similar to: [Bug 814] New: rpfilter blocks broadcast packets

https://bugzilla.netfilter.org/show_bug.cgi?id=814 Florian Westphal <fw at strlen.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fw at strlen.de --- Comment #1 from Florian Westphal <fw at strlen.de> 2013-04-12 10:24:14 CEST --- (In reply

https://bugzilla.netfilter.org/show_bug.cgi?id=1453 Bug ID: 1453 Summary: iptables-extensions(8) man page error (rpfilter) Product: iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: iptables Assignee: netfilter-buglog

https://bugzilla.mindrot.org/show_bug.cgi?id=1938 Bug #: 1938 Summary: EscapeChar sometimes don't work when using ControlMaster Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2

Hi all, I''m tring to isolate P2P traffic, specifically BitTorrent, for my QoS scripts. I can''t seem to completely isolate ALL BitTorrent traffic. I identify & mark packets and then use tc filters to put them into appropriate classes. My firewall rules (below) do the markings. My VoIP boxes'' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,

Hi, I know that this is a known problem but I don''t know the solution. I have a linux server with iptables, kernel 2.4.17. Now in logs appear (Debian): kern.log: Mar 1 23:12:55 cpie kernel: ip_conntrack: table full, dropping packet. Mar 1 23:13:56 cpie last message repeated 10 times Mar 1 23:13:59 cpie last message repeated 3 times Mar 1 23:14:10 cpie kernel: NET: 1 messages

Hi, I am generating a nice document with some inline code blocks and came around the following error: 1. asdf - \` asdf `` `asdf` `` produces: <ol> <li>asdf <ul><li>` asdf <code><code>asdf</code></code> </li></ul></li> </ol> instead of: <ol> <li>asdf <ul><li>` asdf

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hi all :) I have a masqueraded home lan as well as a friend of mine. I have set up two tinc daemons on both masquerading gateways and I have no trouble connecting (it works pretty smooth) and they show up in the syslog as configured after sending an USR1 / USR2 signal to the daemons. The trouble is the routing / firewalling of the packets. Maybe somebody could give me a hand here? :) The

Hello, If I set my network interface to have "logunclean" along with "dhcp,norfc1918,routefilter,noping,tcpflags", then when I connect to http://welcome.hp.com/country/us/eng/support.htm and choose any of the product I get this. logpkt:LOG:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00 SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239 ID=14025

When I start xen dom0 I get that same dhcp address for eth0 and for xen-br0, dom0 can talk to the world. If I start each of my 3 domU''s mannually, each guest gets a xen-br0 vif with a dhcp address and all 3 can talk to the outside world and each other (my "flat network"). What I want is a tiered network with the first domU acting as a firewall with 3 nics vif = [

sorry, i''m confuse where to post my problem.. i was post to shorewall-users, but must read to support.html this''s my problem ----------- i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect

I have problem getting answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00

Hi, I am getting occasional rejected packets like so: Jul 31 09:52:03 firewall kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.10.91 DST=132.147.22.6 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=55364 DF PROTO=TCP SPT=1147 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 Jul 31 09:52:46 firewall kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.10.26 DST=10.9.100.30 LEN=48 TOS=0x00

After installing Zebra for ripd to get win2k routes I am getting this May 20 23:24:20 ns1 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=64.42.53.202 DST=64.42.53.207 LEN=92 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=72 May 20 23:25:25 ns1 last message repeated 3 times I am new to zebra, so I am assuming that this is broadcasting to windoz for routes weird !!!

Hello with XEN 3.4.x antispoof=yes works on a bridge setup. I am using this line in xend-config.sxp (network-script ''network-bridge antispoof=yes'') It creates this under IPTABLES FORWARD chain: ACCEPT all -- anywhere anywhere PHYSDEV match --physdev-in peth0 Under XEN 4.0.1 it is not working, it does not create a IPTABLES rule. Customers can

Hi Attila, first of all, you should prefer posting support request on the NUT user mailing list (cc'ed) after having subscribed here: http://lists.alioth.debian.org/mailman/listinfo/nut-upsuser 2010/6/23 Attila wrote: > *Dear Arnaud Quette,* > > * > * > > I'm currently working with an IBM UPS should be connected to my Linux Debian system. > > I've read that

Hi folks, I am trying to get antispoofing running on xen3 (based on Debian Sarge). This is what I have done to enable it: 1. I have compiled a dom0 kernel with CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m 2. I made sure this module is loaded: lsmod gives xt_physdev (among others). 3a. I have changed the line "(network-script network-bridge)" to "(network-script network-bridge

Hi Powermen ;-) I recently came across the Powerman project (http://sourceforge.net/projects/powerman/), pointed by Tony Merenda, from Opengear (thanks Tony). Congrats for your work in this area! I've thought a bit about Powerman and NUT since then... NUT currently supports hosts of UPSs and few PDUs (RPCs), and provides tons of features: http://test.networkupstools.org

Hi folks, I started testing the antispoof feature of xen stable (2.0.7). I am stuck with it. I have setup a standard bridged environment. I understood it like this: in domU config I set up the virtual NIC like vif = [ ''mac=ae:00:00:78:78:78, ip=192.168.0.100'' ] Then I configure /etc/network/interface of this domU to show the same IP address for eth0. After restarting

Hi All, I''m looking for some comments on an issue that I''d had since the start of the week. In short the problem appears to potentially be an overwhelming of the conntrack tables, where connection state is lost and packets dropped. A combination of using htb & U32 QOS to clamp the smtp traffic to 128kb on a 512kb sync line, some sizeable bulk emails sent from the