similar to: neighbor table overflow

Hi, Trying to figure out why I cannot get access to dell.com Their site is up because I can browse using a different firewall. Trying to find out where the logs are located and what log files it would write to if it were to deny browsing to a website. I can see the [UNREPLIED] when using the shorewall status. Was hoping to know what logfile it is writing it to. Thanks in advance, Elmer

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hello everybody, sorry for bothering you, but after some hours, I''m stuck. I''m living in a student''s foundation where I want to connect lots of people to a tiny DSL link. We have exactly four types of traffic. We want a really hard PRIO solution (as I promised to someone that group X will only use the link capacity which isn''t used by group Y). I could make a

Alan& Akemi, Would it be possible to get CONFIG_ARPD turned on in the centosplus 6.x kernel? It is required to use opennhrp. See the link below where is was decided to turn it on in Fedora. https://bugzilla.redhat.com/show_bug.cgi?id=502844 -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com

Hi all, I have noticed that the "CONFIG_NETLINK" has been removed since kernel version 2.4.17, does this mean that we cannot use "arpd" with kernel versions 2.4.17 onwards. vishy _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Is the 192.168.1.2 an ip on the router? If yes, you''ll have to mark in OUTPUT, not PREROUTING, also, after you set up the rules and routes, did you an ip route flush cache ? I hope these works On Wed, 21 Jul 2004 20:02:32 -0700, Jens <jens@pacificsun.ca> wrote: > I have a particular problem that has caused me grief for some time now and > even though the answer is probably

Dzien Dobry Is there some error witch iproute2-050929.tar.gz becouse when i compile I don''t get tc I have kernel 2.6.12.3 this is my log with compile # make make[1]: Entering directory `/home/src/a/04102005/iproute2-050929/lib'' gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes -Wall -I../include -DRESOLVE_HOSTNAMES -c -o ll_map.o ll_map.c gcc -D_GNU_SOURCE -O2 -Wstrict-prototypes

what is the limit on the arp cache entires ?! Does someone have very big LANs with linux-routers ? How big ? (i mean flat L2 network, not segmented) I want to know how much can my net can scale ? thanx _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Maybe a strange request, I''ll try to explain this as clearer as I can (forgive my bad english, please :-) ). I''m setting a linux box as a router. My router uses multiple routing tables, so I can address the traffic from specific ip addresses of my lan to distinct ISPs providers (specifying a different default gateway fo r each table), marking packets with iptables

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in

Hi, I have some problems with shorewall, I got disconnected every 10 minutes.. All the connections stops I am using Shorewall version 2.4.0-RC2 and it is running on debian 3.1r0 I can''t seem to find the problem. I hope you can help me with this. i post my log so that you can maby see where the problem is.(i have filtert some ip addresses) /sbin/shorewall show log Shorewall-2.4.0-RC2

Hi there, Let me just start by saying that I am a bit of a Linux newbie, but that Shorewall seems an excellant product. The issue I''m reporting wont stop me from using it, it still does 99% of what I need. Anyway, I have a resonably simple two interface system. My server (HatMannz, P3-900MHz with a RAID-1 array of 80GB IDE drives running Red Hat 9.0) connects to a cable modem via eth1

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi everybody! I''m very happy with shorewall, seems to safe my computer well, a little bit to well. But i''m sure it''s a mistake of mine: I can''t get edonkey working! They say that edonkey needs the following ports enabled: 4665 udp in / out 3665,4665,7665,8665 udp out 4661,4662,4666 tcp in thats what i wrote in the rules file: ACCEPT fw net

I am trying to set up my Shorewall box to forward multicast packets to my local net. I do have some problems with mrouted (see below), but I can join and add routes using smcroute. Multicast works when shorewall is disabled. I got a lot of help from the following. http://lists.shorewall.net/pipermail/shorewall-users/2005-January/016674.html I cannot get the multicast packets to pass the fw when

I''m trying to setup a netem delay with no luck (using iproute2-2.6.8, compilation broke during arpd compile, so I use the tc binary in the tc/ subdir, there''s also a q_netem.so there). kernel is 2.6.8.1, compile with CPU cycle counter as time reference. I was using sch_delay of 2.6.7 happily with something like: tc qdisc add dev eth0 root 1: delay latency 1ms rate 35M now I use:

Hi again, I was just looking around for ESFQ sources, and I see that the main site is down, and only has kernel 2.6.4 patches. Is ESFQ maintained? If so, where can I find patches for 2.6.10? Thanks, -justin _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I have problem getting answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00

Hallo, i have a problem to configure shorewall to enable scanning over the network with sane. The scanner is located at the firewall hosts local interface. Why do i get a "all2all" message and not "loc2loc" Aug 25 14:55:26 router saned[26946]: saned from sane-backends 1.0.11 ready Aug 25 14:55:26 router saned[26946]: check_host: access by remote host: 192.168.0.250 Aug

Hi, I am getting occasional rejected packets like so: Jul 31 09:52:03 firewall kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.10.91 DST=132.147.22.6 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=55364 DF PROTO=TCP SPT=1147 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 Jul 31 09:52:46 firewall kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.10.26 DST=10.9.100.30 LEN=48 TOS=0x00