similar to: OpenVZ & shorewall. Did'nt work acl based on ip range.

Hi all, i have trouble to PXE boot KVM-based (network of Linux-bridge) Virtual Machines: very slow transfer pxelinux.cfg. ====== tcpdump on KVM host system ==== [root at kvm-test01 ~]# tcpdump -i virbr1 | grep -v ssh | grep 10.0.5.187 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on virbr1, link-type EN10MB (Ethernet), capture size 96 bytes 17:57:29.809278

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

Hi all, I am having *massive* problems trying to exclude a single directory from an rsync. I have serv1 and serv2. I am trying to rsync /foo/test from serv1 to /foo on serv2 I want to exclude the directory /foo/test/dir1 So I try: rsync -av --exclude-from=/foo/rsync.excludes /foo/test serv2:/foo rsync.excludes contains: /foo/test/dir1/ This is not working. I also try: rsync -av

Will MultiMaster dsync work fine or will be big problems ? I configured dovecot to dsync from serv1 to serv2 to serv3 and repeat to serv1 to serv2 to serv3 and repeat... When email received to serv2, it will be synced to serv3, and serv3 will sync it to serv1, and serv1 will sync it to serv2 and will stop here because emails matched. What problems can be with this kind of configuration ?

Hi all... I have configure a Shorewall gateway to my little lan im my home. The shorewall work fine here... However, when I try to use Limewire, I can download nothing.... On fact, I can''t get any high connection on Limewire.. What can I do to make Limewire work properly behind a Shorewall gateway???? May be I have to open all port (both tcp and udp), but how? Thanks a lot... Best

Hi, I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it

Hi, I have a simple question. I have my firewall with 2 external Ip and 1 lan. For example ISP1 FW LAN----Mail Server ISP2 Ok, when i DANT the smpt port to my mail server, I can see that the conection in my mail server comes from the external IP of my ISP. I need to change this so the conection to my mail server cames from the LAN IP from my firewall Is this possible?

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

Hi all, I´m running a server that frecuently needs to open a pptp session with a remote server outside my Company. This server is running behind a Shorewall firewall and I don´t find information in Shorewall web page because there is no information in the link http://www.shorewall.net/PPTP.htm#ClientsBehind Nowadays I can connect this server with the remote one but te session is closed after

Hello - I am a little problem trying to find what dependency I need to up date - This is what I see when trying to install: rpm -Fvh shorewall-* error: Failed dependencies: rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-common-4.2.0-0Beta3.noarch rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-perl-4.2.0-0Beta3.noarch I am using Centos 5.2 with the following RPM

Hi, I have a few questions about the inner workings of netfilter (a graphical layout of my network setup @ https://aequorin.homeunix.net:62389/local/media/network-graph.png) 1) These are the syslog entries for some simple connection tests. Shorewall/netfilter has been set to record all stateful connections SSH is recognized as phys(eth0) -> $FW traffic. This is because PHYSIN is

Is there a way to tell rsync that if it does not have contact with a certain rsync server to continue on to another for file requests? I imagine something like this, where you define two servers as the source... /usr/local/bin/rsync {serv1,serv2}::src dest ...proposing that 1. Should serv1 be down when the sync is originally started, that serv2 be contacted after a timeout. 2. Not so

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi, I am trying something so easy but doesnt work for me. I want to have more than once zone in my lan, for example my lan es 192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs. etc here is my conf: Interfaces: -------------- #ZONE INTERFACE BROADCAST OPTIONS - eth3 detect net eth1 detect norfc1918 net eth0

On by eth1 does nothing, I tried configuring Shorewall and just ignoring it, but Shorewall errors with "Unable to determine the routes through interface ''eth1''", searching high low seems to reveal I am either the first person ever to see this error, or it is so trivially overcome that it is not documented or commented upon anywhere on the internet. I tried all sorts

In the docs at http://www.shorewall.net/Shorewall-perl.html, "Your ipsets must be loaded before Shorewall starts. You are free to try to do that with the following code in /etc/shorewall/start" implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts. In the default /etc/shorewall/start # /etc/shorewall/start # # Add commands below that you want to be

hello helpers, When I follow the instruction to install wine on intrepid ibex (ubuntu 8.10) from this web page: http://www.winehq.org/download/deb when I reload, after key authentication I get this error message: W: GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 71346C8340130828 W: GPG