Displaying 20 results from an estimated 9000 matches similar to: "Bridged or routed in a Xen dom0?"
2008 Feb 11
2
OpenVPN traffic will not be routed into network / as DefaultGW traffic ... with 1 NIC
Hello!
I''ve the following set-up
RemoteClient1 (Win Vista), RemoteClient2 (Win XP) do both connect to
my OpenVPN box. They can talk to each other, using their 172.16.1.x
tun0 Address on the server.
The server itself (Ubuntu gutsy, OpenVPN: 2.0.9-8, shorewall:3.4.4-1)
has 1 NIC that connects the machine to
a) a DSL-router (forwards several ports to this linux machine,
including the
2008 Feb 18
4
OpenVPN (bridge) -- is this a shorewall issue?
I am trying to make the following connection:
WindowsXP(OpenVPN-Client)->shorewall->Internet->LinksysWRTG->OpenVPN-Server
...of course the reverse path too.
The OpenVPN server is running in bridge mode.
When the openVPN client is launched it looks like a successful connection is made. The openVPN client
gets assigned an address from the openVPN server pool. The OpenVPN
2007 Sep 11
3
BLocm Amule
Hi peploe, i am new in the list,
i need know, how blocked the Amule/emule in shorewall?
My dist. debian
version: 3.2.6-shorewall
--
.~.
/ v \ Seja Livre, use GNU/Linux!
/( )\
^^-^^
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
2008 Mar 10
2
When starting shorewall its display rfc1981 error
Hello ,
The folllowing is the error problem:
Validating interfaces file...
ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2
The shorewall interface file:
net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians
P.S. I tried to remove norfc1918 from interface
2007 Nov 27
4
L7-Filter
Hi!
How I can use L7-Filter (http://l7-filter.sourceforge.net/) with Shorewall?
Thank you very much!
Bye.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
2008 Feb 25
3
shorewall 4 installation requirements
Are shorewall-shell and shorewall-common required at
compile time even if one only wishes to use
shorewall-perl (4.0.9)?
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
2008 May 30
2
one-to-one NAT on RFC1918 addresses
In my peculiar setup I need my shorewall router to do
one-to-one NAT with RFC1918 addresses.
The "external" addresses are 10.215.0.0 and the
internal addresses are 192.168.0.0.
I can ping, vnc, http, smb from 10.215.144.48 to
10.215.145.237 which is 192.168.44.237 internally.
>From 192.168.44.237 I can do http, rdp, ping to
10.215.0.0 hosts.
So all seems fine except for the fact
2007 Nov 15
3
ip6tables can't initialize ip6tables table filter
Hi list!
I am configuring Shorewall on a Xen domU virtual machine.
I configured only the zones, interfaces, rules, policy and shorewall.conf files.
When I run "shorewall check" there aren''t no problems, but when I try
to start shorewall I get this error a lot of time:
iptables: Invalid argument
ip6tables v1.3.6: can''t initialize ip6tables table `filter'': Bad
2007 Oct 01
1
Can't load nf_conntrack_ipv4
Perhaps it is obvious, but I have googled a lot and couldn''t find an
answer. Is that error message something to worry about?
FATAL: Error inserting nf_conntrack_ipv4 (/lib/modules/2.6.13-15.16-
default/kernel/net/ipv4/netfilter/nf_conntrack_ipv4.ko): Device or
resource busy
I am using OpenSuse 10.0 if that matters.
2008 May 18
1
Checking the configuration before restarting
Greetings,
There is a very old bug report [0] still floating around asking for a
configuration check before restarting on upgrade. While this may not
have been possible in the past, would it be possible now with
Shorewall-perl?
Regards,
-Roberto
[0] http://bugs.debian.org/200573
--
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com
2007 Sep 21
1
Warning: Support for the 'detectnets' interface option to be removed from Shorewall-perl
The ''detectnets'' interface option has always been a rather silly feature.
For incoming packets, it duplicates the function of the ''routefilter''
option. It provides no value on output since it enforces the same thing that
the routing table does. In other words, if you set ''routefilter'' and
''log_martians'' you get the same
2008 May 23
5
Shorewall is eating my Asterisk egress traffic
I have four-interface Shorewall config set up. The "dmz" interface is
bridged with "net" so I can assign public IP''s to the servers in the DMZ. I
opted to do this rather than SNAT or ARP proxying because one of the servers
runs Asterisk and SIP and NAT don''t always work well together. Somehow, my
firewall config is causing a one-way audio problem in
2008 Mar 13
3
Local network access to VPN
Hi,
I have a linux box with vpn client.
shorewall version 3.4.0
I can connect to a remote vpn network with the nortel vpn client.
Can I allow local machines on my network to access remote vpn using
Linux box as a gateway?
Thanks and Regards
Anuj
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges.
2008 May 13
2
ppp interfaces for both loc and net
Hi,
I''m in a process of setting up a firewall system, which is going to be
also an ipsec/l2tp and pptp vpn server for some mobile clients.
The problem is, that the system has two ISPs a cable one (no problems
here) and a DSL provider. Because of the DSL provider the system is going
to have one pppN interface for DSL (net zone) and many pppX interfaces for
l2tp/pptp (loc zone)
2008 Jan 20
2
DNAT net to net (shorewall 3.2.6)
Hello,
On my systems i use shorewall 3.2.6.
Now all systems where replace by new ones with new ip''s.
So i tried with DNAT to map the old ip''s to the new one as long as DNS is
updated.
But i didn''t get it work.
I see in tcpdump that a connect from client-ip to new-server-ip is done
while connection the old on.
But i get no response.
Did i configure something in the
2008 Jun 02
4
Syn Flood Attack to SMTP server
Hello everyone, is a pleasure to be here.
I have a problem with my server, it runs qmail SMTP and protect it with
shorewall. Since yesterday I get syn flood attacks on port 25, which means
that no longer meet. How can I stop this with shorewall?
my setup is as follows.
zones:
#ZONE DISPLAY COMMENTS
net Net Internet
loc Local Local networks
dmz DMZ
2008 Mar 05
2
Shorewall & IFB
Hello Tom!
After i read and analyze some docs about IFB i decide that for implement
this feature in Shorewall not need more efforts (of course i may be wrong).
If we have 'ifb0' device then we must activate ingress discipline on real
device (f.e. eth2) and redirect 'egress' from it to 'ifb0'.
tc qdisc add dev eth2 ingress
tc filter add dev eth2 parent ffff: protocol ip
2007 Dec 27
2
Re: traffic shaping
Hello Chuck!
I have 128kbit/s for 70 computers and if several users
start several FTP/HTTP/Torrent downloads (or one downloads with
several threads) or also open several htmlpages with big content,
for other users remain not very much.
As i hear Squid make traffic shaping on IPaddress base and in
my scenario every user will work in equal borders (as another) for
all his connections.
2007 Dec 28
0
marking and routing (with multi-isp) not working
[ I hope this isn''t a dupe. Evolution crashed on my last send and I see
nothing in my logs that leads me to believe the mail made it out before
the crash ]
Well, it probably is working. I''m probably just misunderstanding
something.
Given routing rules that look like this:
0: from all lookup local
10000: from all fwmark 0x40 lookup CGCO
10001: from all fwmark 0x80
2007 Nov 20
3
Shorewall 4.1.0
I''ve opened up development of Shorewall 4.1.
While I had previously announced that Shorewall 4.1 would focus on IPv6, I
have since learned that the netfilter team are developing ''xtables'', a
unified IP0v4/IPv6 utility. It seems silly to spend the effort to add
Shorewall support for IPv6 only to then have to turn around and convert it
to use xtables. So I''ve