Displaying 20 results from an estimated 6000 matches similar to: "Shorewall and LVS-NAT (via fwmark) nat'd machines can't access the outside world directly"
2008 Mar 30
7
FTP DNAT not working - "Server sent passive reply with unroutable address"
Hi all!
I am a long time lurker, but have not posted until now.
My old trusted firewall machine broke a couple of weeks ago and I replaced it
with a XEN domU that is using DNAT and has two interfaces. The firewall domU and
the FTP server domU are both guests on the same dom0. All three machines are
running Debian/etch (stable) and Shorewall has version 3.2.6.
I can''t get FTP to work
2007 Dec 14
2
Dual ISP
Attempting to setup a dual ISP on a gentoo box but I''m not sure how to
configure the routing in the /etc/conf.d/net configuration file. Does
shorewall do all the routing or do I set just the default route to the
PRIMARY outbound ISP?
Vernon
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net
2007 Dec 14
1
route_rules redirection not working
hi,
I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain
local IPs are directed to a specific ISP in route_rules, and this was
working perfectly. I had to reinstall Mandriva, and after that this
redirection is not working. My files are:
masq:
eth1 192.168.10.3 202.71.146.210
eth2 202.71.146.210 192.168.10.3
eth1 eth0 202.71.146.210
eth2 eth0 192.168.10.3
interfaces:
2007 Dec 18
11
Shields-Up Scan of Shorewall Firewall
Guys,
After i got the port forwarding and everything else
working as per my previous post, i ran a shields-up
scan from grc.com on the firewall, i.e. a scan of the
external interface.
I m a little suprised at the results. On the firewall
i have postfix running ( smtp port 26 ), openssh ( ssh
port 22) and port forwarding of port 85 (on the
firewall ) to an internal host.
The Shields-Up scan
2008 Mar 26
8
Hub/Spoke OpenVPN can't communicate from Client A to Client B - FORWARD:REJECT:IN=tun0 OUT=tun0
Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go:
clienta -> vpn -> shorewall/router -> vpn ->
2008 Jan 10
5
Want to log all ISP traffic to ULOG
I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate
NetFlow information about traffic going through my router. The question
is how to get the logging rules added to the appropriate chains (I''m
assuming eth2_in and eth2_out in my case)? I''m using the perl version
of shorewall 4.0.6.
--
Orion Poplawski
Technical Manager 303-415-9701
2007 Dec 14
6
kernel panic with shorewall
I have an old Pentium II which I use as a gateway and firewall
for a home network. The external interface is a modem on ppp and the
internal interface is ethernet. I have had this setup running
successfully for many years starting with the early 2.x series
Shorewall.
My ISP recently changed my dial-up ''phone number and presumably also
the system at the other end of my modem (they
2008 Mar 28
1
Re: rfc1918
>> Only one remark. Information about 'init' file i found only in
>> releasenotes.txt for 4.1.6 (for setting up 'ifb' module) and i found
>> 'initdone' file in Shorewall config directory and without manfile also.
>> For me not very clearly as it use.
>
> http://www.shorewall.net/shorewall_extension_scripts.htm
On this page i found a
2006 Dec 24
1
Question regarding Split Access description
Hi All,
I''m a big user of the LARTC document but am currently stuck with a question
around section 4.2 (http://lartc.org/howto/lartc.rpdb.multiple-links.html)
in relation to "Routing for multiple uplinks/providers".
I''m wanting to do a similar setup to the diagram where I have - lets just
say for the moment - two uplink providers where I want to route over two
2004 Aug 17
16
Sanity check please !
I am setting to a shorewall system with 4 NIC''s as per the outline
specification below. Can anyone please have a look and let me know what I
have missed and what I have got wrong as I want to take this system live
ASAP but do not want to kill internet access and the hosting for too long !
I have listed below the system outline & have attached the config files that
I have changed, if
2008 Jan 17
7
Netfilter, libpcap, ntop and promiscuous mode?
I have a really basic question (I think). We have two boxes connected
to a lan segment on a hub. One is a Windows box running "Show Traffic",
the other is a CentOS 5 Linux box running "ntop". Both boxes should be
able to sniff all of the traffic on that hub (not a switch).
The Windows box does just fine, Show Traffic is able to display traffic
destined for other boxes
2005 Sep 18
4
Just a simple question (I think)
Hi all,
How do I put a rule in to allow all ports on a single IP..
I''m not masq my network as the firewall is on the router.
I have another firewall internally that I will be removing sometime soon,
but just wish to forward all ports to this firewall (until I can
decommission it).
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether
2013 Sep 06
3
Shorewall OpenVPN, routing back from a LAN
When using shorewall with a road warrior openvpn setup, how can I get the
tun interface to masq through a lan interface?
Example Setup:
Machine A (tun0 10.0.0.1) -----------VPN---------(tun0
10.0.0.2)---------Machine B(10.10.10.1)
When I ping Machine B from Machine B, Machine B is receiving the echo
request, but it doesn''t know the route back to the 10.0.0.0/24, and there
2013 Nov 05
8
Forwarding external traffic to another external server?
I''m trying to use my VPS server (single interface of course) as
somewhat of a VPN gateway to my other location (which is not
accessible directly from some places) where the openvpn server is
running, and am kind of lost as to what to try next.
I tried a redirect rule, but apparently shorewall didn''t like that (it
just failed to start).
I tried adding the rules via
2007 Jul 05
4
Load Balancing , MSN and SSL
HI All ,
I am running a FC6 box with two internet links with load balance . Every
thing is working fine expect the MSN connection that failed and reconnect
every time and SSL connections . I would link to know if with the nona
howto I could fix that .
I have been tried with no success to redirect that connection only to one
link but its look like do not work . Here my configuration :
2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails.
I tracked it down to network traffic with wrong Sourceport in the answer
packet (should be 1300 not 1024):
2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300
Destination port: 1300
3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024
Destination port: 1300
and a collateral entry in the connection tracking table
2007 May 24
2
tc-htb traffic shaping script
Hi,
Is there any tested good HTB script for traffic shaping available like as
that of CBQ available at.
http://freshmeat.net/projects/cbq.init
I am n new bie and need to work on htb.
--
Regards,
M Arman
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
2013 Sep 12
25
shorewall-lite error at start
Hi,
My main gateway is a router running on OpenWrt Barrier Breaker
r37816/ Kernel Version3.10.4.
I installed shorewall-lite from openwrt''s repo using opkg but while
trying to start shorewall-lite I get the folowing errors:
The first error i got was "scp: /var/lib/shorewall-lite: No such file
or directory" simply resolved by making the folder "shorewall-lite"
2003 Mar 20
1
bind blocking rsync
Hi Guys,
Here is the setup.
LVS NAT cluster with director (dir), backup director (bdir), and two
realservers (rs1 and rs2) running apache webserver.
SSH DSA key-based authentication set up between rs1 and rs2 in order to
facilitate automated (via cron) mirorring of htdocs directories. All
works fine untill I decide to host DNS on the same cluster. As soon as I
start BIND on rs1, ssh no longer
2013 Jul 12
3
new Shorewall + strongSwan blog
Hi Tom,
Thanks for the feedback about my Shorewall evaluation
I''ve published a blog today covering general things I''ve observed about
the way to combine Shorewall with strongSwan:
http://danielpocock.com/practical-linux-vpns-with-strongswan-shorewall-and-openwrt
Please let me know if anything is inaccurate or if there is anything
substantial that I missed and I''ll