similar to: Connection tracking, DNAT, and boot sequence

Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel

Hi! I have a strange problem with shorewall on one of our routers. When i configure a rule like ACCEPT loc:192.x.x.x net tcp 80 this rules will only work if i do a tcpdump -i all port 80 After doing the tcpdump the clientrules works. When i don''t use tcpdump before the connection will be refused. Best regards, Kai.

Hi Tom, After two weeks of nightmares I decided ask You (and anyone reading this mail). Context is as follows: I try to update system on my central router from kernel 2.6.29.6 and Shorewall 4.2.6 (old) to kernel 2.6.31.6 and Shorewall 4.4.4.2 (new). This is LiveCD image boot (Devil-Linux distribution compiled by me), so config is this same. I have established ten OpenVPN tunnels and two

I am attempting to use the Knock.pm from http://www.shorewall.net/ManualChains.html I am not having much luck making the DNAT- knock work for some reason. Anyone else using this on 4.4.4 that can verify if this still works as documented? Thanks ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=471 Summary: UDP stream DNAT problem Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy:

Hi. I''m migrating to shorewall(6) mgmt of my various firewalls. Simple configs have been easy with the great docs. I''ve got a slightly more convoluted config, and have gotten ''lost'' in config''ing a SNAT/DNAT/NAT + DMZ + Xen Host/Guest set up with Static IP/29. Having some challenges wrapping my head around the ''best'' Shorewall

I've been noticing for a while that i've been getting general protection faults in ttm_to_swapout, this time i was printk'ing the virtual addresses. In case it's not obvious, the result of kmap_atomic() is wrong. This is nouveau/linux-2.6 which is somewhere after 2.6.32. I was wondering if anyone has ever seen anything like this? from_virtual ffff88003088b000 to_virtual

I have some hosts in a DMZ zone with proxyarp. In my local zone I have a host to which I DNAT. I have discovered that I can reach the host in the local zone by attempting to connect to the fw (As expected) or ANY proxyarped host in my dmz zone (as not expected). Is this normal ? (I''ve just discovered that actually the dnated host answers to requests sent to any IP routed to my host!)

Hello all, I have been putting together a shorewall firewall together for a couple of days, but have hit a bit of a dead end. I am using Shorewall 3.0.5 Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Available Connection Tracking Match: Available Packet Type

In kernel 2.6.31, the handling of the rp_filter interface option was changed incompatibly. Previously, the effective value was determined by the setting of net.ipv4.config.dev.proxy_arp logically ANDed with the setting of net.ipv4.config.all.proxy_arp. Beginning with kernel 2.6.31, the value is the arithmetic MAX of those two values. Additionally, a ''loose'' routefiltering

I'm having a problem with Verizon Wireless. I would be extremely surprised if I was the only one having this problem. It seems to me that Verizon Wireless might be able to use one of the Special Information Tones to allow us to solve the problem. But I really do not whether my suggestion is compliant with the ITU-T standards. Perhaps someone can give me an expert opinion on whether I

I've dug down as far as I could on www.uspto.gov for anything remotely close to what is going on with Verizon and all searches end with only two possibilities in regards to what is going on. So unless the patent was issued to someone else and Verizon bought it, these are the only two possible patents this case could be based on... US 7,142,646 B2 Voice mail integration with instant

I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m

Hi, I'm having a problem with Verizon Wireless, I'm hoping someone here knows the right way to phrase the trouble report so it gets to someone at Verizon who can solve the problem. We have DIDs that simultaneously ring on voip lines, and Cell numbers. Verizon voicemail is turned off. Every thing works the way it's supposed to, UNLESS one of the cellphones is turned off, or in a

Hi, I HAD Verizon ONLINE. I was ABLE to mount samba served machines from the internet... eg \\strange.dreamhost.com\ from my XP box. I switched to Verizon AVENUE. Now I can't. (When I go through a VPN, though, I am able to mount the directory going around Verizon Avenue's network) I'm thinking this is a port restriction that Verizon Avenue has going on. I'm trying to

Hi Everyone: I've been going through Alan Lenarcic's package tutorial but when I did R CMD SHLIB Xdemo.cc Xdemo_main.cc -o Xdemo.dll I got the following error: XDemo_res.rc:15:38: warning: missing terminating " character XDemo_res.rc:23:34: warning: missing terminating ' character c:\mark\research\Rtools\MinGW\bin\windres.exe: XDemo_res.rc:16: syntax error

Is anyone succesfully running Asterisk behind verizon residential DSL? I seem to be having some problems with my Asterisk server switching to Verizon. I'm attempting to do some troubleshooting, but I'm really interested in knowing of anyone's setup that already has Asterisk working with Verizon residential DSL. Thanks AJ ------------------------------------------------------ This

I just went through an exercise of writing a Perl script called from my Asterisk dialplan to look at a list of area codes and exchanges to determine which ones are local (no or little cost) under my current Verizon plan. I route calls outside of my local limits to Gizmo. It works fine but when I called Verizon to change (lower) my service it was a bewildering spider web of rates structures just in

All, We are in the process of trying to setup our network to use Verizon's SIP "trunking" product. They say that since Asterisk is not on their certified list of approved devices, we need to go through a field trial to get it approved before allowing us to use their service. Where we are at is getting the design approved. We are trying to watch our budget at the same time. We

In speaking to the representative at Verizon, we came to the conclusion that DID numbers were not the correct solution; however we were told by Verizon that they could do something called assign individual numbers to the PRI. What this would in effect do is give us an additional phone number that we would like to route to a specific extension; however unlike the DID number, it would not be