similar to: DNAT config not working

>> Hello, >> >> I am using Debian Sarge, with Shorewall 2.2.3, >> >> for access control I am using hosts.allow : >> >> ALL: 144.131.xxx.xxx >> >> and hosts.deny: >> >> ALL: ALL >> >> I have a virtual machine that is being port forwarded to with Shorewall : >> >> DNAT net loc:10.0.0.100 tcp 3389

Hi all, I''m trying to set up traffic shaping and I''m having some difficulty. Here is what I want, and where I am. 1. HTTP and SMTP traffic needs to be priority 1. 2. All other traffic priority 2 3. Torrent traffic priority 3. My distro is Fedora Core 4, and the torrent protocol does not appear in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is built on top

Sorry for asking this, as I believe it to be a kernel-related rather than Shorewall-related problem. But some of you guys seem to have a lot of experience with these kind of things. I''m setting up a NAT''ing router with two ISP lines. At first sight, everything works as expected, however when the local machines try to keep a TCP-connection open for a long time, it disconnects

(Sorry, my previous post was sent in HTML format) I am having a hell of a time with shorewall... I have a Dlink DCM202 Cable modem with the Ethernet connected directly to eth0 on the linux box. Then I have a second nic on the linux box connected to a hub for the internal network. I am trying to allow traffic from the internet connect to my FTP and WEB servers on my Winbloze box on the lan.

Hello, all. I''ve been trying to get shorewall to get LISa working on my Gentoo box. It works as long as I have shorewall turned off, but whenever I turn it on, it seems to block all LISa activity. I have TCP port 7741 opened (as per lisa-home.sourceforge.net), and nmap says it''s open. Ethereal indicates that LISa is communicating via TCP port 7741, from 127.0.0.1 to

Hi i have a small problems on one of my interface : i can''t get traffic out and don''t know why. Ither user say me that i can use Shorewall for create the counter and after get the information for mrtg. Anyone know what is the process into shorewall 2.0.X ? i don''t want monitor by specified port, but all ports Thanks for your help

Have read the comments about Shorewall not being a personal firewall, etc., and am not necessarily advocating such use, but, trying to get into the poster''s head, and doing some creative thinking, thought that possibly some form of EGID rule might help out if there is a reasonable reason behind the question. It is not hard for me to see how something like this could be useful.

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

Hi there, I''ve read Routing on One Interface, and Shorewall and Aliased Interfaces docs but I''m a little confused, and all my test attempts have mostly failed. Here is my setup: CentOS 4.2 ShoreWall 3.0.2 My server has a subnet 192.168.50.0/29 routed to it via 192.168.1.2. Currently 192.168.1.2 is setup on eth0. With no ShoreWall involved routing seems to work if I just setup

When searching in google I could verify that many examples of used rules in shorewall do not exist to block port scanners external. Example: nmap. Somebody has some rule or example ? thanks.

I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the contents of an ipset (lan:+serviceshost or similar) where the ipset is ensured to contain only one host, but can be changed dynamically when services are in maintenance mode and go to the "services are down" message on another server. Will this work, or am I barking up a fish here?

Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP

We are having problems remounting an ext3 filesystem using an external journal device. The filesystem in question was working fine until the server was rebooted. This is what we see on dmesg when trying to mount: EXT3: failed to claim external journal device. The external journal lives on a LVM2 logical volume and it seems to be accessible ( we can dumpe2fs and see filesystem information).

Hello, We have a video conference server using tcp and udp 3001 prot in internal, external user said that can''t connect to video server and held on 3001 fail, the following is file configuration, nat: 1.2.3.4 eth1:3 192.168.0.18 rule: video/ACCEPT net loc:192.168.0.18 marco.video: PARAM - - tcp 3000 PARAM - -

Hi, I''ve to restart shorewall when my dynamic IP was changed from my ISP. Of course i can with a shell script do it automatically, but the question is still there.. why ? mess-mate -- "I understand this is your first dead client," Sabian was saying. The absurdity of the statement made me want to laugh but they don''t call me Deadpan

All, I have a problem with H323 the call disconnects when answered. The debug shows -- Executing Dial("SIP/sj1-4ff7", "H323/0797617729") in new stack -- Called 0797617729 -- H323/0797617729 is ringing -- H323/0797617729 answered SIP/sj1-4ff7 == Spawn extension (default, 0797617729, 1) exited non-zero on 'SIP/sj1-4ff7' -- Executing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I''m worked all day on an issue I found today and I just can''t find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1

Hello, Let me first start by saying Shorewall is awesome, and I use it everywhere from single box firewall, to home network firewall, even to our corporate firewall. I am experiencing a problem getting my home firewall to work with my BroadVoice VoIP connection. I use the Sipura SPA-2100 ATA (Analog Telephone Adapter) that came with my BroadVoice account. This happened when I tried to replace

look for clamav-devel-* or clamav-dev-* packages of your distribution. Paul Matthews (paul.matthews@cathedral.qld.edu.au) schrieb: > > I have installed the following when it comes to clamAV > > clamav-db-0.87-1.1.fc3.rf.i386.rpm > clamav-0.87-1.1.fc3.rf.i386.rpm > clamd-0.87-1.1.fc3.rf.i386.rpm > > am I missing something if so could you please direct me to the website?

Hi, I have this message in my syslog: HTB: quantum of class 10001 is big. Consider r2q change. I don''t know why it''s there. I think all my setup is right. I am shaping traffic from my web server. It lives at three IP addresses, first is fast (and most important - aaa.bbb.ccc.1), second slower (aaa.bbb.ccc.2), third slowest (aaa.bbb.ccc.3). Total bandwidth is 2700kBps. Other