Displaying 20 results from an estimated 4000 matches similar to: "Traffic shaping for squid users"
2006 Feb 17
3
dansguardian+squid masquerading not working
Hello Everyone!
I am using shorewall-3.0.5 on suse linux.
Recently we have implemented dansguardian running on 8080 and squid on
port 3128.
Previously (before dans guardian) masquerading was working fine but
after the implementation of dansguardian masquerading is not working.
My rules file has entry
Previous entry was
ACCEPT loc:192.192.192.3 net
REDIRECT loc 8080 tcp
2006 Jan 27
5
Advice please - best hardware/config to combine 3 ISPs
I want to build a robust firewall for a resort installation. The
resort''s telephony is entirely VOIP, asterisk based. We have the
following internet feeds:
1) 512/512 kb fixed bandwidth leased line with static IP from Telco-
primary connection, expensive, to use for VOIP, VPN traffic, mail
server, SSH access for remote work. Reliable.
2) 256/512 kb ADSL from Telco, not fixed IP -
2006 Feb 07
0
WG: AW: WG: proxyarp <--> OpenSwan VPN/Internet
I´ve figured out the following.
I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to
shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp
x.x.x.14 eth2 eth0 No
very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn)
but with public ip x.x.x.14 to x.x.x.11
If I try to sftp through the fw to the public internet I have the same
2006 Feb 07
0
proxyarp <--> OpenSwan VPN/Internet
Our VPN runs for 3 months very well with a minimum of traffic <100 kbit/s.
Only DNS Zones and nagios passive checks were transferred. Everything seems
to work.
Left side is x.x.x.14 (host 1)
Subnet 10.0.0.0/24
openswan 2.4.4
shorewall 2.4.2 & iptables 1.3.4
gentoo 2.6.12-r9 with policy match
It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is
another gentoo 2.6.12-r9
2006 Feb 12
11
Local Network Can't Get Past Shorewall to the Internet
Greetings all,
I have just install Shorewall on a Debian system and
I''m using it as a firewall on an internal network.
The specifics of the system are as follows:
firewall:/var/log# shorewall version
3.0.4
firewall:/var/log# uname -a
Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST
2005 i586 GNU/Linux
Shorewall start successfully and $FW can connect to
the Internet for upgrading
2006 Mar 26
6
Shorewall and squid not wokring together
Hi everybody. We are running Shorewall and Squid on
Suse on the same box. Each is working fine
independently, but we can''t get them to cooperate. The
access log in squid shows no requests when Shorewall
is on. Here are all the changes we made in the
configuration files. Everything else is the same. We
have read through the mailing list and the guide, but
still haven''t figured it
2006 Mar 27
0
Re: Re: multiple isp. masqueraded machines somtimes work and somet
Why ping google ???
you should either ping your assigned external ip address ( make your config dhcp for your external ip address even if it is static )
( If your dsl link is up you sould have an address if not you should not )
If for some reson you cannot do that, ping your isp''s default gw or someone closer. With google you never know what is going on.
I do something similar with -m
2006 Jan 31
5
Traffic Shaping and Bridge
Hi All,
I''m using Shorewall 3.0.4 and I''m wondering if it is possible to do
traffic shapping on only one interface from a bridge.
The firewall has got 3 NIC, eth0, eth1, eth2.
eth0 and eth2 are bridged, but if I''m right, when you specify a traffic
rate for a link, you do it for the interface. In my case, eth0 and eth2
do not appear in the interface file, but it is
2007 Feb 03
3
Shorewall and Squid 2.6
Hi all,
(not sure that this is the right places where send this. sorry)
I think that http://www.shorewall.net/Shorewall_Squid_Usage.html must be
updated.
The current SQUID version (2.6) don''t support anymore the ''httpd_accel''
directives.
So anyone that would follow this guide for configure a transparent proxy
will receive an error 400.
Please modify the guide as
2006 Aug 29
2
Re: Undelivered Mail Returned to Sender
by the way, how come the list got another "mail delivery system" email
whenever i sent a post?...weird...
On 8/30/06, Mail Delivery System
<MAILER-DAEMON@mx3-83.sinamail.sina.com.cn> wrote:
> This is the Postfix program at host mx3-83.sinamail.sina.com.cn.
>
> I''m sorry to have to inform you that your message could not
> be delivered to one or more recipients.
2006 Oct 13
1
Re: Tc rules Help with multiISP + squid& squidguard...
In policy
$FW Net ACCEPT
Dump.rar join
THX
-----Message d''origine-----
De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep
Envoyé : jeudi 12 octobre 2006 21:22
À : Shorewall Users
Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard...
Joffrey FLEURICE wrote:
>
>
>
2006 Apr 10
2
All kinds of traffic from net - > dmz, nothing gets REJECTED or DROPED
and Here is my rule that did this
DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,...
What I was trying to achieve:
Since I am only using 3/16, I wanted to fake the rest of them as being
alive hosts. Only to accept pings and some allowed protocols accessed
from the net.
What is wrong with my rule?
Will REDIRECT work ???
Harry
Regards.
2006 Oct 19
1
Re: Tc rules Helpwith multiISP+ squid& squidguard...
I found that in my kernel config :
# CONFIG_NET_KEY is not set
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
But no CONFIG_IP_ROUTE_MULTIPATH_CACHED.
-----Message
2006 Oct 17
2
Re: Tc rules Help with multiISP+ squid& squidguard...
Tom wrote :
>My advice to you is still the same -- you are going to have to use
tcpdump >or ethereal to see what is happening. You have the computer
there in front >of you
>-- we don''t. So only you are going to be able to solve this. We are
not.
>From the dump you sent, it looks like many SYN packets are being sent
on >ppp0
>and never replied to. So you need to
2006 Jan 31
24
Need help and advised
Hi folks
Im currently doin firewall project.. the scenario is like this.. my
application server open port number 3079 the server ip is 202.188.0.132. and
now the port can be accessed from everywhere. Now i want to block all the
everywhere accessed. But my problem is, the application will be accessed by
few locations that doing transaction with the application server. and the
said locations are
2006 Oct 13
3
Re: Tc rules Help with multiISP+ squid& squidguard...
>If you
>
>a) Have the correct REDIRECT rule (which you do); and
>b) Are accepting $FW->Net HTTP traffic (which you are -- at least with
your
>policy); and
>c) DNS works from your firewall (I assume it does since you are wide
open >from $FW->Net); then
>The problem is in your Squid configuration (this is true in %90 of the
>reports on this list where Squid
2006 Mar 14
0
RES: Shorewall 2.2.3 logging on Debian 3.1
Edit file
vi /etc/init.d/klogd
In line
KLOGD=""
Change to
KLOGD="-c 5"
And restart klogd
/etc/init.d/klogd restart
_____________________________________________________
Keny Hayakawa Schmeling
Diretor Comercial/Administravivo
Tel: 5566-1465
Fax: 5566-6541
http://www.optinfo.com.br
kenyhs@optinfo.com.br
2006 Feb 06
6
(no subject)
We had a running ipsec shorewall system to all of our remote offices. We
added a dmz to the firewall and implemented proxy arp for that dmz. We have
checked everything two or three times and cannot figure out why the vpns
will no longer come up.
We are using shorewall version 2.2.3 from the debian stable sarge
distribution. We noticed the errata that for 2.0.0 there was a problem with
proxy
2006 Jan 17
12
Multiple ISPs: How to force $FW traffic to a specific ISP (reprise)
Hi!
I have reprise try to resolve this problem, suspended from 17 dec 2005
I have try to apply the suggest of Jerry (see above).
The problem still exist.
See attach shorewall config, dump and tcpdump when I check to exit whit
SSH from firewall...
In the masq file is reported the last my attempt in order to resolve my
problem, however I have test also the example reported in MultiISP.html,
but
2006 Mar 29
9
Ftp upload shaping 2 ISP\'s problems....
I would lilke to shape upload ftp bandwidth in a dual ISP setup
[shorewall show connections]
tcp 6 431215 ESTABLISHED src=192.168.2.89 dst=83.xxx.xxx.23 sport=1487 dport=21 src=83.xxx.xxx.23 dst=10.0.11.2 sport=21 dport=1487 [ASSURED] use=2 mark=1
[tcdevices]
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
$EIF 970kbit 245kbit
$LIF 970kbit 245kbit