similar to: TPROXY configuration

I''m working on setting up a new router/server/etc. box. I''m using Proxmox as the base system (Debian Lenny basically). I''m trying to figure out the right way to configure Shorewall on it. I''ve looked at some of the bridging info but they seem to all be talking about single-interface setups. Could someone look over my setup and give me some input into the

I have been using shorewall for years with ipsets. I have encountered a problem after upgrading from 4.2.11 to 4.4.10. When I run ''shorewall-check'' or ''shorewall start'', it halts with the error: ---------------------------------------------------------------------- ERROR: ipset names in Shorewall configuration files require Ipset Match in your kernel and

https://bugzilla.netfilter.org/show_bug.cgi?id=1310 Bug ID: 1310 Summary: syntax issue with tproxy Product: nftables Version: unspecified Hardware: All OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1398 Bug ID: 1398 Summary: tproxy rule is not matched for ip6 Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: kernel Assignee: pablo at netfilter.org

Hello, how do achieve this: how must files /etc/sysconfig/network-scripts/ look like to be the same as entering the following two commands ... ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local ::/0 dev lo table 100 is there the localhost device lo correct, or does it have to be br0? e.g. a file route-br0 with 192.168.1.0/24 via 10.10.10.1 dev br0 does the routing to the

I was working on a haproxy transparent proxy setup that we had working on Centos 7 (iptables), but running into issues getting tproxy working with NFTables on Centos 8. >From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, It should be a matter of: # nft add table filter # nft add chain filter divert "{ type filter hook prerouting priority -150; }" # nft add rule

On 10/15/19 9:16 PM, Nathan Coulson wrote: > On 2019-10-15 12:12 p.m., Nathan Coulson wrote: >> I was working on a haproxy transparent proxy setup that we had working >> on Centos 7 (iptables), but running into issues getting tproxy working >> with NFTables on Centos 8. >> >> From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, >> >> It

Hello all, I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ? Thanks Fred

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

In working through an IPv6/TPROXY issue I had, I believe I found a documentation bug: http://www.shorewall.net/manpages6/shorewall6-tcrules.html In the ACTION section, for part 12. SAME: The documentation lists: #ACTION SOURCE DEST PROTO DEST # PORT(S) SAME:P 192.168.1.0/24 0.0.0.0/0 tcp

On 2019-10-15 12:12 p.m., Nathan Coulson wrote: > I was working on a haproxy transparent proxy setup that we had working > on Centos 7 (iptables), but running into issues getting tproxy working > with NFTables on Centos 8. > > From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, > > It should be a matter of: > > # nft add table filter > # nft add

https://bugzilla.netfilter.org/show_bug.cgi?id=1686 Bug ID: 1686 Summary: Transparent proxy support requires transport protocol match Product: nftables Version: git (please specify your HEAD) Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5

trying to deploy puppetdb , puppet server is RHEL 6.1 , [root@puppet ~]# rpm -qa|grep puppet puppetdb-0.9.1-2.el6.noarch puppet-dashboard-1.2.9-1.el6.noarch puppet-server-2.7.17-1.el6.noarch puppetdb-terminus-0.9.1-2.el6.noarch puppet-2.7.17-1.el6.noarch on the clients, got an error for puppetdb , client1 :~ # puppet agent --test err: Could not retrieve catalog from remote server: Error 400

Hi all, I have a hard trouble with my iptables rules. I need to create a netfilter config so that it does not redirect connections from a daemon (like for example a squid proxy) to the original destinations. Searching info about that, some ways to do that include to limit the redirection rules to the incoming traffic interface, another to limit it to a certain range of source IPs or to

My TCP clients connect to box A. I need to forward those connections to a server on box B, such that the original client IPs are visible to the server on B. Each box has two Ethernet ports. One port on each box is connected to WAN, and they are cross-connected in a LAN via remaining ports: ------------------- ------------------- WAN -- |eth0 Box A eth1|---LAN---|eth1 Box

Guys All the recent discussions recently, and the knowledge of a 2.6 port, of WRR has made me very keen on trying it. I had a look at the docs and examples know but my mind is not in a very receptive state. Take this simple example. Incoming internet connection of 1mbps. Shared between up to 25 users simultaneously. I know that WRR can fairly distribute the traffic amongst the currently

>>> Hi all >>> >>> Thanks to Milan I am able to get further with xen and reiser4 >>> >>> - In swap line 6 and 7 status_flags.c >>> >>> #include <linux/bio.h> >>> #include <linux/page-flags.h> >>> >>> >>> - PACKED is redefined, but the definitions are the same, so the gcc >>>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I mean http://users.gurulink.com/drk/transproxy/TransparentProxy.html on "6. Transparent Proxy to a Remote Box." Thanks - -------- Original Message -------- Subject: Squid on remote Box Date: Wed, 16 Mar 2005 17:16:35 +0700 From: Royke K <royke4k@cbn.net.id> To: shorewall-users@lists.shorewall.net How do I configure port

Sir, Kindly excuse me. I am a newbie to LARTC.. I am a small ISP in rural India distributing 1 MB link to 200 people. I have been using rshaper by Alessandro Rubini for shaping. http://freshmeat.net/projects/rshaper/ My kernel is Linux version 2.4.22-1.2115.nptl( Fedora Core 1) Rshaper is very good in controlling incoming bandwidth (from LAN) I use Squid also on this Linux Box.. Right