similar to: sip/iax problem - udp conntrack entries not getting destroyed

Hello *, a simple question. Is there something similar to iptables-apply in shorewall? ciao, a. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead

Hi, my shorewall is version 4.0.15 on Debian Lenny. I have 3 following interfaces: eth0 net (4mbit/512kbit) eth1 loc (100mbit) eth2 loc (100mbit) I want to shape traffic from net on two lan interfaces like: - default is 2000mbit for each local interface - if is no traffic on eth1 is 4mbit for eth2 (and vice versa) My tcdevices eth0 4000mbit 512kbit eth1 -

Hi, I have a rule: DNAT net dmz:a.b.c.d tcp 25 - k.l.m.n The problem: I want to DNAT port 25, 143, 110 k.l.m.n is alternate public ip (using vrrp, just like alias) Can I abridge the above line using macro, instead of writing 3 separate lines? I can do: MailPorts/DNAT net dmz:a.b.c.d But this refer to the physical public ip I have more elaborate requirement to forward around 20

Hi, I''ve been working the past 8 hrs combatting DDoS attacks on websites and dedicated servers I host for clients. They''re hitting one specific IP address, but coming from thousands of external IP addresses. I use: shorewall-4.0.10-3.noarch How can I tackle this? I''ve blocked many subnets in the blacklist file but it''s made very little difference. If

Hi Here is a short description of my network: ppp0 (adsl) ppp1 (adsl) | | | | --------------------- | Router | | Firewall | | MASQUERAD | | DNAT | | | | eth0 | --------------------- | | | ---------------------- |

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hello, I am trying to set up a PVM (a the moment Ubuntu as guest and Ubuntu server as Dom0). The main issue is that the DomUs can''t get direct net access, because the access is restricted by a DHCP server that also functions as proxy to the outside of the network. The server controls the MAC address and only http is allowed as outgoing connection. So the domUs shouldn''t appear

Hi All, I want to put a ASTERISK BOX bend a Firewall. So I have given below rules. iptables -A FORWARD -p udp -d 192.168.101.30 -m multiport --dports 3478,4569,5060 -m state --state NEW -j ACCEPT iptables -A FORWARD -p udp -d 192.168.101.30 --dport 10000:20000 -m state --state NEW -j ACCEPT iptables -t nat -A PREROUTING -p udp -i eth0 -d 1.2.3.4 -m multiport --dports 3478,4569,5060 -j DNAT

None of my systems can use lld2d to map the network when connected via wireless, but it works fine over the wireful network. the wireless is client -> hostapd -> ath5k -> bridge -> kernel with shorewall handling the bridge and kernel, as best I can explain it. on the bridge is also a wired device and a bunch of other PCs. the wired PCs can all map using lld2d just fine. lld2d

Hello all, I have been doing a lot of archive searching over the last week reading posts on IMQ and it''s apparent stability / instability. I have seen a number of posts about it not being maintained as well. Can anyone talk to me about IMQ''s stability in a heavy throughput environment (20 Mbps) and what was causing IMQ to fail if you know. Thanks, Mike

Not that I''m much of a Solaris guy, and definitely not a Solaris 10 guy, but since nobody else had posted anything yet: http://reductivelabs.com/trac/puppet/wiki/PuppetSolaris#Solaris10 The good news is that it appears to be a completely hands-off puppetd installation. Just sign the client key afterwards on the puppetmaster and you''re set. The bad news is that it''s

<table cellspacing='0' cellpadding='0' border='0' ><tr><td style='font: inherit;'><br> Hi,<br><br> I'm dealing with a problem that the worker nodes that are behind a NAT aren't able to reach outside from time to time. (ie: on a given moment I can ping an address name and immediately after I cannot: "ping:

Hello, I don't know how off the wall this question will be, but first let me say that I've found your buildpkg.sh script very useful in creating an OpenSSH package for use on my Solaris systems. Currently I'm trying to set up a fully automated JumpStart system at my workplace, and I'm realizing that the 'postinstall' script (and possibly some of the other install scripts)

I have just upgraded my jumpstart server to S10 u2 b9a. It is an Ultra 10 with two 120GB EIDE drives. The second drive (disk1) is new, and has u2b9a installed on a slice, with most of the space in slice 7 for the ZFS pool I created pool1 on disk1, and created the filesystem pool1/ro (for legacy reasons). I them moved my data from the original disk0 UFS file system to pool1/ro. Initially I

Hi all, I have 2 ISPs on a Linux router and a local network with one Linux server and many windows. The local network is masqueraded. I want to give access to port 25 and 80 of my server from any incoming request (i.e. from my 2 ISP). I have made a DNAT translation, witch work but the outgoing answers are not routed correctly. Of course, the de-SNAT process is done before the routing process. So

I'm poking through Solaris documentation trying to figure out how to make it installable via our PXE server and, as with many things Solaris, I'm hitting walls of completely foreign procedures and setups. Has anyone managed to do this before? I'm trying to set Solaris 11.3 up.

Anyone have idea how to create ZFS pool and volumes during jumstart instalation ? (I''m using JumpStart Enterprise Toolkit) kloczek

With the release of the Nevada build 90 binaries, it is now possible to install SXCE directly onto a ZFS root filesystem, and also put ZFS swap onto a ZFS filesystem without worrying about having it deadlock. ZFS now also supports crash dumps! To install SXCE to a ZFS root, simply use the text-based installer, after choosing "Solaris Express" from the boot menu on the DVD. DVD download

I was trying to think of a way to set compression=on at the beginning of a jumpstart. The only idea I''ve come up with is to do so with a flash archive predeployment script. Has anyone else tried this approach? Thanks, Chad -------------- next part -------------- An HTML attachment was scrubbed... URL:

Folks; During a jumpstart (2nd boot) of a Sun Fire 240 with Solaris 10 Update 3 (11/06), I noticed the following message; Jun 27 11:43:33 first fbt: NOTICE: cannot instrument return of fd_intr at 7b7d6278: non-canonical return instruction Kernel level was Generic_118833-33. Jumpstart was conducted using the standard JET modules. What gives? The jumpstart worked though. Solaris 10 installed