similar to: 1 zone with multiple interfaces (special case)

Hi, This subject has been brought up in the forum, but it''s a bit different. If I have a set of tun interfaces. I already defined tun+ as zone A, and I have excluded tun15 as zone B (a subset of zone A). I need to add tun16 to zone B. My config: /etc/shorewall/interfaces: A tun+ - routeback B tun15 /etc/shorewall/ A ipv4 B:A ipv4 I tried to define in

Hi, I don''t know any other group of routing gurus like the members of this list, so may be you can give me some hints. I do have a shorewall firewall up and running, openvpn is installed on this server too and is working fine so far except one new situation: I have set up a new local vlan, which I can access from my other local vlans, but not from the opnevpn-vlan. All "old"

Hi, I have setup a IPSEC VPN using Openswan to connect a Draytek router to a CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m getting a problem with packets from the left hand subnet getting masqueraded rather than routed down the IPSEC VPN as though they were going out onto the net. I''ve spent the last day searching Google and so far I''ve hit a

Hello, I''m reading this guide on ipv6 (really just getting my "feet wet"): http://www.shorewall.net/6to4.htm In the section "Configuring IPv6 using my script" I can read that the IPv6 interfaces are: INTERFACES="eth2 eth4" and that correlates fine with the first diagram/figure. However, further down I read "You will notice that sit1, eth0 and eth2

hi who can ever help me out with the shaping of torrent traffic? i have a pptp at ppp0 over eth0 (10.0.0.1/8) i would like to shape outgoing traffic of rtorrent on these two interfaces, assume rtorrent is running at port 6999 need 3mbit for ppp0 and 50mbit for eth0 i supposed: [tcclasses] ppp0 1 2mbit 3mbit 1 eth0 2 20mbit 50mbit 2 [tcrules] 1 0.0.0.0/0 0.0.0.0/0 tcp

First patch ever proposed, if this is the incorrect medium or format please forgive my ignorance and correct me. --- KVM.xml 2009-08-06 16:11:03.000000000 -0500 +++ KVM_new.xml 2009-08-06 16:11:26.000000000 -0500 @@ -82,7 +82,7 @@ <para>With this configuration, and with only a single network interface on the laptop, this is just a simple <ulink -

Hi, I did an update from Red Hat EL 5.3 to 5.4. Everything works so far. May be somewone would like to know.... iptables-ipv6-1.3.5-5.3.el5 kernel-PAE-2.6.18-164.el5 shorewall-4.2.10-3 shorewall-perl-4.2.10-3 Regards, Götz -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reinicke@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof

I''m getting an error when shorewall is trying to add the default routes for my multi-isp configuration. I''ve attached a shorewall dump... If anyone can give some input I''d appreciate it. RTNETLINK answers: Invalid argument ERROR: Command "ip -4 route replace default scope global table 254 nexthop via 67.110.119.245 dev eth3 weight 1 nexthop via 66.29.181.113

Hello list, I'm having troubles setting up a basic calss hierarchy with S4. Here is a simplified schema of what I'd like to do: - Two classes: A and B that extends A - Ensure that the slots added by B are consistent with the slots of A - Let A initialize itself (I'm not supposed to know the internal cooking of A) - By default set the slots of B based on the slots that A initialized

tinc.conf Name = server Device = /dev/tun10 TunnelServer = yes Forwarding = kernel KeyExpire = 86400 tinc-up #!/bin/sh /sbin/ifconfig tun10 up /sbin/ifconfig tun10 inet 10.255.1.1/24 On Wed, Apr 27, 2016 at 5:20 PM, Guus Sliepen <guus at tinc-vpn.org> wrote: > On Wed, Apr 27, 2016 at 05:15:57PM +0800, hshh wrote: > >> >Updated support for BSD tun/tap devices. >> It is

Hi, I had installed squid with ntlm authentication and content filtering from this tutorial: http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch. Next to last point is firewall configuration by ipmasq but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the

Hi Tom and folks, Mandriva is shipping shorewall in its main distribution for some time now. It is built on a custom .spec, but I keep it in sync with latest versions of shorewall package. I heard that there were some issues with Mandriva''s package of shorewall, but it was before I started working on it, and the guys that were maintaining it before are no longer working on it.

Hi, I''ve been working the past 8 hrs combatting DDoS attacks on websites and dedicated servers I host for clients. They''re hitting one specific IP address, but coming from thousands of external IP addresses. I use: shorewall-4.0.10-3.noarch How can I tackle this? I''ve blocked many subnets in the blacklist file but it''s made very little difference. If

Hello, I tried Shorewall for the first time today. I am currently using an up-to-date installation of Debian Sid, which has shorewall 4.2.10, shorewall-shell 4.2.10 and shorewall-perl 4.2.10.1. I noticed that even though I had the following /etc/shorewall/policy file, iptables would still show LOG rules at the end of the INPUT and OUTPUT chains instead of ULOG rules. (Other logging related rules

On Fri, Dec 29, 2017 at 10:32 AM, Kenneth Porter <shiva at sewingwitch.com> wrote: > How do I insert the iptables rule below using firewalld? > > I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to > get OpenVPN working to allow home workers to access PCs at the office. I've > got it all working but only by manually inserting an ACCEPT rule in

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507 Summary: tun99 don't trapped by tun+ Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ip_tables (kernel) AssignedTo: laforge@netfilter.org

Hi, [Summary] There seems to be a bug when using the "+" wildcard notation in the interfaces file, in that rules are not generated in the fwd chain to permit traffic going out an interface with a "+" in it. [Details] The interface entries: loc tun0 detect routeback,newnotsyn loc tun1 detect routeback,newnotsyn loc tun2

Hi, I am trying to reach a Raspberry Pi on my physical LAN (192.168.10.132), via OpenVPN, from the internet. The Internet host is 154.77.x.x. This is also the OpenVPN router, 10.8.0.1. The Pi is on 10.8.0.203. I am trying to reach port 3000 from the internet. >From the CentOS 7 server, I can access the Pi over OpenVPN: root at ns1:[~]$ telnet 10.8.0.203 3000 Trying 10.8.0.203... Connected

I have a join table A_B with columns[a_id, b_id, c_data default 1, d_data default 1]. If I do: @aobj.bobjs.push_with_attributes(@bobj,{:c_data => 0}) I find that the row inserted, has d_data set to 0 and not the default value specified in the database, which is 1. So I am having to explicitly set it using : @aobj.bobjs.push_with_attributes(@bobj,{:c_data => 0, :d_data => 1}). Is this

I''m following the document; <http://flurdy.com/docs/postfix/>, and SSH only By default Shorewall in Ubuntu has an empty set up. You can find the default values for Shorewall in /usr/share/doc/shorwall-common/default-config. And examples in /usr/share/doc/shorwall-common/examples. We will create a basic set up. First configure which network adapters we are accessing the net. cp