similar to: Problem with masquerading and bridges

Hello, after upgrading Shorewall (see subject) and Gentoo-Linux (from Kernel 2.6.12 to 2.6.15, both with Gentoo patches, e.g. not Vanilla) the firewall on our load balancer rejects HTTP packets for the VIP with >Mar 5 23:22:51 balance Shorewall:all2all:REJECT:IN= OUT=eth0 >SRC=XX.XXX.XXX.XXX >DST=XXX.XXX.XXX. XXX LEN=48 TOS=0x00 PREC=0x00 TTL=114 >ID=26421 DF PROTO=TCP SPT=2025

I have two feeds, one with a static IP and one with a dynamic IP. How can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t think the gateway will change, just the interface IP. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com --

Is it possible to filter HTTP signatures/headers with SHOREWALL ? or is there addon for it ? take care *º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.Net email

Hello People I''m new here, so forgive-me for any "newbie talk". My client is running Debian Sarge (Stable), with Shorewall and Webmin. I want to make things easier for them and tried to use the webmin-shorewall module. The thing is - the installed shorewall is 3.0.5 (package from testing) but the webmin module only understands (and builds) the old shorewall 2.x file

Hi everybody. We are running Shorewall and Squid on Suse on the same box. Each is working fine independently, but we can''t get them to cooperate. The access log in squid shows no requests when Shorewall is on. Here are all the changes we made in the configuration files. Everything else is the same. We have read through the mailing list and the guide, but still haven''t figured it

I would lilke to shape upload ftp bandwidth in a dual ISP setup [shorewall show connections] tcp 6 431215 ESTABLISHED src=192.168.2.89 dst=83.xxx.xxx.23 sport=1487 dport=21 src=83.xxx.xxx.23 dst=10.0.11.2 sport=21 dport=1487 [ASSURED] use=2 mark=1 [tcdevices] #INTERFACE IN-BANDWITH OUT-BANDWIDTH $EIF 970kbit 245kbit $LIF 970kbit 245kbit

I want smtp requests from the internet to address 202.1.2.3 are to be forwarded to 192.168.1.109, so I set ORIGINAL DEST is 202.1.2.3 but when I restart it show error: iptables v1.2.11: invalid TCP port/service `210.0.214.212'' specified Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -A net2loc -p tcp

I''m planning a multi isp setup and cafully read the documentation. One thing that bothers me is the masq file. The example uses a single ip address on each public interface. I have multiple addresses on both public interfaces (16 on one and 64 on the other). I''m a bit confused about what to put in the masq file in this situation. Any insights would be appreciated. Ronald --

I''m converting my network from a "one interface per segment" to a "single connection with vlans", well, some hardware I have requires using different vlan IDs. suffice it to say I need bridges to connect a few different vlans that should all be one but can''t be because of firmware constraints. so my first step is to get shorewall to know about bridges.

Hi, I am planning to use <firestarter> to manage the incoming and outgoing network connections. Please give me some valuable read abouts and tips about this package. - Will it be a good choice for network management? What are the other options? If i choose to install Firestarter : - Have you installed and used Firestarter in CentO 5.5? If yes,Please share the process of installation.

>Date: Sun, 17 Apr 2005 13:28:05 -0400 >From: "ryanag@zoominternet.net" <ryanag@zoominternet.net> >Subject: Re: [Shorewall-users] dumb, dumb question **follow-up on > support-request documentation** >To: Tom Eastep <teastep@shorewall.net> >Cc: Mailing List for Shorewall Users > <shorewall-users@lists.shorewall.net> >Message-ID:

Hello, I see manage of firewall in CentOS (called security), and seems difficult to manage, not enough powerful. I am searching a middle term between scripts of iptables to manage and Security manager of CentOS. I know FireStarter, another similar? -- Devel in Precio http://www.pas-world.com

Hello Shorewall users, I have some questions I am hoping someone can answer. I have searched around the archives but so far I have been unable to find answers. I am trying to configure traffic shaping on my router/firewall box running Shorewall 3.0.5/kernel 2.4.31 and have run into some problems/questions. My basic set up is: 1500/256kbit ADSL (PPPoE/ppp0) -> Shorewall box

Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc). Kernel 2.4.29 tcdevices, tcrules, and tcclasses are clones of the wondershaper example (http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp. With TC_ENABLED=Internal in shorewall.conf: ---- Validating /etc/shorewall/tcdevices... Validating /etc/shorewall/tcclasses... ERROR: device A seems not to be

and Here is my rule that did this DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,... What I was trying to achieve: Since I am only using 3/16, I wanted to fake the rest of them as being alive hosts. Only to accept pings and some allowed protocols accessed from the net. What is wrong with my rule? Will REDIRECT work ??? Harry Regards.

Well I think this system is back on 3.5. How do I tell? Have not used it in a while... I need a NAT for some quick testing and this box was available. Only a 6gb drive, so I can't install Astaro (which I have licenses for). So is there a simple way to turn on NATing? Should I upgrade to 4.2? This box is behind a firewall, so security risks are not the issue. This time.

Hi, I'm using the generic system-config-securitylevel-tui program on a remote server to configure my firewall. So far it's been fairly decent, allowing me to open up ports and whatnot. But I want to start blocking a couple of outgoing ports on my machine. I want to lock it down so the only traffic going in our out of my machine is stuff that I specify. Is there a way to do this

Now I step by step to configure Shorewall to match my school environment, the following error when I restart the Shorewall. ..End Macro iptables v1.2.11: Unknown arg `--sports'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports !

I have two external interfaces in a Multi-ISP config. I allow access to port 81 for a webcam, but I only want that to work for one of the interfaces, and I want to limit the connections to it by maximum time for one user, or failing that, maximum connections, as people just leave it running on their desk all day (it''s a Caribbean beach so people sit and dream). ow do I do that as

Hello List, I tried to set up openvpn with the shorewall on my openwrt box but failed! I am not able to access the "loc"al Network from my vpn. I followed the roadwarrior setup. I define a vpn zone, that should be able to access the firewall and the local network: vpn fw ACCEPT info fw loc ACCEPT info vpn