Displaying 20 results from an estimated 7000 matches similar to: "KVM and bridge"
2008 Oct 01
2
DNAT Issue
Hi.
Im setting up a web farm test lab. I have a number of machines in the
test last on a dmz zone on network 10.20.30.0.
The test lab firewall has two NICS. One (eth0) has two ip addresses,
eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is
on a private network, 10.20.30.0.
I want to use DNAT to allow test engineers to ssh into the machines in
the web farm. I have
2008 Nov 01
8
OpenVZ & shorewall. Did'nt work acl based on ip range.
Hello all,
It''s my first letter on this list, and, my English is not very well.
Please take me indulgence
for grammar/syntax and over erorrs :))
I have trouble for acl''s of ip range. But, acl for one host (with ip
adress) work fine.
Please help me for make work acl/find erorr in acl.
Becouse I''m new shorewall user, I maked test configuration on Virtual
Mashine
2007 Nov 05
36
please help diagnosing "ip_conntrack: table full, dropping packet"
Hi,
I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time.
But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods.
The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it
2010 Oct 23
0
Shorewall 4.4.14 RC 1
RC 1 is now available for testing.
Problems corrected:
1) All sample .conf files have been changed to specify
FORWARD_CLEAR_MARK=
rather than
FORWARD_CLEAR_MARK=Yes
That way, systems without MARK support will still be able to
install the sample configurations and FORWARD_CLEAR_MARK will
default to Yes on systems with MARK support.
2) The install scripts in the
2010 Oct 23
0
Shorewall 4.4.14 RC 1
RC 1 is now available for testing.
Problems corrected:
1) All sample .conf files have been changed to specify
FORWARD_CLEAR_MARK=
rather than
FORWARD_CLEAR_MARK=Yes
That way, systems without MARK support will still be able to
install the sample configurations and FORWARD_CLEAR_MARK will
default to Yes on systems with MARK support.
2) The install scripts in the
2008 Oct 13
7
Open all from one machine....
Hi all...
I have configure a Shorewall gateway to my little lan im my home.
The shorewall work fine here...
However, when I try to use Limewire, I can download nothing....
On fact, I can''t get any high connection on Limewire..
What can I do to make Limewire work properly behind a Shorewall
gateway????
May be I have to open all port (both tcp and udp), but how?
Thanks a lot...
Best
2010 Dec 02
4
rules with multiple users/groups
Hi All,
I''m using shorewall 4.0.15-1 on debian 5.0.5 and It works fine.
I want to start using rules based on users. This is supported in the
shorewall-rules file, However it seems that each rule can only be
associated with one user or group.
Does this mean that I cannot have a rule apply to several users which
belong to several groups?
Will creating duplicate rules for each user
2010 Nov 23
4
ERROR: Duplicate Host Group
Hello,
This is using version 4.4.11.3 (Debian).
The following error occurs:
ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc :
The configuration is a test config. Commented lines removed to keep
it clear:
# cat zones
fw firewall
loc ipv4
# cat interfaces
loc eth1 -
# cat hosts
loc eth1:10.128.23.34/16
# cat policy
all all ACCEPT
2008 Oct 08
19
transparent proxy
2010 Nov 25
13
VLAN martians
I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart
switch. I see a steady stream of martians in the logfile if I have the
routefilter option set on the loc zone interfaces in
/etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1
and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch.
Is this the expected behavior in
2008 Oct 21
7
DNAT or NAT - QUESTION
Hi, I have a simple question. I have my firewall with 2 external Ip and 1
lan.
For example
ISP1
FW LAN----Mail Server
ISP2
Ok, when i DANT the smpt port to my mail server, I can see that the
conection in my mail server comes from the external IP of my ISP.
I need to change this so the conection to my mail server cames from the LAN
IP from my firewall
Is this possible?
2008 Oct 24
6
routing packet from/to source/destination
Hi all and specially Mr. Tom....
(Please, do not be acid with me please! I am only a newbie, trying learn
more about shorewall)
I get involved with a Firewall Project in a customer here in my city...
In this customer, he has two Internet Providers.
So, he ask me how make certain connection following one routing path (like
RT_1) and others connections type, following the other routing path
2008 Sep 05
5
PPTP Client Behind a Shorewall Firewall
Hi all, I´m running a server that frecuently needs to open a pptp
session with a remote server outside my Company. This server is running
behind a Shorewall firewall and I don´t find information in Shorewall
web page because there is no information in the link
http://www.shorewall.net/PPTP.htm#ClientsBehind
Nowadays I can connect this server with the remote one but te session is
closed after
2008 Dec 05
3
Rate My Dialplan Contest Announced - Win a Phone or Copies of APSTel Visual Dialplan Std or Pro!
We often find ourselves reading through all sorts of contests on the
Internet that never seem to echo our own personal skill set or interests.
Perhaps you've even fantasized about a type of contest with the types of
prizes and goodies that YOU'D actually enjoy. Maybe you've wished there were
something along the lines of a asterisk phone system diagram contest? With
prizes ranging from
2008 Jul 28
4
rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-common-4.2.0-0Beta3.noarch
Hello - I am a little problem trying to find what dependency I need to up
date - This is what I see when trying to install:
rpm -Fvh shorewall-*
error: Failed dependencies:
rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by
shorewall-common-4.2.0-0Beta3.noarch
rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by
shorewall-perl-4.2.0-0Beta3.noarch
I am using Centos 5.2 with the following RPM
2008 Sep 17
10
netfilter + vpn + how/why + etc...
Hi,
I have a few questions about the inner workings of netfilter
(a graphical layout of my network setup @
https://aequorin.homeunix.net:62389/local/media/network-graph.png)
1) These are the syslog entries for some simple connection tests.
Shorewall/netfilter has been set to record all stateful connections
SSH is recognized as phys(eth0) -> $FW traffic. This is because PHYSIN
is
2008 Sep 23
3
Outgoing service always on a certain external address
Hi,
Shorewall version -4.0.12-2 (EL5 rpm version)
OS : Centos 5.2
I have shorewall successfully running on Linux with multi ISP.
Trying to make services such as "rsync, ftp" go through my secondary
ISP. For which I did the following
eth0 : Internal LAN
eth4 : DSL (Second ISP) => x.x
eth5 : T1 (First ISP) => y.y
Created the following entries in
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
Hi. I set, for example, a rule with a host server:
Macro.http accept fw net:www.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall :
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
WARNING: Support for the detectnets interface
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
Hi. I set, for example, a rule with a host server:
Macro.http accept fw net:www.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall :
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
WARNING: Support for the detectnets interface
2008 Nov 07
2
Multiple Zones in the same interface
Hi, I am trying something so easy but doesnt work for me.
I want to have more than once zone in my lan, for example my lan es
192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs.
etc
here is my conf:
Interfaces:
--------------
#ZONE INTERFACE BROADCAST OPTIONS
- eth3 detect
net eth1 detect norfc1918
net eth0