similar to: Traffic Routing/Shaping Problem

I made a script to test if in a moultiple gateway setup all default connection are up, regardless of the fact that that gateway is the default gw. Suppose adsl1 and adsl2 are present, and all traffic goes by default to adsl1, and you want to test if adsl2 is ok. 1. I use mangles from iptables to mark icmp packets to some test machines 2. I set up a routing table for each adsl 3. I use

Hi folks, I know this isn''t a shorewall question, but i''m hoping someone can point me to the right place to look for answers on this (since, as Tom suggests, search engines are useless for some things): Here is my firewall setup: ADSL1 ADSL2 dialup \ | / firewall | DMZ It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is

Hello, We have 3 DSL connections connected to eth3 and another interface with a dedicated link in eth0 (main table) We want to balance selected traffic (using fwmark and iptables) through our 3 DSL connections in a secondary table named DSL (without using the dedicated link in eth0), but the next command is not accepted, and gives us the following error: # ip route add default

Hi William. Thanks a lot for your help. Im having some trouble recompiling my kernel after a installed the patch. Im running RH 7.3 with kernel 2.4.18-3. The patch I installed is routes-2.4.16-6.diff. I got no errors installing it. I added the multipath support, and recompiled it. The make dep and the make bzImage went fine. I got error during the make modules. These are the errors:

Hi, I''ve setup a gateway using multiple default gateways and netfilter MASQUERADE to load balance traffic between two DSL interfaces and one dedicated link, and when I try to download something big, or when I''m using MSN (both in clients under this gateway), sometimes, or most times, after a while the connection timeouts. The connection doesn''t seem to change its

I have a dependency loop reported but I can not see how this can be: class monitor { class pulledpork ( $master) { exec { "/home/snort/bin/pulledpork -nc conf/$master/pp.conf": cwd => "/home/snort", subscribe => [File["/home/snort/conf/$master/pp"], File[ "/ home/snort/Rules/$master"] ], notify =>

I'm using shorewall 3.0.4 with ubuntu dapper. I've compiled the kernel with the option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n. I had a trouble with, pptp connection, I'm trying to connect a using microsoft vpn a vpn server out of my lan, and don't work. My files <providers> ADSL1 1 1 main eth1.600 10.190.1.1 track,balance eth0 ADSL1 2 2 main eth1.601 10.190.2.1

Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net

Hi, i connect to the internet over my eth4 interface using pppoe. The internet always comes on ppp0. I am trying to setup an L2TP/IPSEC VPN and i am reading http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP I notice in the example the interfaces file is given as: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect routefilter loc eth1

Hi, I wanted to configure the following : 1. VPN + some other special connections (TCP 82,8282,23,22 and ICMP) to have priority over the rest 2. special upstream for our updating system on port 4000 3. within the VPN tunnels citrix traffic ( TCP 1494, 2598) + icmp has priority I need this for both incoming and outgoing traffic as it is the bandwith managment config on a central system from

I have a server, server A, with three NICs: two to the Internet via separate ADSL modems, and one to the LAN. The two ''net'' interfaces are configured as described at http://www.shorewall.net/MultiISP.html. This has been working for a number of months. I am now testing an OpenVPN link between server A and another (currently single-ISP) server (server B). I can establish the VPN

Hi, I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected... When all providers are up, everything seems fine. When one goes down, lsm says "link <provider> down event"... and it seems ok but we then experience some problems such as a few unreachable sites, DNS problems... If I remove the downed provider from all confs and restart, everything works again.

I am trying to import a hash definition from a separate file but this fails whereas including the text verbatim in the original manifest works fine: class monitor ($master, $interface) { # import "masters.pp" $sensor_rule_categories = { ''dmzo'' => [scan,finger,ftp,telnet,rpc,rservices,ddos,dns,tftp,web- coldfusion,misc,web-php,x11,attack-responses,

Hi, I've been very puzzled lately. I installed a phone system for a friend a few weeks ago, and they're having a problem that I can't get rid of, actually 2 problems. Before I go into the problems, let me tell you about the setup. It's a pretty small setup with only 4 handsets, all Polycom 320s, the server is a Dell SC440 with Intel E2180 CPU (dual core, 2GHz) and 512MB Ram.

I''m working on setting up a new router/server/etc. box. I''m using Proxmox as the base system (Debian Lenny basically). I''m trying to figure out the right way to configure Shorewall on it. I''ve looked at some of the bridging info but they seem to all be talking about single-interface setups. Could someone look over my setup and give me some input into the

Hello, I would appreciate any feedback/suggestions on my Shorewall configuration for a standalone laptop Debian Squeeze configuration for ppp0 and wlan0, set out below: ------------------ My current system: ------------------ I have successfuly configured Shorewall 4.4.11.6 on my standalone Debian Squeeze laptop for a ppp0 (Mobile broadband) connection using GNOME PPP, works great (refer to

Hello , The folllowing is the error problem: Validating interfaces file... ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2 The shorewall interface file: net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians P.S. I tried to remove norfc1918 from interface

Hi guys, i have a 2-interfaces nic cards Shorewall 3.0.x Firewall. I need to allow access to an internal saprouter server from internet. When i try a connection from the sapgui from a workstation on Internet i get a connection time-out on port 3299 by the saprouter My shorewall interfaces configuration is: ZONE INTERFACE BROADCAST OPTIONS loc eth3 detect

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

Hi all, I have a strange problem in trying to install a transparent proxy (in my internal net not on the shorewall server) according to the instructions as outlined in http://www.shorewall.net/Shorewall_Squid_Usage.html#Local My Network looks the following: Internal Net: 10.0.0.0/24 Squid Server listening on port 3128 (ip 10.0.0.152, DNS name server01) | |