similar to: ...requires that your kernel and iptables have ROUTE target support

Hi, I am migrating from one ISP to another, and would like to run both simultaneously for a while. So: (both netmask 255.255.255.248) [ISP1] 24.106.62.180 [ISP2] 209.181.237.230 | | | | \ / -----[ HUB ]----- | | -------- eth0 --------- | Linux FW/Server | ---------eth1 --------- | | [ HUB ] | 10.0.0.x/255.255.255.0 The default IP on

Hello everybody: Here is my "network layout": ISP1 ISP2 | | | | +-----eth0---------eth1------+ | | | FC 3 box | | | +-----eth2---------eth3------+ |

Hello, Thanks for the great Shorewall which has replaced my hard to maintain home-made scripts. First, what works. Our local network is 10.48.X.X with multiple vlan, each on a dedicated interface. We use Shorewall 4.4.11 from Debian Squeeze. We have a 2 ISP: - isp1 : an optical fiber provider with 10 Mbps. - isp2 : a DSL provider with 15Mbits/1Mbits. We use isp2 as the default outgoing

Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how

Hi, I have a simple question. I have my firewall with 2 external Ip and 1 lan. For example ISP1 FW LAN----Mail Server ISP2 Ok, when i DANT the smpt port to my mail server, I can see that the conection in my mail server comes from the external IP of my ISP. I need to change this so the conection to my mail server cames from the LAN IP from my firewall Is this possible?

What changes would I need to make if there is a 4th interface that is going to a DMZ Thanks Gene

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the

Dear list, Shorewall is running here with 2 ISP''s: ISP1: corporate ADSL-line with fixed set of IP''s ISP2: fast consumer-grade cable-connection with higher bandwidth All our main traffic (web, e-mail) is routed trough ISP1. Only for special purposes (frequent large ftp-transfers) ISP2 is used, configured trough tcrules. ISP2 is not so reliable as ISP1 (duh) and they sometimes

I''m planning a multi isp setup and cafully read the documentation. One thing that bothers me is the masq file. The example uses a single ip address on each public interface. I have multiple addresses on both public interfaces (16 on one and 64 on the other). I''m a bit confused about what to put in the masq file in this situation. Any insights would be appreciated. Ronald --

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, I''d like to know how to set up shorewall to deny a user-defined action in a time-based basis, for example, I have a group of users using MSN, AOL, www and https, in a defined action called action.BasicAccess now, I want this access to be enabled only on lunch time from Monday through Friday and weekends from noon to 6pm... I know

Hello, is it possible to configure Shorewall for different network environments? I am using it on a single Linux computer. When I am at home, I am using an internal IP address (192.168.0.X), and when I am using my cable modem, I get an internet IP assigned. I now want to be able to use Samba/Windows Filesharing when at home and to disable it when I am using my computer directly on the net.

Hi, is it possible to have 2 different ISP in one server? i have 2 NIC cards im going to config ISP1 in NIC1 and ISP2 in NIC2? what should be the configuration for this setup? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070412/4c62019f/attachment-0004.html>

Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP

Dear all We are using a definition of rules which has perfectly worked with SuSE8.2 and vmware and a local samba on some clients. The systems got an update to 9.2. Now we got a very strange problem which probably could belong to an firewall definition problem. After booting of the system the samba connection to vmware works perfect but a few hours later it isn''t possible to copy a

Tom, I was upgrading a remote firewall, when upon restart, shorewall found a rule with a wrong zone and decided to not continue and stop itself. The problem now, is I cannot access that firewall over ssh anymore. One suggestion would be to instead of "shorewall stop" to have a basic emergency rule with only ACCEPT:info all all tcp ssh rule instead with DROP all policy. Shorewall could

Hi to all For is just az concept question : There are a need to change something in Squid3 config when it are running in the same box as shorewall with 2 ISP ? I''ve been thinking in do this at home, as a proof of concept for future implememtations ... I allways use Roberto''s Debian package to implement Shorewall . Fábio Rabelo

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP

Hey gang, I was wondering if all that documentation could or has been put into PDF format. I usually like to download documentation and read it while I''m sitting comfortably at home and I don''t want to tie up the phone line all night. Thanks, Nino p.s. If so, please feel free to attach the PDF formatted document to my e-mail ;-)