similar to: Routing problem with 2 "wan" interfaces

I am a newbie to linux and shorewall. I am reading the shoreall quickstart guides. I am a bit confused about the following statement: ----------- quote -------------- The firewall has two network interfaces. Where Internet connectivity is through a cable or DSL "Modem", the External Interface will be the ethernet adapter that is connected to that "Modem" (e.g., eth0) unless you

Hi all, hi Guus, in july 2004 i received an e-mail from you concerning the way a packet takes across a (tinc)vpn: > They are forwarded from eth0 to tap0, but the kernel doesn't know that > tinc is forwarding them from tap0 to ippp0. So, the UDP and TCP > packets that tinc sends will be seen by the OUTPUT chain instead of > the FORWARD chain. At the other end, the received UDP

Hi, I am wondering if it is possible to do the following with shorewall. I operate a network with some additional IP''s that are SNAT''d to various server machines on my network. One of my machines is a Terminal server. I need to be able to RDP to various servers for clients, that are IP locked for RDP on my PtP address, not the SNAT address of my Terminal server. Can I

snat not working my local ip is aaa.aaa.aaa.aaa asterisk sitting on the internet at ip bbb.bbb.bbb.bbb my firewall''s internal ip is 192.168.0.254 i did snat: iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to aaa.aaa.aaa iptables -t nat -L -v gives: Chain POSTROUTING (policy ACCEPT 23663 packets, 2182K bytes) pkts bytes target prot opt in out source destination 33056

Hi Here is a short description of my network: ppp0 (adsl) ppp1 (adsl) | | | | --------------------- | Router | | Firewall | | MASQUERAD | | DNAT | | | | eth0 | --------------------- | | | ---------------------- |

Hello, I have recently had 'Broadband' (Cable) Internet installed in my house and I have setup the my Linux PC to do Network Address Translation for my Windows PC. This system has worked well with the PPP modem, and I know that a full Proxy server would be better, but at the moment I haven't got the time to set one up etc. This setup worked fine: Modem[ppp0

Hi, i connect to the internet over my eth4 interface using pppoe. The internet always comes on ppp0. I am trying to setup an L2TP/IPSEC VPN and i am reading http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP I notice in the example the interfaces file is given as: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect routefilter loc eth1

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

Hi. The task: 1. There 3 servers and a router with 2 PPPoE connections (let call them: ppp0, ppp1). 2. There are several groups of Inet-clients to be served (Servers, Clients and Club). 3. The task is: - to route Club through the ppp1; - to Servers and Clients through ppp0; (Next is reproduced from memory and may be slightly incorrect) router # netstat -nr Kernel IP routing table

Hello all, I''m writing to the list, because I have a problem setting up my routing that I''m unable to overcome. 1. The situation: +-------------+ +-------------+ | actaea | eth0 | ilex | | 192.168.1.4 |------ localnet ------| 192.168.1.1 | +-------------+ 192.168.1.0/24 +-------------+

Hi folks, i spent my whole day trying to set up my linux router using load balancing with multiple uplinks. I mainly focused on the nano howto, but somewhere I have a big mistake within my head. Basically the load-balancing is working, but not on a per-connection basis - just on a per packet basis. Practically this is not usable of course <g> But as far as I understood it should work..

I''m trying to setup traffic shaping on my linux gateway/router. The system has 3 interfaces: eth0 - My LAN - with IP address 192.168.0.254 eth1 - The ethernet connection to which my ADSL modem is connected. This has a 10.25.x.x IP, more on this later. The ADSL link has an upstream of ~1.2mbit. ppp0 - The PPP connection which is my WAN connection, with a real world IP. The system acts

I''ve applied julian''s paches to a 2.6.14 gentoo kernel with the appropiate options enabled, and i''m using a modified version of the mpath2.sh script also available on julian''s site http://www.ssi.bg/~ja/ Overall everything works nearly perfectly. Incomming connections to either the fios (PPPoE) connection, or cable modem get routed back out correctly. The

i''ve read your http://lartc.org/howto/lartc.rpdb.multiple-links.html article as well as Advanced IP Routing (esp. chapter 10.4) and still unable to make this thing work. am i that helpless? :) is there anyone to guide me through the multiple ISP setup? into details. i got 2 dsl connections from different ISPs (A and B), both connections use PPPoE, both got assigned with dynamic IPs

Hi all, I have the following configuration: _______ +------------+ / diginet link | | | +-------------+ Provider 1 +------- __ | | | / ___/ \_

Hi, I have done this setup to give the machine 192.168.1.4 (masqueraded over dialup) the highest priority: #! /bin/bash WHAT="add" iptables -A PREROUTING -i eth0 -s 192.168.1.1 -t mangle -j MARK --set-mark 1 iptables -A PREROUTING -i eth0 -s 192.168.1.4 -t mangle -j MARK --set-mark 4 tc qdisc $WHAT dev ppp0 root handle 1: prio bands 3 priomap 0 1 2 tc qdisc $WHAT dev ppp0 parent 1:1

Hi, I have a small home LAN, where one machine (192.168.1.1) connects to the internet via dialup (no DSL here) and shares the connection with IP masquerading. To achieve this, I tried out various recipes found on the internet, and finally put this in /etc/rc.d/rc.local: --8<------ rc.local ------------ #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can

I have a very simple setup exactly as described in the HOWTO section " 4.2. Routing for multiple uplinks/providers". One is cable (eth1: dhcp) and the other is PPPoE (ppp0). I used the following commands to configure the routing once all of my interfaces are up and i have configured SNATing for them: ip route add 66.11.173.0/24 dev ppp0 src 66.11.173.224 table 11 ip route add default

hi, I can''t get a freeswan 2.02 ipsec x509 connection at work can somebody help me? ************************************************************************************* global situation ************************************************************************************* the linux gateway (chivas) is a single machine 192.168.1.250 with a local net 192.168.1.0/24, a dyn IP via a DSL

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,