similar to: LVS-DR + Shorewall Upgrade 3.0.2 -> 3.0.4 => Trouble

I have two feeds, one with a static IP and one with a dynamic IP. How can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t think the gateway will change, just the interface IP. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com --

Is it possible to filter HTTP signatures/headers with SHOREWALL ? or is there addon for it ? take care *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.Net email

Hello People I''m new here, so forgive-me for any "newbie talk". My client is running Debian Sarge (Stable), with Shorewall and Webmin. I want to make things easier for them and tried to use the webmin-shorewall module. The thing is - the installed shorewall is 3.0.5 (package from testing) but the webmin module only understands (and builds) the old shorewall 2.x file

Hi everybody. We are running Shorewall and Squid on Suse on the same box. Each is working fine independently, but we can''t get them to cooperate. The access log in squid shows no requests when Shorewall is on. Here are all the changes we made in the configuration files. Everything else is the same. We have read through the mailing list and the guide, but still haven''t figured it

I would lilke to shape upload ftp bandwidth in a dual ISP setup [shorewall show connections] tcp 6 431215 ESTABLISHED src=192.168.2.89 dst=83.xxx.xxx.23 sport=1487 dport=21 src=83.xxx.xxx.23 dst=10.0.11.2 sport=21 dport=1487 [ASSURED] use=2 mark=1 [tcdevices] #INTERFACE IN-BANDWITH OUT-BANDWIDTH $EIF 970kbit 245kbit $LIF 970kbit 245kbit

I''m planning a multi isp setup and cafully read the documentation. One thing that bothers me is the masq file. The example uses a single ip address on each public interface. I have multiple addresses on both public interfaces (16 on one and 64 on the other). I''m a bit confused about what to put in the masq file in this situation. Any insights would be appreciated. Ronald --

Hello all, I''m somewhat new to networking, and I''m having trouble masquerading connections that are coming over a bridge. The bridge only has a single port for now, but I''m going to add more ports later. I''m basing my configuration on the two-interface quick start guide. I''m using Shorewall 3.0.4 on Ubuntu Dapper. My network looks like this: * The

and Here is my rule that did this DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... What I was trying to achieve: Since I am only using 3/16, I wanted to fake the rest of them as being alive hosts. Only to accept pings and some allowed protocols accessed from the net. What is wrong with my rule? Will REDIRECT work ??? Harry Regards.

Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc). Kernel 2.4.29 tcdevices, tcrules, and tcclasses are clones of the wondershaper example (http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp. With TC_ENABLED=Internal in shorewall.conf: ---- Validating /etc/shorewall/tcdevices... Validating /etc/shorewall/tcclasses... ERROR: device A seems not to be

Hello Shorewall users, I have some questions I am hoping someone can answer. I have searched around the archives but so far I have been unable to find answers. I am trying to configure traffic shaping on my router/firewall box running Shorewall 3.0.5/kernel 2.4.31 and have run into some problems/questions. My basic set up is: 1500/256kbit ADSL (PPPoE/ppp0) -> Shorewall box

I have two external interfaces in a Multi-ISP config. I allow access to port 81 for a webcam, but I only want that to work for one of the interfaces, and I want to limit the connections to it by maximum time for one user, or failing that, maximum connections, as people just leave it running on their desk all day (it''s a Caribbean beach so people sit and dream). ow do I do that as

Hello List, I tried to set up openvpn with the shorewall on my openwrt box but failed! I am not able to access the "loc"al Network from my vpn. I followed the roadwarrior setup. I define a vpn zone, that should be able to access the firewall and the local network: vpn fw ACCEPT info fw loc ACCEPT info vpn

Hi, I''m trying to configure QOS , but I''m don''t have success. My files: #/etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 256kbit 256kbit eth1 256kbit 256kbit eth2 256kbit 256kbit #/etc/shorewall/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth1

I''m havign a HUGE amount of difficulty getting shoreline to work with LVS. We use it here constantly so we know it works. The problem is packets come in, get directed to a webserver, webserver returns the packet to firewall, and then it goes into a black hole. rp_filter is off globally on all interfaces. LVS seems to be working right.... I use shorewall tcrules to mark packets on

Can someone tell me what concept I''m missing here. The setup is simple. I have two default routes after ifup operations. I use "ip route del" to remove one, but then decide to add it back. The attempt is refused. Why? # ip route ls 66.95.83.208/28 dev eth1 proto kernel scope link src 66.95.83.210 65.84.205.96/27 dev eth2 proto kernel scope link src 65.84.205.104

i'm trying to setup LVS, and tried both the lvs-dr and the lvs-nat, but can't get any to work. I'm hoping people here can answer a few questions that might help and shed light onto the situation? #1 with regards to the Real Servers, is there anything that needs to be configured other that the http service? I ask this, because I suspect yes, and it has to do with what type of LVS you

Hi, guys, Can you give me an example of solr usage in dovecot? As far as I know, you can search email easily by MUA like outlook, so which role does solr play? And based on https://dovecot.org/pipermail/dovecot/2019-April/115575.html I'm going to use an VIP to host 2 mail servers. Currently, it works in fail over and fail back test except solr index, so how to resolve this? Is it

Hello I have DSL 2000 (2048 kbit/s download and 256 kbit/s upload) I have ping to fast sites very high: 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=3 ttl=50 time=2185 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=4 ttl=50 time=1983 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=5 ttl=50 time=1826 ms and I know why. I have 2 interfaces:

The shorewall work with l7-filter? _____________________________________________________ Keny Hayakawa Schmeling Diretor Comercial/Administravivo Tel: 5566-1465 Fax: 5566-6541 http://www.optinfo.com.br kenyhs@optinfo.com.br _/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/

I've managed to configure a LVS Cluster to act as a transparent proxy squid farm, with a virtual server as load balancer, and three real servers. Because redirecting packets going to port 80 to port 3128 of squid in the load balancer doesn't works, the solution has a mix of ip route and iptables. Here is the script I wrote to configure transparent proxy. #!/bin/bash #Transparent proxy