similar to: Shorewall 4.5.8 IPSEC in a multi-ISP configuration

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to

Hi, I have a multi-isp configuration both on ppp interfaces. As one of them is 32Mbit/s and the other is 8Mbit/s , I have a weight setting of 4 to 1 as in the following providers file entries: vdsl 1 0x10000 - ppp1 - track,balance=4 adsl 2 0x20000 - ppp0 - track,balance=1 I would also like to have fallback between them so that if one is

the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table

----- Mensagem encaminhada por zynkx <skydive@megamail.pt> ----- Date: Tue, 17 Feb 2004 20:25:26 +0000 From: zynkx <skydive@megamail.pt> Reply-To: zynkx <skydive@megamail.pt> Subject: smbspool To: samba@lists.samba.org i am using this command line from a linux client to try to print to my linux samba server with a shared printer, that is printing ok from windows clients. the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

Hi, I''ve been successfully using shorewall in our K12 school since the 2.x days initially on Mandrake and now on Debian. Because of that my config has got quite complicated. The firewall has a working MultiISP setup with four interfaces (I''ve renamed them with udev to easy their identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers (the one on dnt-if) is a DSL

Hello Guys I have problem with internet bank. I have 2 Internet links balancing mode, thus the bank is charging connection down. I tried to force Internet traffic (port 80 and 443) for only a link, however it did not work. How do I make a setting to force the connection to these ports for a specific link. Note: I can not use the file as route_rules have neither the source IP (ltsp) nor of

Hi, in shorewall version 3.4.8 used this rule to block access to Facebook through port 443 (https): /shorewall/rules: REJECT loc net:69.171.224.12, 69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443 What I did was block the public IP network segment to fitthrough https. Now I use this same rule in version 4.4 and I works already. Has anything changed in this

Hi List, I have a new install of CentOS 6.2 and shorewall 4.5.1-2. I usually have no issues with shorewall until now. When I execute < #shorewall start > I get the following error. root@poweredge > /etc/shorewall# shorewall start Compiling... Can''t locate Shorewall/Compiler.pm in @INC (@INC contains: /usr/share/shorewall /usr/local/lib/perl5 /usr/local/share/perl5

Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net

Shorewall 4.5.15 3 Interface setup em1 p3p1 p4p4 ppp0 Hi, Since changing to NetworkManger on Fedora 18 I can no longer connect to the DSL Modem, which is connected to Interface em1. When the NetworkManger brings up the interfaces and ppp0, it no longer assigns an IP to em1. If I have ppp0 disabled and NetworkManger brings up the interfaces, em1 gets an IP of 192.168.1.2. Then when I get

i''m running SW v4.5.14 i''ve created a basic /rules set, referencing a single action: cat /etc/shorewall/rules ############################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS

Hi. I''m migrating to shorewall(6) mgmt of my various firewalls. Simple configs have been easy with the great docs. I''ve got a slightly more convoluted config, and have gotten ''lost'' in config''ing a SNAT/DNAT/NAT + DMZ + Xen Host/Guest set up with Static IP/29. Having some challenges wrapping my head around the ''best'' Shorewall

Hi I''m running on a debian box shorewall-4.5.17. My main gateway is a router running on openwrt and I want to use the shorewall-lite packet provided by openwrt. The openwrt''s provided shorewall-lite packet is 4.5.7. So my questions would be: 1: Do I need to make some modifications before installing shorewall-core-4.5.7/shorewall-4.5.7 on my debian box? 2: if I have both

Dear All, wasn't sure my last question got posted, i decided to re-post with more concise explanation of the problem i'm facing. I have samba PDC (version 3.0.14a) working fine before with smbpasswd backend. a few weeks ago, we decide to move to mysql backend since we have email server with mysql backend as well. I'm trying to use one username and password for both email and samba

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hello List! I got a small (50mbits or so) application layer ddos attack against a few name servers (thousands of IPs sending lots of bogus A record requests - weird) - one of the name servers was behind a shorewall firewall. That firewall was running a 2.6.18-194.11.1.el5 kernel and shorewall-4.4.11.1-1. I noticed that the shorewall host had ksoftirqd using 100% of the CPU during the

Beta 3 is now available for download. http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-Beta3 ftp://ftp.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-Beta3 New Features: 1) Beginning with Shorewall 4.0.0, the -f option was no longer the default for ''/etc/init.d/shorewall start''. Beginning with 4.0.13 and 4.2.0-Beta3, this is also