similar to: Dual-homing BGP gate problem

I have a gentoo 2.6.14 box with 4 nics, LAN/DMZ/PUB1/PUB2 LAN and DMZ have a 1918 /22 each, PUB1 and PUB2 have a /29 each of which 5 ips are assigned. Using the mangle table, I give all packets a mark (according to local policies) in the range 1-10. Using ip rule, i pass marks 1-5 through the pub1 route table, and marks 6-10 through the pub2 routing table. Using the nat table, I SNAT to one

Hi I am having a problem with a DNAT rule where the packets being REJECT''d: DNAT:info net priv:192.168.6.15 udp 5060 With the following appearing in the log: Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT= MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25 DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000

Hi, I am trying something so easy but doesnt work for me. I want to have more than once zone in my lan, for example my lan es 192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs. etc here is my conf: Interfaces: -------------- #ZONE INTERFACE BROADCAST OPTIONS - eth3 detect net eth1 detect norfc1918 net eth0

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

Hi Guys, I am setting a Firewall server up now and would like to know if this setup will actually work. (I think I have thought it through...) (please tell me if I''m wrong....) (Thank You in advance) Firewall : 4 NIC''s (net zone) Nic 1 - eth0 ----> 512/512 ADSL (net1 zone) Nic 2 - eth1 -----> 1.5Mb/256 ADSL (loc - zone) Nic 3 - eth2 ------> to the LAN -

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hi everyone! I''m having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: root@emudar:~# telnet

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

I have added a 4th NIC to my setup, and want to set up wireless. I have stared at the configuration Tom has for the last week, and my eyes are crossing. eth0 "net" goes to my internet connected firewall with a 192.168 address eth1 "loc" goes to my switch connected to local switch also 192.168.x eth2 "work" goes to my office with a 172. address eth3 Trying to

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

hi all, first i wann to explain my network & it''s problem, i am using a redhat el5 for multigateway routing, i have 3 adsl lines which is connected with eth0, eth2 and eth3. eth1 is my local network. those 3 lines comes with adsl modem from same isp with equal bandwidth (512 Kbps). In this adsl modems there is one lan and one wan port, adsl modem''s lan ip is gateway for my

Hi, here my system on shorewall: eth0 192.168.108.1 net eth1 192.168.109.1 dmz eth2 192.168.110.1 loc_110 eth3 192.168.111.1 loc I haven''t access from or to server in loc_110 through shorewall. I can use ssh or other types from loc to dmz or from loc to fw, but I can''t use connections to loc_110. I can also use ssh - connection from fw to loc_110 or redirectly. Where is the

Rowland, Thank you for all your help, I agree that this is not a Samba issue. Given rhat it works without the firewall. It' either a ufw or Windows 8.1 issue. Louis, Applied the rules you suggested to ufw exactly as written. No change. Still cannot connect with firewall enabled. Same error mesage as before "Cannot mount location ...". ufw log set to medium and copied below.

I've been seeing this kind of crap now for some time, and only in the past couple of weeks did I realize I was using the Plus Kernel instead of the normal stock kernel. Could this have something to do with it? Messages also appear mentioning something about a PowerNow K-8, which I thought was something you'd see from an AMD processor, not a quad core intel 64 bit box. Any insight

Here is the ufw.log after enabling logging medium and trying to connect to the windows net. Unfortunately the web Microsoft page is in German. I think it says window uses smb1 syntax. Jan 27 15:11:09 martin-RB042AV-ABA-a1410y kernel: [ 887.241685] [UFW BLOCK] IN=enp2s5 OUT= MAC=00:19:21:a2:11:5e:74:27:ea:ab:1e:e0:08:00 SRC=192.168.254.15 DST=192.168.254.39 LEN=90 TOS=0x00 PREC=0x00 TTL=128

I've been getting LOTS of messages like the below in the daily log, and from all indications, it appears to all be related to the cpu; the machine is just over a year old, and was the old vortex.wa4phy;net server from the downtown co-lo site. Aside from huge log files, and lots of other fluff, numerous problems of other nature have started cropping up. Anyone have any suggestions as to

At the current time I am not subscribed to the mailing list. I have a blacklist that I got from www.peerguardian.net that is rather large ( 81 kb). When shorewall start command is issued it takes about 20 mins for it to load. Is this normal or should I do this another way? Also I noticed something very strange with shorewall .. I have cron do a shorewall restart command every 24 hours and

I'm getting a gazillion of these probes in my firewall logs. I don't understand what's going on here,... These all look like bootp requests from 10.21.72.1, to 255.255.255.255. there's certainly no 10.x.x.x here on this network, and I don't get the destination address... is it possible to send packets out onto the internet addressed like that? whois doesn't turn up

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

Louis, Tried the rules you suggested: These work. I think that rules out any Windows problems. ufw insert 1 allow in on enp2s5 from 192.168.254.15 to 192.168.254.39 ufw insert 2 allow in on enp2s5 from 192.168.254.39 to 192.168.254.15 These do not work. ufw insert 1 allow in on enp2s5 proto tcp from 192.168.254.0/24 to 192.168.254.39 port 139,445 ufw insert 2 allow in on enp2s5 proto udp from