similar to: Multi ISP, multi address, masq file

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

Hello List, This is my first post to the list, and as such I apologize for the length of it. I tried to put as much detail into this as possible. I recently installed Shorewall on a computer running Gentoo Linux. The computer has 3 network cards in it, but I''ve only configured 2. Going the cheap route, I''m connecting my client directly to my firewall using a crossover cable.

Dear all, I get a problem with masq, why it doesn''t work for connect to internet? my masq configuration /etc/shorewall/masq eth0 10.2.0.0/16 202.158.1.99 but if my masq file without 202.158.1.99 it work! /etc/shorewall/masq eth0 10.2.0.0/16 and the ip nat will be same with ip address eth0. FYI: IP number (202.158.1.99) just valid IP but doesn''t have interface

Hi all, I am back for more punishment- Anyway I reinstalled my Linux using SuSe 8.2 pro. I did not install the defualt Samba , instead I got the latest tarball for 3.0b2 I also installed webmin. Now it comes up with error "The Samba server executable /usr/sbin/smbd was not found. Either Samba is not installed on your system or your module configuration is incorrect." Now when I

Hello, on my old system I''m using ipchains. Can anyone help me with converting rule /sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp to shorewall. I know that I can write eth0 source_addr to /etc/shorewall/masq file but I can''t found where I can specify the destination address. The reason for this is to allow one user (computer) access only to

I am wanting to verify that I am properly using the MASQ for a series of hosts. I have 2 providers, and my providers file has the contents: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY l3 1 100 main eth0.100 1.18.139.1 track,loose,fallback eth1 ws 2 200 main eth0.101 1.155.136.193

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

Hello, I have 4 VM's running in Microsoft Azure. They all should have similar configurations except from their tinc ip addresses of course. They run tinc 1.0.24. I have a 5th machine, my development machine. I am able to ping all 4 VM's from my computer when I start tinc from the commandline (tincd -n innomeer -D -d 2). 3 of the computers also work ok when running tinc as a service

Hi, I''ve to restart shorewall when my dynamic IP was changed from my ISP. Of course i can with a shell script do it automatically, but the question is still there.. why ? mess-mate -- "I understand this is your first dead client," Sabian was saying. The absurdity of the statement made me want to laugh but they don''t call me Deadpan

In /etc/shorewall/masq I have: eth0 eth1 eth0 vmnet1 eth0 vmnet8 ------------- eth0 is my default route to the Linksys router connected to the cable modem. eth1 is my connection to 192.168.1 subnet and it is the gateway for all other machines on this subnet. My routing table is: # netstat -nr Kernel IP routing table Destination

hi, in the masq file''s documentation, there is a sentence: "If you have a static IP on that interface, listing it here makes processing of output packets a little less expensive for the firewall." this realy means that SNAT to the primary address is less expensive than a MASQ rules in the netfilter? is this documented anywhere in iptables/netfilter? thanks. -- Levente

Hi for all ... I just read all doc about ip alias in Shorewall . If I am right, I can not use ip alias with masq, it is right ? What I am trying to do is create an ip alias in my internal network interface and use it for tests purpose ( specifically for getting familiar with multi ISP shorewall config ) The actual system is working fine with the ip 192.168.1.1 in eth1, eth0 is my dsl provider .

Hi everybody. I''m sorry to bother you because I''m probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can''t get masq working. Maybe this is because

Bedankt voor uw bericht. Online4You is sinds 1 augustus niet meer operationeel. Per e-mail hebben wij u geinformeerd over de omstandigheden en uw opties. Helaas kunnen wij u niet meer helpen, uw mail wordt niet doorgestuurd en/of beantwoord. Indien uw abonnement is overgenomen door KovoKs, kijk dan voor contactgegevens op https://www.kovoks.nl/. Dank voor uw vertrouwen de afgelopen jaren! Met

L.P.H. van Belle writes: > is the time in sync on your servers ? Yes it is. I managed to make it work by specifying the primary DC as nameserver in /etc/resolv.conf of the secondary DC. As soon as I do that, samba_dnsupdate works on the secondary. When I change it back to use the local Samba as resolver, it no longer works. So it is a DNS issue (possibly related to replication

Dovid Bender writes: > The tcpdump that you are running is on the Asterisk box or via port > mirroring? It's on the asterisk box itself. I've already replaced the network card - no change. Thanks, Roel > Regards, > > Dovid > > -----Original Message----- > From: Roel van Meer <roel at 1afa.com> > Sender: asterisk-users-bounces at

Hi All, Our internal users need to connect to the bank to do internet banking. The bank requires that the client computers connect to ports 15000-15010. In Shorewall how do I do a masq for anyone trying to connect to these ports? Thanks Raymond

I'm on too many lists already, so haven't joined this one. If you have things that I really need to know, please reply or CC me off-list. I often work through masqueraded (NAT) links, and find that the following patch is able to keep an idle ssh link up where nothing else will. Please consider making it a part of the main ssh package.

Hello, > My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN. I am little confused about NAT. I have a static IP from ISP I want to do a NAT on eth0. What should I use in shorewall masquerading or static nat ? Thanks Varun

Hi Roel Just guessing: do you have conntrack enabled? If not, "modprobe nf_conntrack_netlink" (you can remove it and its dependencies later) What are the outputs of sysctl net.netfilter.nf_conntrack_count and sysctl net.netfilter.nf_conntrack_max when the problem shows up? cheers Ethy On Thu, 31 Mar 2016 12:17:12 +0000 "Dovid Bender" <dovid at telecurve.com>