01 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Apache Virtual Hosts Problem Jerry Vonau wrote: > I''ll bet that apache can''t resolve it''s own virtual hostnames, with the firewall > inplace, outbound dns request maybe blocked, while without the firewall, > the lookups complete. I''ll guess the hosts file may not be setup for the virtual > h...

I have two external interfaces in a Multi-ISP config. I allow access to port 81 for a webcam, but I only want that to work for one of the interfaces, and I want to limit the connections to it by maximum time for one user, or failing that, maximum connections, as people just leave it running on their desk all day (it''s a Caribbean beach so people sit and dream). ow do I do that as

I tried to the new GATEWAY option in /etc/shorewal/interfaces file but it didnt work. My network setting consists of 2 ISPs line and i would like to have eth0 to connect to for example, 192.168.15.254 while eth1 connected to 192.168.33.254. I restarted shorewall and nothing is wrong. However, the traffic still goes to the default gateway as shown in "route -n" command. For example, i

Hi Alex, and thanks for your time. Probably not. The servers are only configured like they where when they where parallel to the fw. Just the default gateway, same as for the external interface on the fw. That''s what the documentation instructed to configure the servers using arp. But is it required with extra configuration on the server connected via proxy arp? Or is it some parameter

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

Ihave the following line in the rules list: .

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

I have a setup with two Internet providers. One circuit (net0 == eth1) is used primarily for employees and tunnels to other sites. The other (net1 == eth2) is for the production machines that customers access. Everythung works in teh sense that packets get to where they are sent (mostly) but I recently I had a sniffer on the system and noticed a problem I cannot solve. traffic coming in