similar to: How do I configure shorewall to work with VoIP SIP?

I have four-interface Shorewall config set up. The "dmz" interface is bridged with "net" so I can assign public IP''s to the servers in the DMZ. I opted to do this rather than SNAT or ARP proxying because one of the servers runs Asterisk and SIP and NAT don''t always work well together. Somehow, my firewall config is causing a one-way audio problem in

I recently did a set up where I replaced a simple D-link home router that was having trouble processing a T1's worth of bandwidth with a linux machine running iptables. the kernel was 2.6.29-r5 and I chose the SIP connection tracking modules from the menuconfig. Router worked fine for normal traffic, but I was unable to get the SIP phones to work. Using ngrep it was plain to see

Hello, We have a video conference server using tcp and udp 3001 prot in internal, external user said that can''t connect to video server and held on 3001 fail, the following is file configuration, nat: 1.2.3.4 eth1:3 192.168.0.18 rule: video/ACCEPT net loc:192.168.0.18 marco.video: PARAM - - tcp 3000 PARAM - -

Shorewall 3.4.6 running on SuSE Linux 10.2 Compiling Rule Activation... Shorewall configuration compiled to /var/lib/shorewall/.restart Processing /etc/shorewall/params ... Restarting Shorewall.... /sbin/shorewall: line 665: 6782 Segmentation fault $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart got this with V3.4.4, updated to 3.4.6 this morning, but that didn''t help.

Guys, Just a quick check. From what i have read in the shorewall site, intrazone traffic is allowed completely by shorewall i.e. there is no filtering or packet size limiting ,etc,etc. I ask this becos after getting shorewall up and running well, someone has complained that they cannot print pdf files larger than 100k at one go but that they have to print one page at a time. Some details;

Hi Shorewall Users :) I have found shorewall firewall and seems to be interesting. I need to setup a configuration my my network users because i only have 50gb of traffic per month. I want to know if the shorewall can make a 48gb per month limit, but everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count. Can shorewall do that ? -- Sem Mais Rui Oliveira 351 - Portugal

Sorry but what does the ACL mean and its relation to the bindaddr? Regards Bilal > > 30 jan 2009 kl. 16.59 skrev Mike: > > > hI, > > > > Trying to understand how to setup two PRIs in > sip.conf. Using > > Asterisk 1.4.23. > > > > I have a provider giving me two PRI (different rate > centers) through > > SIP. Both PRI comes in from

Hi, I''ve to restart shorewall when my dynamic IP was changed from my ISP. Of course i can with a shell script do it automatically, but the question is still there.. why ? mess-mate -- "I understand this is your first dead client," Sabian was saying. The absurdity of the statement made me want to laugh but they don''t call me Deadpan

Hi. What system or software are you using to show the iptables log files (for example the dropped packages tagged as LOG in the Shorewall rules)? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

Hi, I am one of the developers of the FreeWRT project and I want to give you some feedback. Shorewall runs quite fine on our supported devices, but we need to patch Shorewall to get it running as expected. The problem is the ip command and busybox 1.4.2. Some words about busybox: BusyBox is a multi-call binary that combines many common Unix utilities into a single executable.

Hello, please excuse me if this has been discussed or even solved before, but I could not find it in the archives. I''m in the process of migrating several gateways to shorewall-lite, keeping the configfiles on one central adminstrative machine, basically following the guide at http://www.shorewall.net/CompiledPrograms.html . As I understand it, the local /etc/shorewall directory on the

Hello, My hoster updated its kernel packages... It contained some old problems that should have been fixed. My servers have now a wonderful 2.6.21.5 kernel + grsec running. Both are running Debian 4.0 (stable release). mx:/etc/shorewall# iptables --version iptables v1.3.6 mx:/etc/shorewall# uname -a Linux mx.network-hosting.com 2.6.21.5-grsec-xxxx-grs-ipv4-32 #1 SMP Fri Jul 27 17:18:23 CEST

This mail goes mainly to Tom, as he sent some Laptop configurations files to the list. I checked the files you had sent to the list as answer to [Shorewall-users] Shorewall on a laptop Now - Is there a specific reason why you actually lock/blacklist the following ports ? - udp 1024:1033,1434 - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 These should IMHO be blocked by

Hi, I have the following problem while activating this rule entry using shorewall-shell: ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535 "-m iprange" in front of "--dst-range" is missing in the activation command. The logging entry (above) is set correct. Below is the debug output. Thanks Regards Günter + case $level in +

Mike Lander wrote: > I am building a shorewall box that the last post has the SSH error and > wanted > some feedback from the list if possible. At first I thought the two ISP''s > I > building this > for had two T-1''s with FQ ip''s as it. I have the box built for this ready > to > go. > Now I find out that one of the T-1''s is

I remember to see something about that in shorewall.net some time ago, but I could not find it today ... The case : Debian Etch, Shorewall 3.2.6, squid3 and Apache 2 . The first 3 where already running fine for some time ... Now I need to setup an Apache server to allow some web mannagement, things like PHPsysinfo, phppgadmin, just for internal net, no web access . but port 80 is redirected to

My firewall is using shorewall 3.0.x and CentOS Recently, I found that firewall is attaching from ARP spoofing.. There are a lot of "out of socket memory" in messages log ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and