similar to: GRE Tunnel problems

Hello Tom, Sorry, please but i again return to IFB question. If i correct understand in current situation IFB haven't profit from ESFQ in common cases (i mean internal networks masquarading) so as we wait from ESFQ allocates bandwidth fairly per source IP(internal) but IFB don't know internal IPs. If i correct, what do you think what can help IFB to solve its main disadvantage

Greetings; My syslog is getting 100s of thousands of messages like the following (these are just a sample); (BTW I am running Debian/lenny) > May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 > May 11 12:41:31 gatekeeper kernel:

Hello, The shorewall version is shorewall-3.0.7-1 installed in Centos 5.1 (kernal 2.6.18-53.el5) on March. Number one problem is: I edited the policy file was dmz loc ACCEPT info I could use 3389 remote desktop to loc Windows 2003 server but couldn''t use SSH (22 port) to loc Linux server. Also I tried open that two ports in

. "Saluton", Sorry by my poor english, I speak Portuguese. I does a captive portal using: - shorewall - dhcpd - thttpd (in port 8080) - maradns With Shorewall I use dinamic zones. The initial zone in shorewall is configured to redirects access to internal thttpd port 8080, that shows a login.cgi page. With thttpd I rewrite original url. The apache rewrite is very cool, but thttpd

I have tried to follow the HOWTO''s as best I could to add some traffic shaping to my existing shorewall firewall/router. What I am trying to achieve Top priority to all voip traffic, regardless of sip, iax2 etc. Higher priority for interactive traffic - ssh, http General queue for everything else, but A low priority queue for any ipp2p traffic What I have achieved..... Almost

Hi, 1. We have 20+ VLANs behind shorewall firewall. We would like to distribute the Internet bandwidth to different VLANs having minimumm, typical and maximum values based on IP ranges after NAT e.g., 172.17.4.0/24. What rules need to be created to do so? 2. We also would like to time the access of internet of some of the VLANs, i.e., 172.17.4.0/24 should be allowed to access the internet only

Attempting to setup a dual ISP on a gentoo box but I''m not sure how to configure the routing in the /etc/conf.d/net configuration file. Does shorewall do all the routing or do I set just the default route to the PRIMARY outbound ISP? Vernon ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager 303-415-9701

Hi! Can I create the unnumbered GRE tunnel with iproute2 utility? Can someone provide me a link/howto/example_config how to do it? The topology is one tunnel between two linux boxes: -- eth1-|__|-eth0 <-------------> eth0-|__|-eth1 -- I''m trying now with: ip tu add tun1 mode gre local loc.IP remote rem.IP ttl 255 dev eth0 ip addr add tun1 0.0.0.0 ip link set tun1 up but it

Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ? i''m trying to make both side tunneling with ipip or gre with private address just like belows.. A -------------------FIRWWAL -------------------INET ------------------- B PRIVATE PUBLIC PUBLIC (10.100.0.1) (211.xxx.xxx.xxx) (

Hi Guys, Here is our patch to allow broadcast packets over a GRE tunnel. Hopefully it might be accepted into the source someday. You need to enabled bridging and GRE tunnels in your kernel. No other options are required. The gre patch determines what type of protocol type to put in the GRE header based on the whether the packet is forwarded from a bridge or not. To use the patch: # Create

I am attempting to setup an IPSec protected GRE tunnel with a Cisco router. I believe the IPSec association is up, however I cannot move traffic over the tunnel. It is not clear how to integrate the tunnel interface (gre1) with firewall-cmd; adding the interface to trusted does not appear to 'stick'. [root at aqueduct ~]# firewall-cmd --add-interface=gre1 --zone=trusted The interface

hi, I am running shorewall 3.2.9 on Mandriva2007 with 2 ISPs. Certain local IPs are directed to a specific ISP in route_rules, and this was working perfectly. I had to reinstall Mandriva, and after that this redirection is not working. My files are: masq: eth1 192.168.10.3 202.71.146.210 eth2 202.71.146.210 192.168.10.3 eth1 eth0 202.71.146.210 eth2 eth0 192.168.10.3 interfaces:

>> Only one remark. Information about 'init' file i found only in >> releasenotes.txt for 4.1.6 (for setting up 'ifb' module) and i found >> 'initdone' file in Shorewall config directory and without manfile also. >> For me not very clearly as it use. > > http://www.shorewall.net/shorewall_extension_scripts.htm On this page i found a

I need to send multicast traffic through a GRE tunnel between two Linux routers. The tunnel works for normal IP packets, but I can''t see how to make it work for multicast. Here''s the setup: 10.10.10.0/24 LAN-B--------------RtrB-------------RtrC--------------LAN-C 192.168.2.0/24 192.168.1.0/24 RtrB interfaces: eth0

Hello, I''ve set up a GRE tunnel between two Linux boxes and it''s working well, with or without IPSEC (under GRE). The problem is that when I have no traffic for some minutes, side A cannot communicate to side B any more, unless side B tries to communidate to side A. The same thing happens in the other direction. For example, side A pings side B. No reply. Keep pinging. Side B

Hi All, As it is written in the "Linux 2.4 Advanced Routing HOWTO" GRE tunneling has some benefits compare to IP-in-IP, on of it benefits is the ability to transport multicast traffic through a GRE tunnel. I used the mrouted daemon and I know that the daemon supports tunneling but I don''t want to use its tunneling method. Assuming I have gre0 as my tunneling device I did the

Hi all! I am a long time lurker, but have not posted until now. My old trusted firewall machine broke a couple of weeks ago and I replaced it with a XEN domU that is using DNAT and has two interfaces. The firewall domU and the FTP server domU are both guests on the same dom0. All three machines are running Debian/etch (stable) and Shorewall has version 3.2.6. I can''t get FTP to work

Hi everybody, I want to do the following setup : | | Tun1 - Link 1 | Tun1 | | Router A | teql | INTERNET Link - | | teql |router B | | Tun2 - Link 2 | Tun2 | | This should permit to agregate Link 1 and Link 2 (less the cost of the encapsulation). The two tunnels are GRE ip tunnel. It seems to work fine

/-----------------------\ | | |eth0 |eth0 |-------| |-------| | |eth1 eth1 | | -------- A |____ _______| B |----- | | \ / | | --------| | | --------| | | | |