similar to: Two ISP

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has

Hi, I install shorewall firewall on my server and after that I have big problem with SMTP, I can send messages with outlook to server but that messages don`t go out from server (Currently I have over 800 messages in the mail queue) My server is on WHM/cPanel and EXIM.... When I click on "Delivery Now" for some message in WHM I get error: Message 1BtoLi-00033G-RN is not frozen LOG: MAIN

sorry, i''m confuse where to post my problem.. i was post to shorewall-users, but must read to support.html this''s my problem ----------- i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

I''ve been digging around the documentation and seem to have just confused myself. Here is what I have on a fedora core 3 machine with 4 network cards (the built in is dead) eth2 - connects to the web via dsl-line-1 eth4 - connects to the web via dsl-line-2 eth2 is the route the local network addresses 10.1.x.x connected via eth0 go out on eth4 is the route the dmz network addresses

Hello, I''m working in configuring a very restrictive firewall to stick between our techroom and our internal network. Basically nothing should be allowed into the techroom and only a limited amount of traffic is to leave the techroom. Below are a few log entries I looking to get explained. DHCP is handled by the firewall, DNS is handled by servers side our techroom. my rules file

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Hi, I have a working test install of Shorewall 2.0.7 on a 32 bit install of Gentoo, it''s working like a champ, so i am making an install on a nice new Opteron server, using 64bit Gentoo. I have run into a problem which going by your FAQ might be due to a missing module, but after a couple of hours of fiddling I''m stumpted - I can''t see any options in the 2.6.8 kernel

I promise - this time all buffers in the editor are saved! Here mon shorewall # /etc/init.d/shorewall start * Starting firewall... Warning: default route ignored on interface eth0 iptables: No chain/target/match by that name ERROR: Command "/sbin/iptables -t mangle -A outtos -p tcp -d 0.0.0.0/0 --dpor t ssh -j TOS --set-tos 16" Failed /sbin/runscript.sh: line 532: 14701

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Hello, I''m trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan trunk. My internal networks are : LAN(eth9): 10.0.0.0/16 VLAN10(eth9) 10.10.0.0/24 VLAN20(eth9) 10.20.0.0/24 VLAN30(eth9) 10.30.0.0/24 VLAN100(eth9) 10.100.0.0/24 I would like to post my configuration here since i don''t success to do the following: 1. Communicate between VLANxx to LAN

Hi all, I''m using Gentoo Linux Distribution and I''ve upgraded my firewall from Shorewall 1.4 to 2.0.4, however my LANs stop having internet access. I have a server with shorewall 2.0.4 installed and 3 interfaces. eth0 and eth1 are interfaces to a LAN and to my laptop and eth2 is the net interface. I have masq like: eth2 eth0 eth2 eth1

I have a server, server A, with three NICs: two to the Internet via separate ADSL modems, and one to the LAN. The two ''net'' interfaces are configured as described at http://www.shorewall.net/MultiISP.html. This has been working for a number of months. I am now testing an OpenVPN link between server A and another (currently single-ISP) server (server B). I can establish the VPN

Hi, I''m trying to use Shorewall (3.0.6) to accomplish what I thought was going to be fairly simple. Unfortunately, I can''t get the dmz to work correctly, and I''m getting martians logged against the interface at issue. Any help I could get would be greatly appreciated! A picture of my physical setup is attached. I have also attached a shorewall dump. To make a long

Greetings. I run an Amateur Radio system (ampr.org) that requires 2 public ip''s on a RH 9.0 box. The primary one is 209.52.173.97 and is used for connections to the normal linux system and the usual apps such as web, ssh, smtp, etc. The secondary address is 209.52.173.98 and is routed via a pseudoslip link to the systems ampr address of 44.135.163.21. This setup takes place in the

Hi ! Recently i switched my internet provider, to get more speed but another braindead setup regarding public ip addresses. I now have 4 PPTP Tunnel available, of which i''m using one as the gateway ip doing masquerading to other machines in my local lan, excluding three other machines, which i would like to use 1:1 nat to get them a direct access to one of the pptp tunnels. I was

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net

Hi, i connect to the internet over my eth4 interface using pppoe. The internet always comes on ppp0. I am trying to setup an L2TP/IPSEC VPN and i am reading http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP I notice in the example the interfaces file is given as: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect routefilter loc eth1