similar to: Shorewall 4.5.0 Beta 3

The Shorewall Team is pleased to announce the availability of Shorewall 4.5.0. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair included in 4.4.27.1-4.4.27.3. 2) The start

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to

Hi, I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected... When all providers are up, everything seems fine. When one goes down, lsm says "link <provider> down event"... and it seems ok but we then experience some problems such as a few unreachable sites, DNS problems... If I remove the downed provider from all confs and restart, everything works again.

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

hi I''ve got the situation that I have a virtual shorewall firewall/router which will get different single ip''s on one interface in different subnets with different gateways which need to be nat''ed to the inside network. I''d really love to do proxy arp but the provider isn''t able to give me an ip range (cloud computing hooray). If I understand it

hi, I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain local IPs are directed to a specific ISP in route_rules, and this was working perfectly. I had to reinstall Mandriva, and after that this redirection is not working. My files are: masq: eth1 192.168.10.3 202.71.146.210 eth2 202.71.146.210 192.168.10.3 eth1 eth0 202.71.146.210 eth2 eth0 192.168.10.3 interfaces:

Hello Guys I have problem with internet bank. I have 2 Internet links balancing mode, thus the bank is charging connection down. I tried to force Internet traffic (port 80 and 443) for only a link, however it did not work. How do I make a setting to force the connection to these ports for a specific link. Note: I can not use the file as route_rules have neither the source IP (ltsp) nor of

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP

I''m pleased to announce that Shorewall 3.4.0 Beta 1 is available at ftp://shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1 and at mirror sites world wide. The release notes can be viewed at ftp://shorewall.net/pub/shorewall/development/3.4/shorewall-3.4.0-Beta1/releasenotes.txt Release Highlights 1) Shorewall can now be taylored to reduce its footprint on embedded

Our setup: server running shorewal 4.5.2.2 and watchguard vpn appliance. VPN appliance was supplied by our document flow provider. I want to route traffic to 192.168.2.0/24 via 10.10.10.1 gateway. So I thought it would be a good idea to set it up as another ISP in the providers file. But when I enable it I can reach 192.168.2.0/24 subnet but not internet. Can you please tell what I am doing

Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.8 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.8 New in this release: 1) Shorewall now verifies that your kernel and iptables have physdev ~ match support if BRIDGING=Yes in shorewall.conf. 2) Beginning with this release, if your kernel and iptables have ~ iprange match support

This morning as I was reviewing the changes occuring between 1.3.12 and 1.3.14, I noticed that I had neglected to document one new feature included in 1.3.14. In /etc/shorewall/tcrules, the MARK value may be optionally followed by ":" and either ''F'' or ''P'' to designate that the marking will occur in the FORWARD or PREROUTING chains respectively.

Hi to the list, I configured a multi-provider setup with /etc/shorewall/providers: Orange 1 1 main eth1 81.255.74.150 track,balance=1 eth0 Free 2 2 main eth2 88.180.116.254 track,balance=3 eth0 and /etc/shorewall/tcrules: 2:P 192.168.2.0/24 0.0.0.0/0 tcp 143 2:P 192.168.2.0/24

Hello everybody, I have a problem with LDAP userdb and dovecot. Let me first explain my LDAP configuration: I got three Active Directory LDAP servers (a.galliera.it, b.galliera.it, c.galliera.it) responding round robin to the name galliera.it. I want to use LDAP for the userdb lookup, so I configured dovecot-ldap-userdb.conf.ext as follow: hosts = galliera.it # round robin base =

Dear List, I'm getting weird and unexpected behaviour using time and %%, or %/%. It's likely I'm not appreciating the nuances of floating point arithmetic. Or it could be a bug. I'm running > R.version _ platform x86_64-redhat-linux-gnu kernel 2.6.33.8-149.fc13.x86_64 arch x86_64 os linux-gnu system x86_64, linux-gnu

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in