Displaying 20 results from an estimated 800 matches similar to: "VLAN martians"
2010 Dec 02
4
rules with multiple users/groups
Hi All,
I''m using shorewall 4.0.15-1 on debian 5.0.5 and It works fine.
I want to start using rules based on users. This is supported in the
shorewall-rules file, However it seems that each rule can only be
associated with one user or group.
Does this mean that I cannot have a rule apply to several users which
belong to several groups?
Will creating duplicate rules for each user
2010 Nov 23
4
ERROR: Duplicate Host Group
Hello,
This is using version 4.4.11.3 (Debian).
The following error occurs:
ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc :
The configuration is a test config. Commented lines removed to keep
it clear:
# cat zones
fw firewall
loc ipv4
# cat interfaces
loc eth1 -
# cat hosts
loc eth1:10.128.23.34/16
# cat policy
all all ACCEPT
2008 Feb 29
5
shorewall-perl not handling "logmartians" correctly
I''ve set up a simple 2-interface Linux router using shorewall-perl 4.0.8
(and upgraded to 4.0.9). Everything works flawlessly. One small
exception I have noticed (since I''m a new shorewall user I
assume this is probably an error on my part).
1. Problem:
With no "logmartians" entries in /etc/shorewall/interfaces,
shorewall-perl sets
2010 Sep 07
3
Lost Connection 15~20 Minutes after starting Shorewall - Shorewall really culprit?
Hi,
I have recently installed shorewall with a very simple rules configuration,
----------------------------------
#SECTION RELATED
SECTION NEW
Ping/ACCEPT all $FW
Trcrt/ACCEPT all $FW
SSH/ACCEPT all $FW
ACCEPT net $FW tcp http
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
-----------------------------------------
and I have no
2010 Feb 16
3
isusable/swping script
Hi
I''m trying to monitor my multi ISP shorewall with swping, the script
works fine, i can see in log when an ISP is down, the script restart
shorewall and /etc/shorewall/isusable is called, however in the swping
log after the shorewall restart i see again a route by ISP (even the ISP
down), is it normal ? should i not see one route less?
shorewall version 4.4.5.4-1.
****
2010 Oct 21
10
KVM and bridge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM
virtual servers on the default libvrt virbr0 bridge at the default
vnet+ bridge ports. The bridge and ports are on a separate private
subnet (192.168.122.0/24). Each bridge port and the bridge itself are
in the dmz, there are two physical interfaces and private local
subnets in loc, and
2012 Jul 31
11
A lot of kernel martian source messages in /var/log/messages
Hi all:
I see a lot of the errors below in /var/log/messages on my firewall:
Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from 127.0.0.1, on dev eth1
Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from 127.0.0.1, on dev eth1
Aug 1 00:49:44 munin kernel: [109128.257509] martian source 192.168.1.5 from 127.0.0.1, on dev eth1
Aug 1 00:50:44
2011 Aug 25
5
Question About Shorewall Functions
Hello,
My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu
10.04, This installation is for controlling the access into the local
Network, My question is if it is possible to make a conecction WAN to LAN
using Terminal Name?? i have been searching in goolge but i didnt find an
answer!!!!
For example we have IP Public into shorewall with 2 interfaces, and in the
LAN we have 3
2004 Nov 26
5
Martian sources...
We are seeing the following in our logs:
Nov 25 16:21:41 fw kernel: martian source 139.142.66.253 from
10.0.0.199, on dev eth0
Nov 25 16:21:41 fw kernel: ll header:
00:a0:c9:60:0e:b2:00:02:7e:21:0e:dc:08:00
00:a0:c9:60:0e:b2 is the mac of our firewall interface on IP
139.142.66.253.
00:02:7e:21:0e:dc is the mac of our Cisco router on IP 10.0.0.1
10.0.0.199 is a Cisco switch - we have about
2013 Dec 03
5
Multiple ISP + traffic shapping = poor download speed
Hello,
Thanks for the great Shorewall which has replaced my hard to maintain home-made scripts.
First, what works.
Our local network is 10.48.X.X with multiple vlan, each on a dedicated interface. We use Shorewall 4.4.11 from Debian Squeeze.
We have a 2 ISP:
- isp1 : an optical fiber provider with 10 Mbps.
- isp2 : a DSL provider with 15Mbits/1Mbits.
We use isp2 as the default outgoing
2010 Feb 04
10
OpenVPN setup
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''m running Shorewall 4.4.0/Debian Lenny and I''m trying to setup OpenVPN
with a mild degree of success so far.
My ultimate end goal is to basically have an extension of my home lan to
my laptop as well as my wife''s when we are away from home, and have all
of my normal network resources available as if I were sitting at home
2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails.
I tracked it down to network traffic with wrong Sourceport in the answer
packet (should be 1300 not 1024):
2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300
Destination port: 1300
3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024
Destination port: 1300
and a collateral entry in the connection tracking table
2007 Feb 09
26
transient "martian source ..." errors
Hi All,
As you probably all know :-) I''m trying to do the multi-isp thing. I''ve
resolved my last issue with the route_rules as suggested by Tom and
Jerry suggested.
Lately I have been seeing "transient" (I say transient because the
problem will persist for a while and then magically clear itself up some
number of minutes later) situations where my gateway will log:
2003 Feb 03
4
[Bug 40] system hangs, Availability problems, maybe conntrack bug, possible reason here.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 -------
We haven't seen this
2002 Nov 27
7
one dude about rt_tables
Can I add routes to rt_tables by hand with the vi editor?
If I add a route to that file, it will be there if I reboot the box?
I am sure there are stupid questions but I can''t find the answer into the
papers I have here.
Luis Miguel Cruz Miranda.
CCNA - Systems Administrator
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
2014 Sep 17
2
lost packets - Bond
Guys, good afternoon
I'm using in my bond interfaces as active backup, in theory, should assume an
interface (or work) only when another interface is down.
But I'm just lost packets on the interface that is not being used and is generating
packet loss on bond.
What can that be?
Follow my settings bond
[root at xxxxx ~]# ifconfig bond0 ; ifconfig eth0 ; ifconfig eth1
bond0
2004 Feb 26
4
Help! Martians invading through IPSec. :-)
[ sorry for cross-posting this to newbies and users, but I''m a bit
desperate to get this resolved ]
This is strange... I had this working before without any problems, and
recently we started to have some odd issues. I can''t be sure exactly
what has changed as I''m unfortunately not the only person with access
to the server. {sigh}
The problem is that I pretty much
2011 Oct 19
5
Instalation of lastest version of Shorewall in Debian
I want to use lastest version of Shorewall in my fresh debian squeeze
instalation,
so I follow http://www.shorewall.net/Install.htm#Debian
but, modify preferences file was not enough for me,
I have to modify/add some other files in /etc/apt/ directory:
1.) include testing repo to source.list
2.) add APT::Default-Release "stable"; to apt.conf
and pinning all other packages to stable
2011 Oct 25
6
two interfaces with private Ip (rfc1918) on both side and dhcp issue
Hello all,
I''m using shorewall on a linux machine that has two interfaces, eth0
being connected on the internal network (10.10.10.0/24) and eth1 being
connected to the external network.
On eth0 the IP is statically configured to 10.10.10.254 and there is a
dhcp server running for the machines in the private network.
On eth1, the IP is dynamically assigned by my ISP modem that acts as
2004 Jan 30
1
two interfaces - borrowing bandwidth...
Hello...
I have one 2Mbit WAN interfaces and two vlan LAN interfaces - vlan2 and
vlan3. I''d like to limit bandwidth something like this:
rate 1Mbit ceil 2Mbit for vlan2 and
rate 1Mbit ceil 2Mbit for vlan3
with possibility to borrow bandwidth between vlan2 and vlan3.
^^^^^^^^^^^^^^^^^^^
Is it possible to do in any way?
regards,
--
Michal