similar to: Rules only activ after using tcpdump in promiscuous mode

Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel

Greetings shorewall users, I''m running into a problem and hoping someone might have a simple idea how to fix it. I have shorewall configured on a linux fw with 2 port DNAT rules to an internal server for openvpn from external clients. Everything works fine there. I have a problem when the fw is rebooted however. When it comes back up, interfaces are brought up before shorewall is

Hi Tom, After two weeks of nightmares I decided ask You (and anyone reading this mail). Context is as follows: I try to update system on my central router from kernel 2.6.29.6 and Shorewall 4.2.6 (old) to kernel 2.6.31.6 and Shorewall 4.4.4.2 (new). This is LiveCD image boot (Devil-Linux distribution compiled by me), so config is this same. I have established ten OpenVPN tunnels and two

Hi, I have recently installed shorewall with a very simple rules configuration, ---------------------------------- #SECTION RELATED SECTION NEW Ping/ACCEPT all $FW Trcrt/ACCEPT all $FW SSH/ACCEPT all $FW ACCEPT net $FW tcp http #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ----------------------------------------- and I have no

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

I want to use lastest version of Shorewall in my fresh debian squeeze instalation, so I follow http://www.shorewall.net/Install.htm#Debian but, modify preferences file was not enough for me, I have to modify/add some other files in /etc/apt/ directory: 1.) include testing repo to source.list 2.) add APT::Default-Release "stable"; to apt.conf and pinning all other packages to stable

Hi all, Im new to shorewell, can anyone guide me whether I can use shorewell for my work. I have a requirement in our work: Each system shall have two Ethernet card interfaces(system means hardware devices, servers, clients in other words any device or host used in the project). The IP address of each interface will be of different networks, subnets and gateways completely. Bcoz if one of

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

Can I ask you a quick question? I''ve set up bridge-networking for Xen 4.1 (xen-4.1.3-25.el5.22) and networking was being done properly for Dom0 and DomUs. However, I noticed that Dom0 receives a lot of network interrupts or network packets even when they were not actually meant for either Dom0 or DomU. Now, here are the questions: 1. Dom0 is acting in promiscuous mode, right? 2. If

Hi there -- I want to have eth1 on my system run in promiscuous mode. I modified the /etc/sysconfig/network-scripts/ifcfg-eth1 file to read as follows: DEVICE=eth1 BOOTPROTO= ... ONBOOT= TYPE=Ethernet ... I reboote the system and when I did an /sbin/ifconfig, eth1 appeared without an ip address. I did a check in the /var/log/messages file and while eth0 is in promiscuous mode, eth1 does not

hi @all sometimes after a reboot the complete network is down the difference in the logs shows: in a failed reboot the eth0 does not entering promiscuous mode; in both cases the eth0 gets sucessful its ip configuration via dhcp - any idea ? the nic is a 3com 3c905C-TX/TX-M and the configuration is a suse 9.3 with xen-kernel 2.6.11.4-21.10-xen and xen 2.0.5.c ----------------[ failed reboot ]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and

How can I find out that someone is using it's network card in promiscuous mode in a subnet? Thank you!

Hello all, Playing with Xen on GNU/Debian Lenny, I just discovered that all my virtual network cards are in promiscuous mode by default. Changing that manually does not seems to change anything (that is, everything still works great). Is there any reason to have virtual network cards in promiscuous mode ? And where can I change this default behaviour ? Thanks, JB

Hi, I saw a nice mail about bridging in Xen at http://article.gmane.org/gmane.comp.emulators.xen.user/9538. Can I ask you a quick question? I''ve set up bridge-networking for Xen 3.0and networking was being done properly for Dom0 and DomUs. However, I noticed that Dom0 receives a lot of network interrupts or network packets even when they were not actually meant for either Dom0 or DomU.

Good day. Found strange behavior in PV-domains. Application like tcpdump or iftop require promiscuous mode for interface. And this feature is disabled by default, as I understand. message from iftop: pcap_open_live(eth0): eth0: You don''t have permission to capture on that device (socket: Address family not supported by protocol) As I understand promiscuous:on in other-config for vif

On 03/25/09 12:30, James Carlson wrote: > Girish Moodalbail writes: > >> bash-3.2# dladm show-link >> LINK CLASS MTU STATE PROMISC OVER >> e1000g0 phys 1501 up off -- >> e1000g1 phys 1502 up on -- >> > > That (plus or minus some column alignment) seems

Hi, I am trying to set up a uPnP server on a Linux box (Debian Sarge Stable kernel 2.6.8). uPnP works using multicast packages for locating servers. This does however seem to fail unless I set the relevant NIC in promiscuous mode. If I do so, it works well. I have added ip route add 224.0.0.0/4 dev eth0 and echo 1 >/proc/sys/net/ipv4/ip_forward and the kernel is set up to enable

As a heads up to everyone, VMware requires you to take special precautions when trying to put a virtual nic into promiscuous mode, which is required for Xen networking to work. I spent a fair amount of time diagnosing Xen network problems when it wasn''t Xen at all. As I was just beginning to learn Xen, I was convinced it was something I was doing wrong, when it wasn''t at

Hi List, I''m in the process of setting up softflowd 0.9.9 on a Centos 6.4 system (compiled from source tarball). The daemon will listen to an unused interface that is receiving port mirrored traffic (a.la. Span port) I am planning on using the softflowd init script and sysconfig file provided in the tar ball. Do I need to manually put the unused interface into promiscuous mode, or