Displaying 20 results from an estimated 12000 matches similar to: "Problem with masquerading and bridges"
2006 Mar 06
7
LVS-DR + Shorewall Upgrade 3.0.2 -> 3.0.4 => Trouble
Hello,
after upgrading Shorewall (see subject) and Gentoo-Linux (from Kernel 2.6.12
to 2.6.15, both with Gentoo patches, e.g. not Vanilla) the firewall on our
load balancer rejects HTTP packets for the VIP with
>Mar 5 23:22:51 balance Shorewall:all2all:REJECT:IN= OUT=eth0
>SRC=XX.XXX.XXX.XXX >DST=XXX.XXX.XXX. XXX LEN=48 TOS=0x00 PREC=0x00 TTL=114
>ID=26421 DF PROTO=TCP SPT=2025
2006 Mar 24
10
Multi-ISP with one Dynamic IP
I have two feeds, one with a static IP and one with a dynamic IP. How
can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t
think the gateway will change, just the interface IP.
--
Chris Mason
NetConcepts
(264) 497-5670 Fax: (264) 497-8463
Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271
Cell: 264-235-5670
Yahoo IM: netconcepts_anguilla@yahoo.com
--
2006 Mar 01
4
filtering HTTP signatures / headers ?
Is it possible to filter HTTP signatures/headers with
SHOREWALL ? or is there addon for it ?
take care
*º¤., ¸¸,.¤º*¨¨¨*¤ Stingray *º¤., ¸¸,.¤º*¨¨*¤
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-------------------------------------------------------
This SF.Net email
2006 Apr 02
5
Help with Webmin Module
Hello People
I''m new here, so forgive-me for any "newbie talk".
My client is running Debian Sarge (Stable), with Shorewall and Webmin. I want
to make things easier for them and tried to use the webmin-shorewall module.
The thing is - the installed shorewall is 3.0.5 (package from testing) but the
webmin module only understands (and builds) the old shorewall 2.x file
2006 Mar 26
6
Shorewall and squid not wokring together
Hi everybody. We are running Shorewall and Squid on
Suse on the same box. Each is working fine
independently, but we can''t get them to cooperate. The
access log in squid shows no requests when Shorewall
is on. Here are all the changes we made in the
configuration files. Everything else is the same. We
have read through the mailing list and the guide, but
still haven''t figured it
2006 Mar 29
9
Ftp upload shaping 2 ISP\'s problems....
I would lilke to shape upload ftp bandwidth in a dual ISP setup
[shorewall show connections]
tcp 6 431215 ESTABLISHED src=192.168.2.89 dst=83.xxx.xxx.23 sport=1487 dport=21 src=83.xxx.xxx.23 dst=10.0.11.2 sport=21 dport=1487 [ASSURED] use=2 mark=1
[tcdevices]
#INTERFACE IN-BANDWITH OUT-BANDWIDTH
$EIF 970kbit 245kbit
$LIF 970kbit 245kbit
2006 Apr 26
2
How can set ORIGINAL DEST in rules?
I want smtp requests from the internet to address 202.1.2.3 are to be forwarded to 192.168.1.109, so I set ORIGINAL DEST is 202.1.2.3 but when I restart it show error:
iptables v1.2.11: invalid TCP port/service `210.0.214.212'' specified
Try `iptables -h'' or ''iptables --help'' for more information.
ERROR: Command "/sbin/iptables -A net2loc -p tcp
2006 Apr 04
4
Multi ISP, multi address, masq file
I''m planning a multi isp setup and cafully read the
documentation. One thing that bothers me is the masq
file. The example uses a single ip address on each
public interface. I have multiple addresses on both
public interfaces (16 on one and 64 on the other).
I''m a bit confused about what to put in the masq file
in this situation. Any insights would be appreciated.
Ronald
--
2010 Dec 12
3
weird fail with conversion to bridges?
I''m converting my network from a "one interface per segment" to a
"single connection with vlans", well, some hardware I have requires
using different vlan IDs. suffice it to say I need bridges to connect a
few different vlans that should all be one but can''t be because of
firmware constraints. so my first step is to get shorewall to know
about bridges.
2010 May 11
1
Installing Firestarter
Hi,
I am planning to use <firestarter> to manage the incoming and outgoing
network connections. Please give me some valuable read abouts and tips about
this package.
- Will it be a good choice for network management? What are the other
options?
If i choose to install Firestarter :
- Have you installed and used Firestarter in CentO 5.5? If yes,Please share
the process of installation.
2005 Apr 17
29
Re: dumb, dumb question ...
>Date: Sun, 17 Apr 2005 13:28:05 -0400
>From: "ryanag@zoominternet.net" <ryanag@zoominternet.net>
>Subject: Re: [Shorewall-users] dumb, dumb question **follow-up on
> support-request documentation**
>To: Tom Eastep <teastep@shorewall.net>
>Cc: Mailing List for Shorewall Users
> <shorewall-users@lists.shorewall.net>
>Message-ID:
2007 Feb 13
6
Manage of firewall.
Hello,
I see manage of firewall in CentOS (called security), and seems
difficult to manage, not enough powerful.
I am searching a middle term between scripts of iptables to manage and
Security manager of CentOS. I know FireStarter, another similar?
--
Devel in Precio http://www.pas-world.com
2006 Mar 09
3
Shaping questions
Hello Shorewall users,
I have some questions I am hoping someone can answer. I have searched
around the archives but so far I have been unable to find answers. I
am trying to configure traffic shaping on my router/firewall box
running Shorewall 3.0.5/kernel 2.4.31 and have run into some
problems/questions.
My basic set up is: 1500/256kbit ADSL (PPPoE/ppp0) -> Shorewall box
2006 Mar 03
3
tcdevices Error
Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc).
Kernel 2.4.29
tcdevices, tcrules, and tcclasses are clones of the wondershaper example
(http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp.
With TC_ENABLED=Internal in shorewall.conf:
----
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
ERROR: device A seems not to be
2006 Apr 10
2
All kinds of traffic from net - > dmz, nothing gets REJECTED or DROPED
and Here is my rule that did this
DNAT net:eth0 dmz:62.103.xx.101 - - - 62.103.xx.105,103.xx.106,...
What I was trying to achieve:
Since I am only using 3/16, I wanted to fake the rest of them as being
alive hosts. Only to accept pings and some allowed protocols accessed
from the net.
What is wrong with my rule?
Will REDIRECT work ???
Harry
Regards.
2005 Dec 19
3
Setting up a simple NAT on CentOS 3.5
Well I think this system is back on 3.5. How do I tell? Have not
used it in a while...
I need a NAT for some quick testing and this box was available. Only
a 6gb drive, so I can't install Astaro (which I have licenses for).
So is there a simple way to turn on NATing? Should I upgrade to 4.2?
This box is behind a firewall, so security risks are not the issue. This time.
2005 Oct 30
3
blocking outgoing ports with iptables
Hi,
I'm using the generic system-config-securitylevel-tui program on a
remote server to configure my firewall. So far it's been fairly decent,
allowing me to open up ports and whatnot. But I want to start blocking
a couple of outgoing ports on my machine. I want to lock it down so the
only traffic going in our out of my machine is stuff that I specify.
Is there a way to do this
2006 Aug 04
7
Transparent Proxy problem
Now I step by step to configure Shorewall to match my school environment,
the following error when I restart the Shorewall.
..End Macro
iptables v1.2.11: Unknown arg `--sports''
Try `iptables -h'' or ''iptables --help'' for more information.
ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports !
2006 Mar 24
4
Multi-ISP - rules for one interface
I have two external interfaces in a Multi-ISP config. I allow access to
port 81 for a webcam, but I only want that to work for one of the
interfaces, and I want to limit the connections to it by maximum time
for one user, or failing that, maximum connections, as people just leave
it running on their desk all day (it''s a Caribbean beach so people sit
and dream).
ow do I do that as
2006 Apr 08
6
openvpn and shorewall. No Connect to LAN
Hello List,
I tried to set up openvpn with the shorewall on my openwrt box but failed!
I am not able to access the "loc"al Network from my vpn.
I followed the roadwarrior setup. I define a vpn zone, that should be
able to access the firewall and the local network:
vpn fw ACCEPT info
fw loc ACCEPT info
vpn