http://www.shorewall.net/support.htm#Guidelines d.
root@joule:/home/peter# shorewall status
Shorewall-4.4.11.6 Status at joule - Tue Feb 26 20:01:32 PST 2013
Shorewall is running
State:Started (Tue Feb 26 18:33:00 PST 2013)
e. From an attempted ftp connection, 142.103.107.137
to the ISP, 64.59.128.134, ...
f. ... the shorewall_dump.txt.bz2 is attached.
Nevertheless the connection works for Cantor,
172.24.1.2, to the ISP, 64.59.128.134.
Thanks for any correction or advice,
... Peter E.
P.s. Network configuration is here
http://carnot.yi.org/NetworkExtant.jpg
and configuration data here.
http://carnot.yi.org/NetworksPage.html
P.p.s. http://www.shorewall.net/support.htm#Guidelines
asks for /tmp/status.txt but the intention must have
been /tmp/shorewall_dump.txt.
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
On 27/02/13 04:53, peasthope@shaw.ca wrote:> http://www.shorewall.net/support.htm#Guidelines d. > > root@joule:/home/peter# shorewall status > Shorewall-4.4.11.6 Status at joule - Tue Feb 26 20:01:32 PST 2013 > > Shorewall is running > State:Started (Tue Feb 26 18:33:00 PST 2013) > > e. From an attempted ftp connection, 142.103.107.137 > to the ISP, 64.59.128.134, ... > > f. ... the shorewall_dump.txt.bz2 is attached. > > Nevertheless the connection works for Cantor, > 172.24.1.2, to the ISP, 64.59.128.134. > > Thanks for any correction or advice, > ... Peter E. > > P.s. Network configuration is here > http://carnot.yi.org/NetworkExtant.jpg > and configuration data here. > http://carnot.yi.org/NetworksPage.html > > P.p.s. http://www.shorewall.net/support.htm#Guidelines > asks for /tmp/status.txt but the intention must have > been /tmp/shorewall_dump.txt. > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersPerhaps someone else will get a better grip on this I''m struggling somewhat to work out what exactly is going where you have a lot of different components and some (Like the VPN) are in a position where they complicate the issue. My advise in this situation is to consider doing what I would do, start from the beginning with just the most basic setup you can get working ie direct connection from the firewall to the internet, no VPN link active. Make sure you can get that working then make sure it works from the hosts behind the firewall on that side. Similar strategy on Dalton''s side then only once you have all machines on both sides with working connectivity you can bring up the VPN link and make sure that all works as intended and check you have things routing where you want them to go. It may sound like a lot of hastle but when you have any setup with lots of parts and where you are building on additional parts which have dependencies bellow them (Ex the VPN link is dependant on the functioning of the links it runs over) it makes sense to systematically confirm all of those and then try adding each new piece until something breaks, then you have one problem to fix and know exactly where. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
From: Matt Joyce <mjoyce@mttjocy.co.uk> Date: Wed, 27 Feb 2013 08:01:50 +0000> ... start from the beginning with just the most basic setup ...Here is an observation. The primary complaint is lack of connectivity from Dalton to the Shaw FTP, POP and SMTP servers. If this line is added to joule:/etc/shorewall/masq then FTP from Dalton to Shaw works. MainBoard 10.4.0.2/32 Although Dalton is in the 172.24.0.0/16 subnet, with interface 172.24.1.1, this line in masq is insufficient to give the connectivity. MainBoard 172.24.0.0/16 My naive explanation is that 10.4.0.2 is the tunnel interface whereas 172.24.x.y are other interfaces. If anyone can correct this or elaborate, thanks, ... Peter E. -- 123456789 123456789 123456789 123456789 123456789 123456789 123456789 12 Tel +13606390202 Bcc: peasthope at shaw.ca http://carnot.yi.org/ "http://members.shaw.ca/peasthope/index.html#Itinerary " ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
On 2/28/13 8:34 AM, "peasthope@shaw.ca" <peasthope@shaw.ca> wrote:>From: Matt Joyce <mjoyce@mttjocy.co.uk> >Date: Wed, 27 Feb 2013 08:01:50 +0000 >> ... start from the beginning with just the most basic setup ... > >Here is an observation. >The primary complaint is lack of connectivity >from Dalton to the Shaw FTP, POP and SMTP servers. >If this line is added to joule:/etc/shorewall/masq >then FTP from Dalton to Shaw works. >MainBoard 10.4.0.2/32 > >Although Dalton is in the 172.24.0.0/16 subnet, >with interface 172.24.1.1, this line in masq is >insufficient to give the connectivity. >MainBoard 172.24.0.0/16 > >My naive explanation is that 10.4.0.2 is the >tunnel interface whereas 172.24.x.y are other >interfaces. If anyone can correct this or >elaborate, thanks, ... Peter E.Has anyone been successful at looking at Peter''s shorewall dump output? I unzip it and it is still mostly binary nonsense. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
From: Tom Eastep <teastep@shorewall.net> Date: Thu, 28 Feb 2013 18:03:09 -0800> ... shorewall dump output? I unzip it and it is > still mostly binary nonsense.My error. Explanation appended. Base64.Decoding and gunzipping this attachment should yield ASCII text with lines ending <CR><LF>. Sorry for the confusion, ... Peter E. ================This is how I spoiled the previous attachment. With icedove unable to send mail I used the Oberon mailer. Transferred the dump from Linux to Oberon and saved it as Oberon Text rather than ASCII text. The Oberon Text has a binary header and ends each line with <CR>. The plain ASCII dump is also available by HTTP. http://carnot.yi.org/shorewalldump.txt 40320 Bytes ================ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
On 02/28/2013 09:33 PM, peasthope@shaw.ca wrote:> > From: Tom Eastep <teastep@shorewall.net> > Date: Thu, 28 Feb 2013 18:03:09 -0800 >> ... shorewall dump output? I unzip it and it is >> still mostly binary nonsense. > > My error. Explanation appended. Base64.Decoding and gunzipping > this attachment should yield ASCII text with lines ending <CR><LF>. > Sorry for the confusion, ... Peter E. > > ================> This is how I spoiled the previous attachment. > With icedove unable to send mail I used the Oberon > mailer. Transferred the dump from Linux to Oberon and saved it as > Oberon Text rather than ASCII text. The Oberon Text has a binary > header and ends each line with <CR>. > > The plain ASCII dump is also available by HTTP. > http://carnot.yi.org/shorewalldump.txt 40320 BytesOn Dalton, are you masquerading traffic out of the VPN tunnel? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb