Displaying 20 results from an estimated 4000 matches similar to: "two-interfaces problem"
2006 Sep 14
5
Shorewall make my firewall fly!
I''ve just put in production a Linux firewall with 4 ethernet interfaces
and 3 openvpn tun virtual interfaces.
With Shorewall everything work like a charm (only a little hassle with
some details, due to bad configuration, not bugs!)
Great tool!
Tom and other Shorewall developers, you all are great!
Bye (and sorry for my bad english)
-- 
Paolo Basenghi - Centro elaborazione dati
2006 Jun 30
5
WG: OpenVPN question
Shorewall can run without openvpn, but you need it if you want to establish private networks through public structures. 
-----Ursprüngliche Nachricht-----
Von: info@kws-netzwerke.de [mailto:info@kws-netzwerke.de] 
Gesendet: Freitag, 30. Juni 2006 12:52
An: 'Shorewall Users'
Betreff: AW: [Shorewall-users] OpenVPN question
Shorewall is able to work with openvpn but it isn´t a bundle of a
2007 Feb 09
26
transient "martian source ..." errors
Hi All,
As you probably all know :-) I''m trying to do the multi-isp thing.  I''ve
resolved my last issue with the route_rules as suggested by Tom and
Jerry suggested.
Lately I have been seeing "transient" (I say transient because the
problem will persist for a while and then magically clear itself up some
number of minutes later) situations where my gateway will log:
2006 Aug 23
5
OpenVPN and multiple ISPs
I have a server, server A, with three NICs: two to the Internet via
separate ADSL modems, and one to the LAN. The two ''net'' interfaces are
configured as described at http://www.shorewall.net/MultiISP.html. This
has been working for a number of months.
I am now testing an OpenVPN link between server A and another (currently
single-ISP) server (server B). I can establish the VPN
2006 Jun 30
2
OpenVPN question
Shorewall have OpenVPN itself or need install OpenVPN for Shorewall to run ?
   
  Thank
 _______________________________________
 YM - 離線訊息
 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。
 http://messenger.yahoo.com.hk
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere
2006 Aug 29
3
masq problem
Hi everybody.
I''m sorry to bother you because I''m probably doing something wrong, but 
I have already read the documentation and I have been using shorewall 
for quite a long time.
I recently installed 3.2.3 from source (but there was the same problem 
with 3.0.7 from apt-get ... -t unstable)
The thing is, that I can''t get masq working. Maybe this is because 
2007 Feb 03
3
Shorewall and Squid 2.6
Hi all,
(not sure that this is the right places where send this. sorry)
I think that http://www.shorewall.net/Shorewall_Squid_Usage.html must be
updated.
The current SQUID version (2.6) don''t support anymore the ''httpd_accel''
directives.
So anyone that would follow this guide for configure a transparent proxy
will receive an error 400.
Please modify the guide as
2006 Aug 19
2
Accounting
Hello,
   
  I want set the accounting function for web traffic, when I use shorewall show web it can''t show anything.
   
  accounting file:
   
  GROUP
web:COUNT -     eth1            eth0            tcp     80              80
web:COUNT -     eth0            eth1            tcp     80              80
   
   
  Thank !
 _______________________________________
 YM - 離線訊息
2006 Aug 29
2
Re: Undelivered Mail Returned to Sender
by the way, how come the list got another "mail delivery system" email
whenever i sent a post?...weird...
On 8/30/06, Mail Delivery System
<MAILER-DAEMON@mx3-83.sinamail.sina.com.cn> wrote:
> This is the Postfix program at host mx3-83.sinamail.sina.com.cn.
>
> I''m sorry to have to inform you that your message could not
> be delivered to one or more recipients.
2006 Oct 23
3
command not found error
I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I 
start Shorewall I get this:
/usr/share/shorewall/firewall: line 204: 4: command not found
I looked there and found this:
# Run ip and if an error occurs, stop the firewall and quit
#
run_ip() {
    if ! ip $@ ; then
        if [ -z "$STOPPING" ]; then
            error_message "ERROR: Command \"ip
2006 Aug 08
2
Captive Portal compatible with Shorewall
Can anyone recommend a captive portal solution that is compatible
Shorewall? I know they are not completely secure but I have use for it.
 
Thanks!
 
Matt Burleigh
Senior Systems Engineer
703-236-0800 ext 790
 
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with
2006 Oct 13
3
Re: Tc rules Help with multiISP+ squid& squidguard...
>If you
>
>a) Have the correct REDIRECT rule (which you do); and
>b) Are accepting $FW->Net HTTP traffic (which you are -- at least with
your
>policy); and
>c) DNS works from your firewall (I assume it does since you are wide
open >from $FW->Net); then
>The problem is in your Squid configuration (this is true in %90 of the
>reports on this list where Squid
2006 Apr 22
6
bridge firewall with two nets
Hi
I would like to use shorewall for my bridge firewall.
I just read the howto http://www.shorewall.net/bridge.html
But in this howto there are only one net behind the bridge and have
two nets behind my bridge.
Can I use shorewall with two nets behind the bridge.
Thanks in advance.
roberto
--
Ing. Roberto Pereyra
ContenidosOnline
Servidores BSD, Solaris y Linux
Soporte técnico ISPs
2007 Feb 02
13
Client cannot connect to Internet
Hello List,
This is my first post to the list, and as such I apologize for the length of
it. I tried to put as much detail into this as possible.
I recently installed Shorewall on a computer running Gentoo Linux. The
computer has 3 network cards in it, but I''ve only configured 2. Going the
cheap route, I''m connecting my client directly to my firewall using a
crossover cable.
2006 Aug 18
3
DNAT Security Hole?
# shorewall version
3.2.1
SNAT is enabled.  Setting up DNAT to do port forwarding -- this example
looked exactly like what I wanted:
(FAQ 1c) From the internet, I want to connect to port 1022 on my firewall
and have the firewall forward the connection to port 22 on local system
192.168.1.3. How do I do that?
In /etc/shorewall/rules:
#ACTION    SOURCE   DEST                PROTO    DEST PORT
2006 Oct 17
2
Re: Tc rules Help with multiISP+ squid& squidguard...
Tom wrote :
>My advice to you is still the same -- you are going to have to use
tcpdump >or ethereal to see what is happening. You have the computer
there in front >of you
>-- we don''t. So only you are going to be able to solve this. We are
not.
>From the dump you sent, it looks like many SYN packets are being sent
on >ppp0
>and never replied to. So you need to
2006 May 14
6
How do I limit download speed by ip address on the LAN?
Hello there,
 
I can modify /etc/shorewall/tcdevices to control overall IN-BANDWITH. It is quite effective. Just change 2mbit to 128kbit.
 
However, how do I limit download speed for a certain host IP on the LAN? I want to limit host 192.168.1.140 download speed to 128Kbit. Other hosts on the 192.168.1.0 LAN can still surf at 2mbit.
 
Any input welcome.
 
Kind Regards,
 
Michael
2006 Aug 21
1
Multiisp and pptp
I'm using shorewall 3.0.4 with ubuntu dapper. I've compiled the kernel
with the option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n. 
I had a trouble with, pptp connection, I'm trying to connect a using
microsoft vpn a vpn server out of my lan, and don't work.
My files
<providers>
ADSL1	1 	1	main	eth1.600	10.190.1.1	track,balance	eth0
ADSL1	2 	2	main	eth1.601	10.190.2.1
2006 Aug 29
1
Typo in 3.3 release notes
Just a note that the 3.3 development release notes
(ftp://shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.0/relea
senotes.txt) have a typo under the Migration Considerations.
<current>
      /etc/shorewall/accounging.
</current>
<fixed>
      /etc/shorewall/accounting.
</fixed.
Regards,
- Craig.
2006 Jun 30
1
Newbie Log question
My Shorewall server /var/log/messages only have loc2fw, net2fw, I want display net2loc, how can do that?
   
  Thank
 _______________________________________
 YM - 離線訊息
 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。
 http://messenger.yahoo.com.hk
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier