Hello I have DSL 2000 (2048 kbit/s download and 256 kbit/s upload) I have ping to fast sites very high: 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=3 ttl=50 time=2185 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=4 ttl=50 time=1983 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=5 ttl=50 time=1826 ms and I know why. I have 2 interfaces: eth0 - my local area network with interet access to DSL (on eth1 interface). And eth1 interface - DLS internet access. When I am looking on arp table I have computers from my local network on eth0, it is ok, and I have computers on eth1 network !! Why ? I have computers from france, germany, ponalnd, USA, I don''t know why. Sometimes I have 50 computers, sometimes 200 or more ! After shorewall reject each IP adress from eth1 interface my ping answer in about 18 ms, then it is good. But it is hard to reject all computers that I don''t want to on eth1 interface ! How to configure my shorewall files to resolve a problem ? My files: interfaces: net eth1 83.17.238.183 #blacklist loc eth0 192.168.1.255 dhcp#,maclist#,routeback masq: eth1 eth0 zones: net net loc loc dmz dmz routestopped: eth0 192.168.1.0/24 policy: loc net ACCEPT net loc ACCEPT loc fw ACCEPT fw loc ACCEPT net fw ACCEPT fw net ACCEPT net all DROP info all all REJECT info shorewall version: 2.4.0-RC1 -- Best wishes from Poland Maciek ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
On Sunday 23 October 2005 10:07, viuwier wrote:> Hello > > I have DSL 2000 (2048 kbit/s download and 256 kbit/s upload) > > I have ping to fast sites very high: > > 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=3 ttl=50 > time=2185 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): > icmp_seq=4 ttl=50 time=1983 ms 64 bytes from w2.rc.vip.scd.yahoo.com > (66.94.234.13): icmp_seq=5 ttl=50 time=1826 ms > > and I know why. I have 2 interfaces: eth0 - my local area network with > interet access to DSL (on eth1 interface). And eth1 interface - DLS > internet access. > > When I am looking on arp table I have computers from my local network > on eth0, it is ok, and I have computers on eth1 network !! Why ? I > have computers from france, germany, ponalnd, USA, I don''t know why.What is the output from "ip addr ls dev eth1"?> > > shorewall version: 2.4.0-RC1Why in the world are you running a 4-month old release candidate??? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Hello Tom !> What is the output from "ip addr ls dev eth1"?root@hades:~# ip addr ls dev eth1 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:30:4f:38:75:7f brd ff:ff:ff:ff:ff:ff inet 83.17.238.178/8 brd 83.255.255.255 scope global eth1> Why in the world are you running a 4-month old release candidate???I don''t need new version and new features :) -- best wishes from Poland, Maciej Kurkiewicz ICQ: 3385742 ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
viuwier wrote:> ... >>Why in the world are you running a 4-month old release candidate??? > > I don''t need new version and new features :)That''s not a good enough reason. If you want help here, you should be running a supported stable version (preferably the latest release of that version), which at the moment is 2.0, 2.2, & 2.4, but as soon as 3.0 is released ("Real Soon Now" :-), that list will be reduced to 2.4 and 3.0. In short, upgrade to 2.4.5 ASAP. Paul ------------------------------------------------------- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information
viuwier escribió:> > I don''t need new version and new features :) > >probably but RCx versions are development version and probably have problems, shorewall 2.4 stable versions were released a few months ago, you **should** use the released version. -- Cristian Rodriguez R. perl -e ''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''
Paul Gear escribió:> viuwier wrote: > > That''s not a good enough reason. If you want help here, you should be > running a supported stable version (preferably the latest release of > that version), which at the moment is 2.0, 2.2, & 2.4, but as soon as > 3.0 is released ("Real Soon Now" :-), that list will be reduced to 2.4 > and 3.0. In short, upgrade to 2.4.5 ASAP.Paul is right. version 3 will be released **very** soon, ( 2 weeks ..I think ) -- Cristian Rodriguez R. perl -e ''$_=pack(c5,0105,0107,0123,0132,(1<<3)+2);y[A-Z][N-ZA-M];print;''
On Sunday 23 October 2005 15:00, viuwier wrote:> Hello Tom ! > > > What is the output from "ip addr ls dev eth1"? > > root@hades:~# ip addr ls dev eth1 > 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:30:4f:38:75:7f brd ff:ff:ff:ff:ff:ff > inet 83.17.238.178/8 brd 83.255.255.255 scope global eth1If the above configuration is correct (which I''m doubtful), there 16 Million (2 ** 24) addresses that you might find in your ARP cache. I suspect that the /8 should be /24 (netmask 255.255.255.0 rather than 255.0.0.0). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key