similar to: Re: Tc rules Help with multiISP + squid& squidguard...

In policy $FW Net ACCEPT Dump.rar join THX -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 12 octobre 2006 21:22 À : Shorewall Users Objet : Re: [Shorewall-users] Tc rules Help with multiISP + squid& squidguard... Joffrey FLEURICE wrote: > > >

I have delete "lo" Zones And Interface and rebuild all the firewall >From Local I ping www.google.fr with DNS resolution DNSMASK installed on the firewall. POSTFIX and Squid+SquidGuard Installed on firewall All clients machines have the IP of Firewall for Dns resolution New Dump joint Without Squid : I surf and all works perfectly With Squid And REDIRECT rule : surf Is VERY TOO

Yessssssssssssssssssss !! THANKSS it Works !!!! Thanks a lot, if you come to Lille,France I''ll Offer you a big Beer) Joffrey -----Message d''origine----- De : shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall-users-bounces@lists.sourceforge.net] De la part de Tom Eastep Envoyé : jeudi 19 octobre 2006 21:46 À : Shorewall Users Objet : Re: [Shorewall-users] Tcrules

I found that in my kernel config : # CONFIG_NET_KEY is not set CONFIG_INET=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_PNP is not set # CONFIG_NET_IPIP is not set # CONFIG_NET_IPGRE is not set But no CONFIG_IP_ROUTE_MULTIPATH_CACHED. -----Message

>If you > >a) Have the correct REDIRECT rule (which you do); and >b) Are accepting $FW->Net HTTP traffic (which you are -- at least with your >policy); and >c) DNS works from your firewall (I assume it does since you are wide open >from $FW->Net); then >The problem is in your Squid configuration (this is true in %90 of the >reports on this list where Squid

Tom wrote : >My advice to you is still the same -- you are going to have to use tcpdump >or ethereal to see what is happening. You have the computer there in front >of you >-- we don''t. So only you are going to be able to solve this. We are not. >From the dump you sent, it looks like many SYN packets are being sent on >ppp0 >and never replied to. So you need to

I'm using shorewall 3.0.4 with ubuntu dapper. I've compiled the kernel with the option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n. I had a trouble with, pptp connection, I'm trying to connect a using microsoft vpn a vpn server out of my lan, and don't work. My files <providers> ADSL1 1 1 main eth1.600 10.190.1.1 track,balance eth0 ADSL1 2 2 main eth1.601 10.190.2.1

I have a server, server A, with three NICs: two to the Internet via separate ADSL modems, and one to the LAN. The two ''net'' interfaces are configured as described at http://www.shorewall.net/MultiISP.html. This has been working for a number of months. I am now testing an OpenVPN link between server A and another (currently single-ISP) server (server B). I can establish the VPN

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to

Hi list, My network was assigned a private AS and my ISP(4) urged me to use BGP ! My Other 3 providers on my Shorewall BOX are typical aDSL lines while the 4th is an 1G optical uplink with 64 addresses. Currently I am in a balance, track mode in shorewall ISP setup.. After I installed - configured and started zebra + bgp my static routing tables got filled with about 850 static routes to

by the way, how come the list got another "mail delivery system" email whenever i sent a post?...weird... On 8/30/06, Mail Delivery System <MAILER-DAEMON@mx3-83.sinamail.sina.com.cn> wrote: > This is the Postfix program at host mx3-83.sinamail.sina.com.cn. > > I''m sorry to have to inform you that your message could not > be delivered to one or more recipients.

Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP

Shorewall have OpenVPN itself or need install OpenVPN for Shorewall to run ? Thank _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere

Can anyone recommend a captive portal solution that is compatible Shorewall? I know they are not completely secure but I have use for it. Thanks! Matt Burleigh Senior Systems Engineer 703-236-0800 ext 790 ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with

Hello, I want set the accounting function for web traffic, when I use shorewall show web it can''t show anything. accounting file: GROUP web:COUNT - eth1 eth0 tcp 80 80 web:COUNT - eth0 eth1 tcp 80 80 Thank ! _______________________________________ YM - 離線訊息

Hi all, (not sure that this is the right places where send this. sorry) I think that http://www.shorewall.net/Shorewall_Squid_Usage.html must be updated. The current SQUID version (2.6) don''t support anymore the ''httpd_accel'' directives. So anyone that would follow this guide for configure a transparent proxy will receive an error 400. Please modify the guide as

Just a note that the 3.3 development release notes (ftp://shorewall.net/pub/shorewall/development/3.3/shorewall-3.3.0/relea senotes.txt) have a typo under the Migration Considerations. <current> /etc/shorewall/accounging. </current> <fixed> /etc/shorewall/accounting. </fixed. Regards, - Craig.

My Shorewall server /var/log/messages only have loc2fw, net2fw, I want display net2loc, how can do that? Thank _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier

Hi guys, i have a 2-interfaces nic cards Shorewall 3.0.x Firewall. I need to allow access to an internal saprouter server from internet. When i try a connection from the sapgui from a workstation on Internet i get a connection time-out on port 3299 by the saprouter My shorewall interfaces configuration is: ZONE INTERFACE BROADCAST OPTIONS loc eth3 detect

Hi All: Ok, here is my network: 192.168.1.0/28 is the network behind the Cisco, the Gig0/1 interface is 192.168.1.1. Linux box is 192.168.1.96/28 behind with 192.168.1.97 the Eth1 interface. I have the Ipsec tunnel up and working between them using preshared keys. So that works. Here is the Cisco tunnel setup: interface Tunnel6 ip address 192.168.2.110 255.255.255.240 tunnel source