Dear Lists, I have problem regarding multipath connection to internet behind NAT. I use 2.4.26 kernel in RH-9.0 with Julian Anastasov patch, and version iproute2-ss020116 (Fedora RPM package). Dual homing and dead gateway detection work fine as we expected, the problem is , everytime we hit site that have redirect page address (URL no absolute), it''s doesn''t reply. (ex: www.mild.com, www.kompas.com). My shorewall version is shorewall-1.4.7-1, Please help me. Regards reza
Mohammad Reza wrote:> ... > I have problem regarding multipath connection to internet behind NAT. > > I use 2.4.26 kernel in RH-9.0 with Julian Anastasov patch, and version > iproute2-ss020116 (Fedora RPM package). > > Dual homing and dead gateway detection work fine as we expected, the > problem is , everytime we hit site that have redirect page address (URL > no absolute), it''s doesn''t reply. (ex: www.mild.com, www.kompas.com). > > My shorewall version is shorewall-1.4.7-1,Some advice from a fellow user: if you expect to get any help from this list, Tom will tell you to upgrade to 1.4.10f. Applicable log messages would probably help, too. :-) I can''t help much, except to say that it doesn''t sound like a shorewall problem, but some sort of routing issue. -- Paul Gear, Manager IT Operations, Redlands College 38 Anson Road, Wellington Point 4160, Australia (Please send attachments in portable formats such as PDF, HTML, or OpenOffice.) -- The information contained in this message is copyright by Redlands College. Any use for direct sales or marketing purposes is expressly forbidden. This message does not represent the views of Redlands College.
>From: Tom Eastep <teastep@shorewall.net> >Reply-To: Mailing List for Shorewall Users <shorewall-users@lists.shorewall.net> >To: Mailing List for Shorewall Users <shorewall-users@lists.shorewall.net> >Subject: Re: [Shorewall-users] (no subject) >Date: Sun, 04 Jul 2004 08:44:47 -0700 > >Tom Eastep wrote: >>Nick . wrote: >> >>>Hello >>> >>>I am having trouble getting portsentry to work with shorewall. I >>>can run portsentry with iptables fine but as soon as I install >>>shorewall and go to start portsentry again I get this error >>> >>>quote:Jul 3 22:53:23 portsentry[8128]: adminalert: Psionic >>>PortSentry 1.1 is starting. >>>Jul 3 22:53:23 portsentry[8129]: adminalert: Going into listen >>>mode on TCP port: 49999 >>>Jul 3 22:53:23 portsentry[8129]: adminalert: ERROR: could not bind >>>TCP socket: 49999. Attempting to continue >> >> >>Try ''netstat -tnap'' and see who is already listening on port 49999. > >I suppost that the socket need not be in LISTEN state -- the normal >local socket range for Linux is 32768 - 61000 so port 49999 can be >grabbed as a dynamic local port number. > >You probably don''t see any problem if you fire up portsentry during >boot and then don''t touch it but if you leave it stopped for a while >there is a chance that a socket will be bound to that address and >you won''t be able to start portsentry again. I suspect that is what >you are seeing; at any rate, the problem doesn''t have anything to do >with the fact that you are now running Shorewall -- Shorewall can''t >stop sockets from being bound to ports. > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe: >https://lists.shorewall.net/mailman/listinfo/shorewall-users >Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm Hello Mr.Eastep That is exactly what the problem was, portsentry could not bind to port 49999 because it was alread running and listening to that port. I spent three days with this problem. Duh@me! Thanks for the feedback :o) Take care _________________________________________________________________ Add photos to your e-mail with MSN Premium. Get 2 months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Nick . wrote:> That is exactly what the problem was, portsentry could not bind to > port 49999 because it was alread running and listening to that port. I > spent three days with this problem. Duh@me!As my Grandfather used to say: "Experience is what you get when you are looking for something else". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net