similar to: Shorewall 4.4.19 Beta 1

Hi I have shorewall/iptables running on my server (pub) but access to localhost is blocked then I attemp to use ping localhost, telnet localhost 25, echo Hello | sendmail -v root@localhost. All these commands were run after using shorewall reset and creating the attached file. All these commands work with shorewall clear. My problem is I can''t email the root messages from (pub) to

I have a multi-isp configuration: CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0 IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0 where I force SMTP out one of the connections: 512:P br-lan - tcp 25 But the effect of that of course is that if IGS goes down, SMTP will leak out of the CGCO connection. How can I prevent that? Cheers, b.

Hi All, I use rather old Shorewall 3.2.6 and I know it''s no longer supported. I haven''t been updating the software because it works as intended until now. The problem is a simple DNAT rule. I actually have around 8 DNAT rules and they all work just fine. Here is what I want to achieve. I have a SMTP server in my LAN (lets say address 192.168.1.10). The SMTP daemon listens on

Hi, My firewall is a machine running Debian Squeeze with shorewall 4.4.11.6. /etc/shorewall/policy says this: loc $FW ACCEPT loc loc ACCEPT loc net ACCEPT $FW net ACCEPT $FW loc ACCEPT net all DROP # info all all REJECT

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

Tom In Shorewall6 4.4.27 the following proxyndp entry: 2001:4d48:ad51:24::f3 eth2 eth0 no no does not add the required route. The code produced in /var/lib/shorewall6/.restart is: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add 2001:4d48:ad51:24::f3/128 dev eth2 Splitting the line into 2 separate lines: qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

I cannot connect to the INTERNET via my stand alone computer or my wireless laptop with the /etc/shorewall/interface setting I have. What Interface setting will allow me to connect to the Internet? Please see attached document for more details. ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT

Hello, is it possible that the number of bands for the PRIO qdisc is limited to 16? tc qdisc add dev $DEVICE root handle 1: prio bands 16 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 succeeds but tc qdisc add dev $DEVICE root handle 1: prio bands 17 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 returns: ''RTNETLINK answers: Invalid argument'' Is there any possibility to raise the

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in

Shorewall 4.3.7 is available for testing. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 7 ---------------------------------------------------------------------------- 1) Klemens Rutz reported a problem that affects all Shorewall-perl 4.2 and 4.3 versions. The problem: a) Only occurs when

Hi, I have a server and ten clients in a Gigabit network. The server has 125mbps network bandwidth. I want that the server has 40Mbps bandwidth reserved for client 1 (IP 192.168.5.141), and the rest bandwidth is for all other clients. My script looks like this (I use IFB for incoming traffic): #!/bin/bash export TC="/sbin/tc" $TC qdisc add dev ifb0 root handle 1: htb default 30

Hi all, Here is something that i still haven''t understood. When installing PRIO, it creates 3 "classes" with priority level according to the TOS. That command line : # tc qdisc add dev eth0 root handle 1: prio give that result : # tc qd sh qdisc prio 1: dev eth0 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 How should i read that priomap, what does it mean and how to

IMHO, the priomap explanation in the 9.2.1.1. of the LARTC HOWTO is not clear enough. I only understood it''s real behavior until I read this document from Russell Stuart: http://ace-host.stuart.id.au/russell/files/tc/doc/tc/priority.txt So, based in this information, I''ve prepared an alternative priomap explanation for this section of the HOWTO, if you like it as it is I could

hello to all i''m trying to set a filter but doesn''t want to work. i''ve set ut the qdiscs and the classes like this : tc qdisc add dev ppp0 root handle 1: htb default 20 tc class add dev ppp0 parent 1: classid 1:1 htb rate 120kbit tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 30kbit ceil 120kbit tc class add dev ppp0 parent 1:1 classid 1:21 htb rate 30kbit ceil