similar to: kernel panic with shorewall

Hi all! I am a long time lurker, but have not posted until now. My old trusted firewall machine broke a couple of weeks ago and I replaced it with a XEN domU that is using DNAT and has two interfaces. The firewall domU and the FTP server domU are both guests on the same dom0. All three machines are running Debian/etch (stable) and Shorewall has version 3.2.6. I can''t get FTP to work

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

Guys, After i got the port forwarding and everything else working as per my previous post, i ran a shields-up scan from grc.com on the firewall, i.e. a scan of the external interface. I m a little suprised at the results. On the firewall i have postfix running ( smtp port 26 ), openssh ( ssh port 22) and port forwarding of port 85 (on the firewall ) to an internal host. The Shields-Up scan

Dear list, Shorewall is running here with 2 ISP''s: ISP1: corporate ADSL-line with fixed set of IP''s ISP2: fast consumer-grade cable-connection with higher bandwidth All our main traffic (web, e-mail) is routed trough ISP1. Only for special purposes (frequent large ftp-transfers) ISP2 is used, configured trough tcrules. ISP2 is not so reliable as ISP1 (duh) and they sometimes

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager 303-415-9701

Hi guys, I''m not sure where to post for help on this one, shorewall or lvs, I''ll start with shorewall (only cause Tom is a gun at this stuff, and is polite enough to tell me to bugger off to the LVS list if I''m posting in the wrong one ;) I have a single box that is my router/firewall/LVS. Internet -- eth0 - router/firewall - eth1 --- internal lan | eth2

Attempting to setup a dual ISP on a gentoo box but I''m not sure how to configure the routing in the /etc/conf.d/net configuration file. Does shorewall do all the routing or do I set just the default route to the PRIMARY outbound ISP? Vernon ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net

hi, I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain local IPs are directed to a specific ISP in route_rules, and this was working perfectly. I had to reinstall Mandriva, and after that this redirection is not working. My files are: masq: eth1 192.168.10.3 202.71.146.210 eth2 202.71.146.210 192.168.10.3 eth1 eth0 202.71.146.210 eth2 eth0 192.168.10.3 interfaces:

>> Only one remark. Information about 'init' file i found only in >> releasenotes.txt for 4.1.6 (for setting up 'ifb' module) and i found >> 'initdone' file in Shorewall config directory and without manfile also. >> For me not very clearly as it use. > > http://www.shorewall.net/shorewall_extension_scripts.htm On this page i found a

Hi. What system or software are you using to show the iptables log files (for example the dropped packages tagged as LOG in the Shorewall rules)? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files

I have a really basic question (I think). We have two boxes connected to a lan segment on a hub. One is a Windows box running "Show Traffic", the other is a CentOS 5 Linux box running "ntop". Both boxes should be able to sniff all of the traffic on that hub (not a switch). The Windows box does just fine, Show Traffic is able to display traffic destined for other boxes

This mail goes mainly to Tom, as he sent some Laptop configurations files to the list. I checked the files you had sent to the list as answer to [Shorewall-users] Shorewall on a laptop Now - Is there a specific reason why you actually lock/blacklist the following ports ? - udp 1024:1033,1434 - tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898 These should IMHO be blocked by

Hello Tom, Sorry, please but i again return to IFB question. If i correct understand in current situation IFB haven't profit from ESFQ in common cases (i mean internal networks masquarading) so as we wait from ESFQ allocates bandwidth fairly per source IP(internal) but IFB don't know internal IPs. If i correct, what do you think what can help IFB to solve its main disadvantage

Hi, i wonder if there is any need to install shorewall on a machine located in the dmz zone of shorewaal. ( 3 interfaces example) mess-mate -- You are a fluke of the universe; you have no right to be here. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Greetings; My syslog is getting 100s of thousands of messages like the following (these are just a sample); (BTW I am running Debian/lenny) > May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 > May 11 12:41:31 gatekeeper kernel:

Hi all, We are trying to upgrade to iptables 1.4.1+ however the ipp2p module now it is included in the xtables-addons modules. In the xtables-addons modules the commad line for ipp2p is changed and the -m ipp2p --ipp2p option is not supported anymore .... instead the maintainer requires that we use -m ipp2p --bit ... -m ipp2p --kaza for each different P2P protocol. as a result shorewall does

Hello, I am doing some tests in my local network to test a GRE tunnel configuration. I can established a tunnel but if I stop send packets trough the tunnel , the tunnel goes down. I need to make ping from one side of the tunnel to the another side to wake up the tunnel. What could be my problem ?? Could be the VirtualBox ?? Thank you!

I give up and need help! I won''t add to the confusion by showing all the combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and FAQ2a many times! When googling the subject of this post there are many answers that boil down to using the same three iptables rules, two of which use nat. I won''t repeat them here. I don''t want to risk mixing

Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts