similar to: Need some help with a new SNAT/DNAT/NAT + DMZ + Xen Host/Guest config.

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

i''m running SW v4.5.14 i''ve created a basic /rules set, referencing a single action: cat /etc/shorewall/rules ############################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

Hi List, I have a new install of CentOS 6.2 and shorewall 4.5.1-2. I usually have no issues with shorewall until now. When I execute < #shorewall start > I get the following error. root@poweredge > /etc/shorewall# shorewall start Compiling... Can''t locate Shorewall/Compiler.pm in @INC (@INC contains: /usr/share/shorewall /usr/local/lib/perl5 /usr/local/share/perl5

Hi, I''ve been successfully using shorewall in our K12 school since the 2.x days initially on Mandrake and now on Debian. Because of that my config has got quite complicated. The firewall has a working MultiISP setup with four interfaces (I''ve renamed them with udev to easy their identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers (the one on dnt-if) is a DSL

Hi, in shorewall version 3.4.8 used this rule to block access to Facebook through port 443 (https): /shorewall/rules: REJECT loc net:69.171.224.12, 69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443 What I did was block the public IP network segment to fitthrough https. Now I use this same rule in version 4.4 and I works already. Has anything changed in this

Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net

Shorewall 4.5.15 3 Interface setup em1 p3p1 p4p4 ppp0 Hi, Since changing to NetworkManger on Fedora 18 I can no longer connect to the DSL Modem, which is connected to Interface em1. When the NetworkManger brings up the interfaces and ppp0, it no longer assigns an IP to em1. If I have ppp0 disabled and NetworkManger brings up the interfaces, em1 gets an IP of 192.168.1.2. Then when I get

Hello List! I got a small (50mbits or so) application layer ddos attack against a few name servers (thousands of IPs sending lots of bogus A record requests - weird) - one of the name servers was behind a shorewall firewall. That firewall was running a 2.6.18-194.11.1.el5 kernel and shorewall-4.4.11.1-1. I noticed that the shorewall host had ksoftirqd using 100% of the CPU during the

----- Mensagem encaminhada por zynkx <skydive@megamail.pt> ----- Date: Tue, 17 Feb 2004 20:25:26 +0000 From: zynkx <skydive@megamail.pt> Reply-To: zynkx <skydive@megamail.pt> Subject: smbspool To: samba@lists.samba.org i am using this command line from a linux client to try to print to my linux samba server with a shared printer, that is printing ok from windows clients. the

Hi, I'm starting to migrate a number of authoritative nameservers on small VMs from bind9 to NSD. At the same time, I'm switching all inits from sysvinit to systemd. Cribbing systemd unit files from Fedora for NSD (http://pkgs.fedoraproject.org/cgit/nsd.git/tree/), they're straightforward enough -- but seem to ignore proper chroot setup/startup. I've poked in current NSD 3x

I've got Samba 2.2.3a running on Debian Linux Kernel 2.4.21 setup as a domain controller. When I try and login to the domain from a Windows XP workstation I get the following message. Windows cannon connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Can anybody think of what is causing this? Any help

In case you haven''t guessed by recent development list traffic, RC 1 is now available for testing. There are no new features since Beta 3 -- Just bug fixes. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car

In case you haven''t guessed by recent development list traffic, RC 1 is now available for testing. There are no new features since Beta 3 -- Just bug fixes. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car

Hi all: I see a lot of the errors below in /var/log/messages on my firewall: Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:49:44 munin kernel: [109128.257509] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:50:44

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

I want to use lastest version of Shorewall in my fresh debian squeeze instalation, so I follow http://www.shorewall.net/Install.htm#Debian but, modify preferences file was not enough for me, I have to modify/add some other files in /etc/apt/ directory: 1.) include testing repo to source.list 2.) add APT::Default-Release "stable"; to apt.conf and pinning all other packages to stable

Hi all, Im new to shorewell, can anyone guide me whether I can use shorewell for my work. I have a requirement in our work: Each system shall have two Ethernet card interfaces(system means hardware devices, servers, clients in other words any device or host used in the project). The IP address of each interface will be of different networks, subnets and gateways completely. Bcoz if one of

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect