similar to: multiple providers and tcrules without highmarks

Displaying 20 results from an estimated 20000 matches similar to: "multiple providers and tcrules without highmarks"

2007 May 25
49
Problem with ssh limit and scp stalling
Hi, I have a very simple server setup, using shorewall as my firewall. I have a line like this at the top of my rules file to allow ssh connections, but limited to 3 connection per minute with a burst rate of 3: SSH/ACCEPT net $FW - - - - 3/min:3 - Now when I have that in place, and from a remote machine run scp server:/some/file ., I find
2007 Jun 05
9
PPTP port forwarding question
Hello, Please see the following picture: http://www.wilson-kwok.com/pptp.jpg I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server, and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server, but I cannot connect from my home to pptp server. Here is the nat file: 210.0.0.1 eth0:2 192.168.0.2 Here is the rules
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \
2007 Jun 18
3
ip_tables: policy match: invalid size 308 != 116
when i start or restart syslog-ng, i''ve above message. Can this be a shorewall or iptables synchro ? mess-mate -- April 1 This is the day upon which we are reminded of what we are on the other three hundred and sixty-four. -- Mark Twain, "Pudd''nhead Wilson''s Calendar"
2007 Jun 27
3
Adding custom iptables rules to shorewall
Hi, I''m trying to add following iptables rules to shorewall: iptables -I INPUT -d 192.168.1.1 iptables -I OUTPUT -s 192.168.1.1 What should I put in my custom action or any ware else? I need these rules for munin accounting. iptables -L INPUT -v -n -x Chain INPUT (policy DROP 5 packets, 260 bytes) pkts bytes target prot opt in out source destination 7175
2007 May 22
5
Shorewall and Xen with network-dummy
Hello *, I''m trying to setup Shorewall under Ubuntu 7.04 and Xen configured to use network-dummy instead of network-bridge (network-bridge seems to be buggy at the moment under Debian/Ubuntu). Is there a shorewall config example I can use in combination with network-dummy? In particular, with network-dummy there is no peth interface and the bridge include the real eth interface. I
2007 Jul 06
8
interop with strongswan / ipsec
I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4
2007 Jun 15
2
Using Proxy ARP inside Xen DomUs
Hello list I''m considering moving shorewall to a xen domu and the using the Proxy ARP method (we use NAT today). Is it possible to have a Proxy ARP firewall inside a domu serving requests to other domus with public IP-addresses placed on separate hardware (not the hardware the domu with the firewall is on) ? I figure that there''s a problem since it''s different bridges
2007 Jul 11
3
Restricting access by time of day in Shorewall?
I''m currently using Shorewall 3.4.1 to manage a firewall for my LAN at home. It works very well, and I''m definitely pleased, but . . . . I now have a situation where I need to enforce access restrictions on a specific computer during specific times of day -- e.g., a particular computer might have no Internet access at all between 10 PM and 6 AM. Is there any way to do such a
2007 May 16
1
www.shorewall.net/ftp.shorewall.net is down
The administrator of the main web/ftp site has informed me that the site is currently down. Until service is restored, you can use: http://www1.shorewall.net ftp://ftp1.shorewall.net Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \
2007 Jul 05
2
Re: [strongSwan] Interop problem Linksys WRV200 with Strongswan 4.1.3 / PSK
Hi Andreas, I don''t know if the WRV200 is running freeswan or openswan. We use the newest US-version of the linksys firmware 1.0.32.2 from 2.5.2007. Another problem is in accessing the vpn-Gateway itself with ssh for instance, I get a freezing windows, whenever I tranfer more than just a few bytes. I can type my login-name and my password, then get a prompt ... but if I call,
2007 Jun 14
1
Conntrackd and shorewall
Hi, I´m trying use conntrackd, shorewall and keepalived. Conntrackd (now know as conntrack-tools) is working ok, keepalived too, but i don´t know how to put some iptables rules in shorewall. eth0 is the local area (192.168.0.0/24) eth1 is the net area (192.168.1.0/24) [1] iptables -P FORWARD DROP [2] iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED - j ACCEPT [3] iptables -A
2011 Mar 28
2
ERROR: Invalid Mark Value (1) with HIGH_ROUTE_MARKS=Yes
Hello, When i restart the firewall when i put the HIGH_ROUTE_MARKS=Yes i can''t restart it, i receive the following message in the logs: 18:17:35 Compiling /etc/shorewall/providers ... ERROR: Invalid Mark Value (1) with HIGH_ROUTE_MARKS=Yes : /etc/shorewall/providers (line 13) My files have: tcrules: empty Providers:New 1 1 main eth0 192.168.1.1
2007 Jun 29
1
ipp2p traffic not rejected
Hi, I''m using following rule in /etc/shorewall/rules REJECT:ULOG:P2P loc net ipp2p:all ipp2p iptables -L : Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ULOG all -- anywhere anywhere ipp2p v0.8.2--ipp2p ULOG
2007 Jul 09
1
Ipsec in Shorewall 4.0.0-RC1
Hi Tom, hi list. I have an issue in in RC1. The Setup works flawlessly with 3.x and with the shelll compiler of RC1, but with the same setup and the perl compiler my IPSEC traffic gets dropped in net2all chain. Attached is a dump, compiled with perl, including some dropped traffic, e.g. SRC=192.168.66.10 DST=192.168.1.2 Did I overlook something in migration process? Alex
2007 May 22
1
Two questions about REDIRECT and iptables chain errors
Hi all, I''ve shorewall 3.2.6-2, kernel 2.4.27, iptables 1.3.6.0debian1-5 on a debian sarge machine. >From yesterday shorewall can''t start anymore and in the shorewall-init.log I''ve this: ERROR: Rule "REDIRECT lan 8081 tcp 80 " requires NAT which is disabled /sbin/shorewall: line 527: 17071 Terminated $SHOREWALL_SHELL ${SHAREDIR}/compiler
2007 Jul 11
1
IPSec Problem / hanging session
Hello Tom, now here''s my dump file as .zip attachment, but named .txt, because the list-server rejected the .zip, then my second try (uncompressed) was rejected because of the size. What I was doing is connecting from remote side of an ipsec tunnel (behind gw 212.168.178.226), from a windows machine with 192.168.246.20 to the firewall-system (remote ip 217.19.188.182 / internal ip is
2007 Jun 13
1
[Fwd: Bug#428647: mss problem.]
Please see enclosed - from the Debian BTS. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
2009 May 29
5
CONNMARK target and connmark match support in Ubuntu kernel
Hi, as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html ), it says "Use of this feature requires that your kernel and iptables include CONNMARK target and connmark match support (Warning: Standard Debian™ and Ubuntu™ kernels are lacking that support!)." it means MultiISP wont work properly if i am using Ubuntu server. if yes whats the