similar to: Shorewall/Xen setup (correct from-address this time)

Displaying 20 results from an estimated 2000 matches similar to: "Shorewall/Xen setup (correct from-address this time)"

2006 Aug 31
0
[Xense-devel] [RFC][PATCH][ACM] enforcing ACM policy on network traffic between virtual network interfaces
This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the
2005 Feb 28
1
Mail server on DMZ
Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall
2006 Nov 23
0
network issue, RHEL4, lack of peth0/peth1 device
Hi! I''m not new to Xen but I''m new to this list. I''m having a truely bizarre problem with Xen bridged networking at the moment. This is a new install, on RHEL4. The symptom is that any domU set up simply fails to talk to anything else. It''s there, and running, and it has an ethernet device, but there''s never any response. After digging through the
2005 Jun 27
5
Bridging problem with Shorewall and OpenVpn
Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test
2005 Mar 07
10
DNS Name problem with mail server on LAN
Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall
2007 Dec 28
0
marking and routing (with multi-isp) not working
[ I hope this isn''t a dupe. Evolution crashed on my last send and I see nothing in my logs that leads me to believe the mail made it out before the crash ] Well, it probably is working. I''m probably just misunderstanding something. Given routing rules that look like this: 0: from all lookup local 10000: from all fwmark 0x40 lookup CGCO 10001: from all fwmark 0x80
2007 Apr 22
1
shorewall Dom0 config using Xen's default setup -- correct?
Hi all, The first couple of xen machines we setup used the default xen bridging setup for dom0. I am sure there are many other people out there with this setup. Now that I know a bit more there are probably better ways out there to configure the xen box for firewalling, most notably assigning the red card to a domU and running shorewall in there. But in the meantime I would like to further
2004 Aug 27
3
Proxy Arp Ip Conflicts
I must have something configured wrong somewhere. I''ve enabled proxy-arp on my shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see all the machines through it great. However, whenever its enabled, the network on the DMZ goes screwy. I''ve narrowed it down to this: when proxy arp is enabled for that interface, like such: echo 1 >
2006 Mar 15
1
shorewall config
Hi * in xend-config.xsp I have: ******************************** (network-script network-route) (vif-bridge xen-br0) (vif-script vif-bridge) ******************************** and in /etc/network/interfaces ********************************* iface eth0 inet static address 0.0.0.0 auto xen-br0 iface xen-br0 inet static pre-up ifconfig eth0 up pre-up brctl addbr xen-br0 pre-up brctl addif
2010 Jul 31
1
Arp Flip Flops make machine inaccessible.
CentOS 5.5 Xen "standard" Xen Installation. I have two nics. I just put the second one to DHCP and modified the ifcfg-et01 and so far I am holding, but I am not confident. Prior they were sequential IP Addrs on same subnet. arpwatch has indicated flip flips. I can find no rhyme or reason to predict them. I know I missed I must have missed a step somewhere. I want to keep the
2016 Mar 01
0
nwfilter : iptables rules not working
Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref
2007 Jun 27
0
Bug#430778: xen-utils-common: NAT scripts not generic enough, and made for DHCP ?
Package: xen-utils-common Version: 3.0.3-0-2 Severity: normal I cannot find a use the network-nat and vif-nat provided in the general case, where I'd like to NAT between vifx.0 and ethx interfaces. I have setup the following in /etc/xen/xend-config.sxp : ## Use the following if network traffic is routed with NAT, as an alternative # to the settings for bridged networking given above.
2005 Jun 14
1
Problem with samba broadcast
Hi all, I''m new to shorewall and have been struggling with several problems for several days now. Most of them are solved, but one still persists. The firewall is running on my server under Debian Sarge (Kernel 2.6) I''ve got three network interfaces: ppp0 (DSL Internet) eth1 (lan) ath0 (wlan) eth1 and ath0 are bridged together to br0. The problem is, that Samba (also running
2005 Nov 23
0
so close! an iptables rule away.....
Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a
2005 Nov 24
2
so close! just an iptables rule away.....?
Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a
2007 Jun 25
1
Ping dom0 <-> domU result in "Destination host unreachable"
Hi folks, I read quite some posts about "Destination host unreachable" problems before, but none could help me to solve my issue. So here we go: This is what I am using: SUSE Linux Enterprise Desktop 10 SP1 - Current with all updates Network configuration of my dom0: foobar:~ # ip a 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd
2006 Dec 14
0
Re: [RESOLVED] Layer7 module doesn''t detect nothing on my bridge with a 2.6.18.3 kernel
Hello, loading conntrack resolve my problem ... layer 7 have got a dependency with conntrack but doesn''t load it automaticaly... so module is loaded but no packets match with l7-protocols ... reported as a bug http://sourceforge.net/tracker/index.php?func=detail&aid=1596065&group_id=80085&atid=558668 regards ArcosCom Linux User a écrit : > With: >
2007 Apr 18
1
[Bridge] Multilink + bridge + nat problem
Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related
2010 Apr 30
1
[SPAM] Xen bridge network issue
Hi, I have taken the long and winding road and indeed it lead me to your door. I need your help, please. My Xen includes 2 guests. Xen itself (10.2.0.52) gets free access to the outside world and to its guests. Both guests however (10.2.0.54/10.2.0.55) see each other but stay under house arrest! Not a single ping manages to go past the bridge (xenbr0) and get an answer from the default gateway
2001 Jun 18
1
Core dump after pressing Ctrl-c
Is this a bug? do i have to complete a bug report? Is any other info needed? [root@nostromo ogg123]$ ./ogg123 -v -d oss /mnt/hdd/mp3/ripped/REM-Revival/track.08.ogg Playing from file /mnt/hdd/mp3/ripped/REM-Revival/track.08.ogg. Device: OSS audio driver output Author: Aaron Holtzman <aholtzma@ess.engr.uvic.ca> Comments: Outputs audio to the Open Sound System driver. Bitstream is 2