similar to: Conntrackd and shorewall

I'm using shorewall 3.0.4 with ubuntu dapper. I've compiled the kernel with the option CONFIG_IP_ROUTE_MULTIPATH_CACHED=n. I had a trouble with, pptp connection, I'm trying to connect a using microsoft vpn a vpn server out of my lan, and don't work. My files <providers> ADSL1 1 1 main eth1.600 10.190.1.1 track,balance eth0 ADSL1 2 2 main eth1.601 10.190.2.1

https://bugzilla.netfilter.org/show_bug.cgi?id=1381 Bug ID: 1381 Summary: Conntrackd segfaults when committing external caches Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: conntrack-daemon

Hi all. I currently try to start conntrackd to test it. CentOS release 6.3 (Final) Linux lb1.local 2.6.32-279.11.1.el6.x86_64 #1 SMP Tue Oct 16 15:57:10 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux This is a VirtualBox vm. I try: /usr/sbin/conntrackd -C /etc/conntrackd/conntrackd.conf -d My config: [root at lb1 log]# egrep -v '^\s*#|^$' /etc/conntrackd/conntrackd.conf | less Sync {

hi i''ve not found many hints on shorewall/ucarp/conntrackd topic. i''m sharing this with the list, so that i''m able to search and find it the next time. :) i''ve setup 2 identical systems with shorewall, ucarp and conntrackd in an active/backup way. ucarp just calls ifup/ifdown, all network configuration is maintained in /etc/network/interfaces (Debian),

https://bugzilla.netfilter.org/show_bug.cgi?id=1123 Bug ID: 1123 Summary: conntrackd will not accept connection records into kernel table from another machine Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1445 Bug ID: 1445 Summary: conntrackd: segfaults when not disabling internal cache Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: critical Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1229 Bug ID: 1229 Summary: conntrackd man page "State <policy> {<states list>}" Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Hello, Please see the following picture: http://www.wilson-kwok.com/pptp.jpg I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server, and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server, but I cannot connect from my home to pptp server. Here is the nat file: 210.0.0.1 eth0:2 192.168.0.2 Here is the rules

Hi! The Netfilter project proudly presents: conntrack-tools 1.2.0 This release is a major milestone that includes support for expectation synchronization and the new nfct utility that, by now, only supports the new cttimeout infrastructure. See ChangeLog that comes attached to this email for more details. You can download it from:

Hi. Is anyone using conntrack-tools to implement gateway failover on a network with windows clients? I set it up with ucarp and keepalived, and found that gratuitous ARP doesn''t always seem to update the cache on Windows machines. It works the first time, but if a second failover happens, the client continues to send stuff to the wrong MAC address. Linux machines work fine.

Hi, I have a very simple server setup, using shorewall as my firewall. I have a line like this at the top of my rules file to allow ssh connections, but limited to 3 connection per minute with a burst rate of 3: SSH/ACCEPT net $FW - - - - 3/min:3 - Now when I have that in place, and from a remote machine run scp server:/some/file ., I find

Hi, I''m running mldonkey on same box as shorewall. I follow this http://mldonkey.sourceforge.net/ShorewallConfiguration to open ports for edonkey protocol I add in /etc/shorewall/rules: # eDonkey 2000 ACCEPT net $FW tcp 4662 ACCEPT net $FW udp 4666 but I could not connect to any edonkey server. I check logs and notice that udp traffic on port 4666 is still dropped. Jul 8 22:35:57

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I was previously using multiple providers on my "real linux" gateway which had a kernel that supported high marks and I was policy routing in tcrules. I''ve now moved to openwrt where their kernel apparently does not have high marks. I want to continue to be able to have multiple providers and a) policy route between them and b) be able to set marks for other things like

Hi, I'm trying to build a redundant duo of firewalls/routers/gateways and I'm thinking about not putting any disks in them and instead using a usb-stick raid-1 as storage. Has anyone any experience with this? Since the machines will be running pretty much only iptables, conntrackd and keepalived there is not going to be a lot of disk activity going on and the plan is to do all the

Hi, i wonder if there is any need to install shorewall on a machine located in the dmz zone of shorewaal. ( 3 interfaces example) mess-mate -- You are a fluke of the universe; you have no right to be here. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Hello, Can anyone tell me my shorewall is get hacked ? or local Lan computers got Virus ? please see the following log. http://www.wilson-kwok.com/shorewall.txt Please help --------------------------------- 現在你可輕易阻擋垃圾郵件，立即使用Yahoo! Mail 你就會相信! ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express

https://bugzilla.netfilter.org/show_bug.cgi?id=999 --- Comment #2 from Wolfram Schlich <wolfram at schlich.org> --- (In reply to Pablo Neira Ayuso from comment #1) > Are you sure that your kernel supports CONFIG_NETFILTER_NETLINK and > CONFIG_NF_CT_NETLINK. Yes, pretty sure: --8<-- zephyr ~ # zgrep CONFIG_NETFILTER_NETLINK /proc/config.gz CONFIG_NETFILTER_NETLINK=y

Hello *, I''m trying to setup Shorewall under Ubuntu 7.04 and Xen configured to use network-dummy instead of network-bridge (network-bridge seems to be buggy at the moment under Debian/Ubuntu). Is there a shorewall config example I can use in combination with network-dummy? In particular, with network-dummy there is no peth interface and the bridge include the real eth interface. I