Anyway to keep Shorewall from clipping user connections when a safe-restart is issued? I have a four zone configuration and everytime I restart the firewall it clips the users with RDP connections. If I do this on the other side or the "server" side (at our colo) there is no ill effect so I''m wondering if its a masq cache issue. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
On 09/25/2012 10:09 AM, Bert wrote:> Anyway to keep Shorewall from clipping user connections when a > safe-restart is issued? I have a four zone configuration and everytime I > restart the firewall it clips the users with RDP connections. If I do > this on the other side or the "server" side (at our colo) there is no > ill effect so I''m wondering if its a masq cache issue.Which version of Shorewall are you running? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Sorry for slow response I missed this email somehow. The version is 4.4.23.3. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, September 25, 2012 2:10 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] SW restart clips connections On 09/25/2012 10:09 AM, Bert wrote:> Anyway to keep Shorewall from clipping user connections when a > safe-restart is issued? I have a four zone configuration and everytime > I restart the firewall it clips the users with RDP connections. If I > do this on the other side or the "server" side (at our colo) there is > no ill effect so I''m wondering if its a masq cache issue.Which version of Shorewall are you running? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- This message was scanned by ESVA and is believed to be clean. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
On 9/26/12 6:04 PM, "Bert" <Bert@hubbsplace.org> wrote:>Sorry for slow response I missed this email somehow. The version is >4.4.23.3.Bert, Please don''t top-post. Are you using the Multi-ISP feature or Proxy ARP? -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
Don''t know what top posting is if I doing it sorry. Original message I mentioned masq cache when I should of said NAT. To answer your question I do use proxy arp but my issue is basic workstations are getting there connection clipped when I restart firewall. We use remote desktop protocol heavily and whenever I restart shorewall on the client side everyone gets bumped off but out at our colo I can restart shorewall and there is no effect on connections. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Wednesday, September 26, 2012 8:15 PM To: Shorewall Users Subject: Re: [Shorewall-users] SW restart clips connections On 9/26/12 6:04 PM, "Bert" <Bert@hubbsplace.org> wrote:>Sorry for slow response I missed this email somehow. The version is >4.4.23.3.Bert, Please don''t top-post. Are you using the Multi-ISP feature or Proxy ARP? -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users -- This message was scanned by ESVA and is believed to be clean. Click here to report this message as spam. http://esva.hubbsplace.org/cgi-bin/learn-msg.cgi?id=E44E027E6A.A3ACF -- This message was scanned by ESVA and is believed to be clean. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
On 9/26/12 7:21 PM, "Bert" <Bert@hubbsplace.org> wrote:>Don''t know what top posting is if I doing it sorry.Then I suggest that you try a Google Search for ''top-posting''.>Original message I mentioned masq cache when I should of said NAT.There is no such thing as ''masq cache''. Netfilter maintains a ''conntrack table'' which tracks all active connections, and which is not touched by ''shorewall restart''. It is purged by ''shorewall restart -p'' which I assume that you are not doing?> To answer your question I do use proxy arp but my issue is basic >workstations are getting there connection clipped when I restart >firewall. We use remote desktop protocol heavily and whenever I restart >shorewall on the client sideI assume that is the ''LAN side''?>everyone gets bumped off but out at our colo I can restart shorewall and >there is no effect on connections.Without the details of your configuration (Hint: Output of ''shorewall dump'' as an attachment), I can''t offer any guess. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html