similar to: Use shorewall for count traffic usage on a interface

Hello, all. I''ve been trying to get shorewall to get LISa working on my Gentoo box. It works as long as I have shorewall turned off, but whenever I turn it on, it seems to block all LISa activity. I have TCP port 7741 opened (as per lisa-home.sourceforge.net), and nmap says it''s open. Ethereal indicates that LISa is communicating via TCP port 7741, from 127.0.0.1 to

>> Hello, >> >> I am using Debian Sarge, with Shorewall 2.2.3, >> >> for access control I am using hosts.allow : >> >> ALL: 144.131.xxx.xxx >> >> and hosts.deny: >> >> ALL: ALL >> >> I have a virtual machine that is being port forwarded to with Shorewall : >> >> DNAT net loc:10.0.0.100 tcp 3389

I am having a problem that I really just don''t get.... I have this in my rules file: DNAT net loc:192.168.1.2 tcp 21 21 Everything worked fine earlier today.. Now it is dropping packets destined for Port 21 /var/log/messages: Dec 14 00:36:39 pcp08479598pcs kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:6a:3f:e6:72:00:01:5c:22:92:42:08:00 SRC=24.210.36.92 DST=68.57.216.61

Have read the comments about Shorewall not being a personal firewall, etc., and am not necessarily advocating such use, but, trying to get into the poster''s head, and doing some creative thinking, thought that possibly some form of EGID rule might help out if there is a reasonable reason behind the question. It is not hard for me to see how something like this could be useful.

Hi all, I''m trying to set up traffic shaping and I''m having some difficulty. Here is what I want, and where I am. 1. HTTP and SMTP traffic needs to be priority 1. 2. All other traffic priority 2 3. Torrent traffic priority 3. My distro is Fedora Core 4, and the torrent protocol does not appear in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is built on top

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

When searching in google I could verify that many examples of used rules in shorewall do not exist to block port scanners external. Example: nmap. Somebody has some rule or example ? thanks.

Sorry for asking this, as I believe it to be a kernel-related rather than Shorewall-related problem. But some of you guys seem to have a lot of experience with these kind of things. I''m setting up a NAT''ing router with two ISP lines. At first sight, everything works as expected, however when the local machines try to keep a TCP-connection open for a long time, it disconnects

We are having problems remounting an ext3 filesystem using an external journal device. The filesystem in question was working fine until the server was rebooted. This is what we see on dmesg when trying to mount: EXT3: failed to claim external journal device. The external journal lives on a LVM2 logical volume and it seems to be accessible ( we can dumpe2fs and see filesystem information).

Hello, This might seem like a strange question but... Is there someway to only allow the Traffic Shaping module of Shorewall to run ? I am already running a bunch of my own firewall and routing scripts and am really interested in the ease of Shorwalls Traffic Shaping module. Does anyone know a way to make it fire up separately without any of the firewall stuff ? (yes I know that sounds

All, I have a problem with H323 the call disconnects when answered. The debug shows -- Executing Dial("SIP/sj1-4ff7", "H323/0797617729") in new stack -- Called 0797617729 -- H323/0797617729 is ringing -- H323/0797617729 answered SIP/sj1-4ff7 == Spawn extension (default, 0797617729, 1) exited non-zero on 'SIP/sj1-4ff7' -- Executing

(Sorry, my previous post was sent in HTML format) I am having a hell of a time with shorewall... I have a Dlink DCM202 Cable modem with the Ethernet connected directly to eth0 on the linux box. Then I have a second nic on the linux box connected to a hub for the internal network. I am trying to allow traffic from the internet connect to my FTP and WEB servers on my Winbloze box on the lan.

I know you Xen developers are beginning to hate me ;) but... While trying to compile 2.4.24 under DOM0, quickly after issuing ''make dep'' I got: Kernel panic: Failed mmu update: c015bf80, 4 I suspect this address probably isn''t to helpful but this is all I have. I am currently booted in 2.4.21-SuSE and compiling the 2.4.24 regarding another thread here. Regarding

Hi *, i am coming from UML, and now i evaluate Xen on my desktop: Xen-2.0.4 linux-2.6.10 "CONFIG_MODULES is not set" "CONFIG_AGP is not set" "CONFIG_FB_RADEON=y" FC3, [/usr]/lib/tls moved away It works, but some desktop applications crash once in a while within dom0: metacity-2.8.6 firefox-1.0.1 wnck-applet (from gnome-panel-2.8.1) But

Hi there! I was wondering what the general opinion on autotoolizing xen is? I am volunteering to do so, if there is interest in updating the build system to use autoconf, automake and/or libtool. Is one configure script for all of xen enough or do you want to be able to configure all/some tools separately? I know that Anthony is no fan of libtool... are there more reservations about some

Hi. I have a Shuttle box with an AMD Athlon XP 2200+ and 1GB of RAM. I''m normally running it with Debian sarge/sid and kernel 2.6.10-1-k7, as built by Debian. I want to use Xen on it. I built a xen0 kernel which is as close to the Debian kernel as I can (no power management, no HPET timers, broken ISA drivers disabled), disabled /lib/tls, and booted with the new kernel. Everything works.

Hi all, With the new vm-tools we are trying to get top like capabilities going correctly. Currently we have a program vm-list that has some of this capability but is dependent on the cpu time given by libxc calls (xc_get_dom_info & xc_domain_get_cpu_usage). These two functions give you how much time (in nanoseconds, why is this not documented) the domain has been actively used. Approaches:

Hi, I''m using xen on two-node redhat cluster (CVS devel version), using lvm as storage backend. redhat cluster is used to synchronize LVM metadata (using clvmd) and as storage for domain configs and dom-U kernels (with gfs). Latest version of redhat cluster works with xen-2.0.4, but not with xen-2.0-testing. ccsd failed to start on 2.0-testing. Anyone knows what the problem is? I

I cleaned up the top level makefile in the tools directory. No major changes. Except I have it so that ioemmu is compiled only with x86_32. Signed-off-by: Jerone Young <jyoung5@us.ibm.com> --- tools/Makefile.orig 2005-03-17 21:03:44.000000000 -0600 +++ tools/Makefile 2005-03-22 15:05:20.000000000 -0600 @@ -1,37 +1,33 @@ +XEN_ROOT = ../ +include $(XEN_ROOT)/tools/Rules.mk -all: -

google yields nothing except for indicating that it is a boot loader problem. my dom0 partition is on a 9 GB SCSI disk drive. I have a raid1 device (md0) which I have created a series of partitions via lvm2. on boot, xm create /etc/xen/xm-single -c I get what looks like a normal boot until TCP: Hash tables configured (established 4096 bind 8192) NET: Registered protocol family 1 NET: