similar to: DNAT Problem

net dmz:192.168.0.1 tcp 80 I forgot to mention that this should be put to rules file, sorry. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. Februar 2010 17:37 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] Suddenly DMZ can''t access to internet No. For

Hello We are using old version ( shorewall-3.0.7-1) with Centos 5.3 The shorewall has three zones (net / loc / dmz). Loc can access to internet with no problem and can access to DMZ. DMZ can''t access to internet. Net can''t access to DMZ with NAT. I tried to restart the machine / check Lan card / check cable , they were work find. Is it DMZ Lan card problem? but it can

Hi, I have 8 ethernet cards installed. Is it possible to use eth0-eth6 as the net interface for shorewall and eth1 as the lan network? Thanks. sangprabv sangprabv@gmail.com ------------------------------------------------------------------------------

Hi, I just add these file rules: DNAT net loc:192.168.8.35 tcp - - 202.158.70.38 DNAT net loc:192.168.8.36 tcp - - 202.158.70.38 DNAT net loc:192.168.8.37 tcp - - 202.158.70.38 And these on file nat: 202.158.70.38 eth0 192.168.8.35 no no 202.158.70.38 eth0 192.168.8.36 no no 202.158.70.38 eth0 192.168.8.37 no no I try to connect to the internet and check the IP and all hosts returns

------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m running Shorewall 4.4.0/Debian Lenny and I''m trying to setup OpenVPN with a mild degree of success so far. My ultimate end goal is to basically have an extension of my home lan to my laptop as well as my wife''s when we are away from home, and have all of my normal network resources available as if I were sitting at home

Hi list, I have a shorewall installed on 2 interfaces which also has multiple static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned nat with: 1.2.3.4 eth0 11.22.33.4 no no But then I have a situation where I need 11.22.33.44 to connect to a host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4. How to do it? TIA Willy

Forget about my part to nat file. I was wrong. Try my masq configuration. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. März 2010 00:17 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] NAT Issue Try 1.1.1.198 eth0 172.16.1.23 no no INTERFACE - interfacelist[:[digit]] Interfacees that

OK - I figured out what it is but maybe someone can give an explanation here. If I use he multiple zones configuration I have to do in addition Hosts v3005 vlan3005:0.0.0.0/0 And of course this seems to be very logic since this means all ip´s on the internet. But I am still confused a lot why this is the first time I have to do it after using Shorewall over years without to be forced to say

Hey guys, I have a question regarding shorewall and vrf functionality. I have shorewall 3.4.8 and kernel 2.6.24-gentoo-r8 I have tried to use iproute2 (ip route and ip rule) to establish multiple routing tables. The biggest problem seems to be, that I cannot add interfaces such as vlan interfaces to the routing table. My target is that linux takes attention of on which vlan interface

Hi list, is it true that Shorewall is not willing to forward traffic from a source-ip which is not reachable by a static route from Shorewall itself? To say it on another way. If Shorewall´s routing interface is neither connected nor able to reach that source ip does it forward or deny it? So the situation is the following. I send from an ip which is not part of interface nor hosts file. But

I have a working LVS-Setup on CentOS 5.4 with the following settings in sysctl.conf: net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.lo.arp_announce = 2 net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 Now I''d like to use shorewall, but after activating it, shorewall changes both arp_ignore values to 0. I just found out how to set arp_ignore for separate interfaces, but

I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.

Dear Sirs, I try to setup a quite complex routing scenario with iproute2, shorewall, bonding and hundrets of vlans as well as a lot of different virtual routing tables. In the past it was often possible to get great support directly by shorewall list but since the routing becomes more complex I do see a need to have a brief consulting by an experienced engineer. Shorewall list recommended me

I am interested in opinions regarding the use of xinetd versus the use of tcp wrappers. The two programs have similar functionality, but I find xinetd suits my needs better. The biggest problem is the age of xinetd, and AFAIK it is no longer being kept up. Are there any known security issues with xinetd? Another issue is that xinetd makes use of a non-standard inetd.conf layout, but

Does anyone know what triggers the 7970 to update its config? I was able to get it to update to SIP, but the config I used initially won't go away. I am making small changes to the SEPxxx.cnf.xml file and rebooting the phone, the phone is downloading the (TFTP) new config file, but I don't see any change on the phone itself. I've looked at the VersionStamp and incremented that, but

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks. Willy Mularto sangprabv@gmail.com ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev

Which command effects whether or not the * server will lookup a peer from the db even though the phone isn't registered locally? I have several * servers but I want any server to be able to lookup and send a call to phones registered on another server (SIP cluster?). Thanks Tim

Hi, im running shorewall 2.0.16 with centos 3 (iptables v1.2.8), everything is working fine for several days, i have configured a masq lan and all the outgoing traffic is ok, but now i want to redirect (port forward) the external web traffic to an internal machine, somethig like this INTERNET ---------> SHOREWALL -------------------> INTERNAL_MACHINE [public