similar to: [ASK]How Many Interfaces Supported?

Hi, I have a client behind shorewall which has 2 IP: 192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP. I have added DNAT rules into shorewall: DNAT net loc:192.168.8.35 tcp 11008 - 1.2.3.4 DNAT net loc:192.168.8.37 tcp 55000 - 1.2.3.5 1.2.3.4 and 1.2.3.5 is virtual IP

OK - I figured out what it is but maybe someone can give an explanation here. If I use he multiple zones configuration I have to do in addition Hosts v3005 vlan3005:0.0.0.0/0 And of course this seems to be very logic since this means all ip´s on the internet. But I am still confused a lot why this is the first time I have to do it after using Shorewall over years without to be forced to say

net dmz:192.168.0.1 tcp 80 I forgot to mention that this should be put to rules file, sorry. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. Februar 2010 17:37 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] Suddenly DMZ can''t access to internet No. For

Hello We are using old version ( shorewall-3.0.7-1) with Centos 5.3 The shorewall has three zones (net / loc / dmz). Loc can access to internet with no problem and can access to DMZ. DMZ can''t access to internet. Net can''t access to DMZ with NAT. I tried to restart the machine / check Lan card / check cable , they were work find. Is it DMZ Lan card problem? but it can

Hey guys, I have a question regarding shorewall and vrf functionality. I have shorewall 3.4.8 and kernel 2.6.24-gentoo-r8 I have tried to use iproute2 (ip route and ip rule) to establish multiple routing tables. The biggest problem seems to be, that I cannot add interfaces such as vlan interfaces to the routing table. My target is that linux takes attention of on which vlan interface

Hi list, is it true that Shorewall is not willing to forward traffic from a source-ip which is not reachable by a static route from Shorewall itself? To say it on another way. If Shorewall´s routing interface is neither connected nor able to reach that source ip does it forward or deny it? So the situation is the following. I send from an ip which is not part of interface nor hosts file. But

Forget about my part to nat file. I was wrong. Try my masq configuration. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. März 2010 00:17 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] NAT Issue Try 1.1.1.198 eth0 172.16.1.23 no no INTERFACE - interfacelist[:[digit]] Interfacees that

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

Hi, I don't have ifcfg-eth1 in my /etc/sysconfig/network-scripts. But when I do ifconfig eth1 I can see output as below. If I do ifconfig eth12 , I don't see anything which i am assume is normal. eth1 Link encap:Ethernet HWaddr 00:24:E8:44:DB:CC BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0

Hi list, I have a shorewall installed on 2 interfaces which also has multiple static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned nat with: 1.2.3.4 eth0 11.22.33.4 no no But then I have a situation where I need 11.22.33.44 to connect to a host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4. How to do it? TIA Willy

Hi, I just add these file rules: DNAT net loc:192.168.8.35 tcp - - 202.158.70.38 DNAT net loc:192.168.8.36 tcp - - 202.158.70.38 DNAT net loc:192.168.8.37 tcp - - 202.158.70.38 And these on file nat: 202.158.70.38 eth0 192.168.8.35 no no 202.158.70.38 eth0 192.168.8.36 no no 202.158.70.38 eth0 192.168.8.37 no no I try to connect to the internet and check the IP and all hosts returns

I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.

Hi All :) I have three servers, all with centos 7 installed 3 days ago. I need on them "old" naming scheme (ethX) for network interfaces, because of that: # grep GRUB_CMDLINE_LINUX /etc/sysconfig/grub GRUB_CMDLINE_LINUX="rd.lvm.lv=centos_node-XY/swap rd.lvm.lv=centos_node-XY/root rhgb quiet ipv6.disable=1 net.ifnames=0" net.ifnames=0 was added and afterwards I ran:

Hi all, First of all I repost this email in shorewall list as there are a lot of firewall experts here that might know what the hell i going on. We have also posted this on the linux bridge list (we needed acceptance first) and leaf list. Very thankful for your understanding. We are experiencing a very strange problem and would need some help. We have a Leaf / Shorewall based box (actually

Anyone know how to get statistics on bonded interfaces? I have a system that does not use eth0-3, rather we have bond0, bond1, bond2. The members of each bond are not eth0-3, rather they are eth6, eth7, etc. I didn't see anything in the man page about forcing sar to collect data on specific network interfaces.

There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks. Willy Mularto sangprabv@gmail.com ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev

Hello Laine: I've revised the configuration and followed all your instructions. I'll try to give you a better explain of my problem. a) I need a bridged (3) configuration, because I have to connect the guests from each others. (via ssh and execute mpi). I've three hosts, each of one has at least a guest. I'll only explain about the configuration of one of them, because the problem

Hi, I have a server and ten clients in a Gigabit network. The server has 125mbps network bandwidth. I want that the server has 40Mbps bandwidth reserved for client 1 (IP 192.168.5.141), and the rest bandwidth is for all other clients. My script looks like this (I use IFB for incoming traffic): #!/bin/bash export TC="/sbin/tc" $TC qdisc add dev ifb0 root handle 1: htb default 30

Dear Sirs, I try to setup a quite complex routing scenario with iproute2, shorewall, bonding and hundrets of vlans as well as a lot of different virtual routing tables. In the past it was often possible to get great support directly by shorewall list but since the routing becomes more complex I do see a need to have a brief consulting by an experienced engineer. Shorewall list recommended me

Hello Guys I have problem with internet bank. I have 2 Internet links balancing mode, thus the bank is charging connection down. I tried to force Internet traffic (port 80 and 443) for only a link, however it did not work. How do I make a setting to force the connection to these ports for a specific link. Note: I can not use the file as route_rules have neither the source IP (ltsp) nor of