similar to: Shorewall/Xen setup (correct from-address this time)

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Hi! I''m not new to Xen but I''m new to this list. I''m having a truely bizarre problem with Xen bridged networking at the moment. This is a new install, on RHEL4. The symptom is that any domU set up simply fails to talk to anything else. It''s there, and running, and it has an ethernet device, but there''s never any response. After digging through the

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

[ I hope this isn''t a dupe. Evolution crashed on my last send and I see nothing in my logs that leads me to believe the mail made it out before the crash ] Well, it probably is working. I''m probably just misunderstanding something. Given routing rules that look like this: 0: from all lookup local 10000: from all fwmark 0x40 lookup CGCO 10001: from all fwmark 0x80

Hi all, The first couple of xen machines we setup used the default xen bridging setup for dom0. I am sure there are many other people out there with this setup. Now that I know a bit more there are probably better ways out there to configure the xen box for firewalling, most notably assigning the red card to a domU and running shorewall in there. But in the meantime I would like to further

I must have something configured wrong somewhere. I''ve enabled proxy-arp on my shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see all the machines through it great. However, whenever its enabled, the network on the DMZ goes screwy. I''ve narrowed it down to this: when proxy arp is enabled for that interface, like such: echo 1 >

Hi * in xend-config.xsp I have: ******************************** (network-script network-route) (vif-bridge xen-br0) (vif-script vif-bridge) ******************************** and in /etc/network/interfaces ********************************* iface eth0 inet static address 0.0.0.0 auto xen-br0 iface xen-br0 inet static pre-up ifconfig eth0 up pre-up brctl addbr xen-br0 pre-up brctl addif

CentOS 5.5 Xen "standard" Xen Installation. I have two nics. I just put the second one to DHCP and modified the ifcfg-et01 and so far I am holding, but I am not confident. Prior they were sequential IP Addrs on same subnet. arpwatch has indicated flip flips. I can find no rhyme or reason to predict them. I know I missed I must have missed a step somewhere. I want to keep the

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Package: xen-utils-common Version: 3.0.3-0-2 Severity: normal I cannot find a use the network-nat and vif-nat provided in the general case, where I'd like to NAT between vifx.0 and ethx interfaces. I have setup the following in /etc/xen/xend-config.sxp : ## Use the following if network traffic is routed with NAT, as an alternative # to the settings for bridged networking given above.

Hi all, I''m new to shorewall and have been struggling with several problems for several days now. Most of them are solved, but one still persists. The firewall is running on my server under Debian Sarge (Kernel 2.6) I''ve got three network interfaces: ppp0 (DSL Internet) eth1 (lan) ath0 (wlan) eth1 and ath0 are bridged together to br0. The problem is, that Samba (also running

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hi folks, I read quite some posts about "Destination host unreachable" problems before, but none could help me to solve my issue. So here we go: This is what I am using: SUSE Linux Enterprise Desktop 10 SP1 - Current with all updates Network configuration of my dom0: foobar:~ # ip a 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd

Hello, loading conntrack resolve my problem ... layer 7 have got a dependency with conntrack but doesn''t load it automaticaly... so module is loaded but no packets match with l7-protocols ... reported as a bug http://sourceforge.net/tracker/index.php?func=detail&aid=1596065&group_id=80085&atid=558668 regards ArcosCom Linux User a écrit : > With: >

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hi, I have taken the long and winding road and indeed it lead me to your door. I need your help, please. My Xen includes 2 guests. Xen itself (10.2.0.52) gets free access to the outside world and to its guests. Both guests however (10.2.0.54/10.2.0.55) see each other but stay under house arrest! Not a single ping manages to go past the bridge (xenbr0) and get an answer from the default gateway

Is this a bug? do i have to complete a bug report? Is any other info needed? [root@nostromo ogg123]$ ./ogg123 -v -d oss /mnt/hdd/mp3/ripped/REM-Revival/track.08.ogg Playing from file /mnt/hdd/mp3/ripped/REM-Revival/track.08.ogg. Device: OSS audio driver output Author: Aaron Holtzman <aholtzma@ess.engr.uvic.ca> Comments: Outputs audio to the Open Sound System driver. Bitstream is 2