similar to: Traffic shaping for squid users

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

I want to build a robust firewall for a resort installation. The resort''s telephony is entirely VOIP, asterisk based. We have the following internet feeds: 1) 512/512 kb fixed bandwidth leased line with static IP from Telco- primary connection, expensive, to use for VOIP, VPN traffic, mail server, SSH access for remote work. Reliable. 2) 256/512 kb ADSL from Telco, not fixed IP -

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same

Our VPN runs for 3 months very well with a minimum of traffic <100 kbit/s. Only DNS Zones and nagios passive checks were transferred. Everything seems to work. Left side is x.x.x.14 (host 1) Subnet 10.0.0.0/24 openswan 2.4.4 shorewall 2.4.2 & iptables 1.3.4 gentoo 2.6.12-r9 with policy match It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is another gentoo 2.6.12-r9

Greetings all, I have just install Shorewall on a Debian system and I''m using it as a firewall on an internal network. The specifics of the system are as follows: firewall:/var/log# shorewall version 3.0.4 firewall:/var/log# uname -a Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST 2005 i586 GNU/Linux Shorewall start successfully and $FW can connect to the Internet for upgrading

Hi everybody. We are running Shorewall and Squid on Suse on the same box. Each is working fine independently, but we can''t get them to cooperate. The access log in squid shows no requests when Shorewall is on. Here are all the changes we made in the configuration files. Everything else is the same. We have read through the mailing list and the guide, but still haven''t figured it

Why ping google ??? you should either ping your assigned external ip address ( make your config dhcp for your external ip address even if it is static ) ( If your dsl link is up you sould have an address if not you should not ) If for some reson you cannot do that, ping your isp''s default gw or someone closer. With google you never know what is going on. I do something similar with -m

Hi All, I''m using Shorewall 3.0.4 and I''m wondering if it is possible to do traffic shapping on only one interface from a bridge. The firewall has got 3 NIC, eth0, eth1, eth2. eth0 and eth2 are bridged, but if I''m right, when you specify a traffic rate for a link, you do it for the interface. In my case, eth0 and eth2 do not appear in the interface file, but it is

Hi all, (not sure that this is the right places where send this. sorry) I think that http://www.shorewall.net/Shorewall_Squid_Usage.html must be updated. The current SQUID version (2.6) don''t support anymore the ''httpd_accel'' directives. So anyone that would follow this guide for configure a transparent proxy will receive an error 400. Please modify the guide as

by the way, how come the list got another "mail delivery system" email whenever i sent a post?...weird... On 8/30/06, Mail Delivery System <MAILER-DAEMON@mx3-83.sinamail.sina.com.cn> wrote: > This is the Postfix program at host mx3-83.sinamail.sina.com.cn. > > I''m sorry to have to inform you that your message could not > be delivered to one or more recipients.

In policy $FW Net ACCEPT Dump.rar join THX -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 12 octobre 2006 21:22 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > >

and Here is my rule that did this DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... What I was trying to achieve: Since I am only using 3/16, I wanted to fake the rest of them as being alive hosts. Only to accept pings and some allowed protocols accessed from the net. What is wrong with my rule? Will REDIRECT work ??? Harry Regards.

I found that in my kernel config : # CONFIG_NET_KEY is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set But no CONFIG_IP_ROUTE_MULTIPATH_CACHED. -----Message

Tom wrote : >My advice to you is still the same -- you are going to have to use tcpdump >or ethereal to see what is happening. You have the computer there in front >of you >-- we don''t. So only you are going to be able to solve this. We are not. >From the dump you sent, it looks like many SYN packets are being sent on >ppp0 >and never replied to. So you need to

Hi folks Im currently doin firewall project.. the scenario is like this.. my application server open port number 3079 the server ip is 202.188.0.132. and now the port can be accessed from everywhere. Now i want to block all the everywhere accessed. But my problem is, the application will be accessed by few locations that doing transaction with the application server. and the said locations are

>If you > >a) Have the correct REDIRECT rule (which you do); and >b) Are accepting $FW->Net HTTP traffic (which you are -- at least with your >policy); and >c) DNS works from your firewall (I assume it does since you are wide open >from $FW->Net); then >The problem is in your Squid configuration (this is true in %90 of the >reports on this list where Squid

Edit file vi /etc/init.d/klogd In line KLOGD="" Change to KLOGD="-c 5" And restart klogd /etc/init.d/klogd restart _____________________________________________________ Keny Hayakawa Schmeling Diretor Comercial/Administravivo Tel: 5566-1465 Fax: 5566-6541 http://www.optinfo.com.br kenyhs@optinfo.com.br

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

I would lilke to shape upload ftp bandwidth in a dual ISP setup [shorewall show connections] tcp 6 431215 ESTABLISHED src=192.168.2.89 dst=83.xxx.xxx.23 sport=1487 dport=21 src=83.xxx.xxx.23 dst=10.0.11.2 sport=21 dport=1487 [ASSURED] use=2 mark=1 [tcdevices] #INTERFACE IN-BANDWITH OUT-BANDWIDTH $EIF 970kbit 245kbit $LIF 970kbit 245kbit