similar to: iproute2 src/FreeS/WAN

About a month ago, I setup a Windows 2000 native-mode domain, and had a couple of Linux machines join the active directory. I followed the steps outlined in the Samba 3.0 docs regarding winbind/PAM/NSS. The machines joined the domain fine, and 'wbinfo -t', as well as 'wbinfo -u/-g' and 'getent passwd/group' return expected results. Connecting from other Windows clients

I''ve just started to recently look at CBQ and HTB, but I''ve been wondering whether or not something like the following is possible: I''ve got two external links: +--+ | |-----ISP1 |FW| | |-----ISP2 +--+ One link has a bandwidth cap, and the other doesn''t. What I want to do is, punt all outbound traffic out via ISP1

While testing the latest Samba3.0.0beta3, I notice that if I don't specify a password server winbind appears to look it up via DNS, and with two DCs, picks one. However, my krb5.conf specifies a particular Kerberos server (one of the two DCs), and so occasionally, winbind will pick the first DC, and kerberos uses the other. When this happens, I can't seem to connect to any shares on the

As of RC3 and RC4, I've noticed that winbindd's wb_getpwuid function is using the form <FQDN-domain><winbind-seperator><username>, and before, it was simply <NetBIOS-domain><winbind-seperator><username>. The net effect of what I'm seeing is that users which have a UNIX account locally on the samba box and also a domain account are being

I'm hoping someone can shed some light on this one. Ever since beta3 I've been unable to get wbinfo to work properly. I finally worked around it today, and it seems that with the disable netbios = yes parameter in my smb.conf file, I get no results. Commenting out that parameter seems to work fine. It looks like the DNS queries for DCs is unsuccessful without NetBIOS enabled. I'm

Hi guys! I hope somebody can help me with my problem: We have a server running dovecot and proxying IMAPS connections to our internal network. This worked so far very good until we upgraded the server to a new SUSE Linux version and with it dovecot from version 1.0.3 to 1.1.7. My guess is that something changed in the way dovecot reads the user file as the configuration stayed the same:

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my

All, I have my * box NAT'd with all ports forwarded that are SIP related (based on Wiki). I also have nat=yes, externalip=WAN address of firewall, internalip=LAN network of *. I have my Xten soft phone on a PC which is NAT'd behind firewall with ports forwarded. I have also followed instructions on Wiki for Xten. I can authenticate fine, and sip show peers shows my extension is OK,

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

Hi, still trying to understand one thing. I would definitely like to tell iptables to accept all packets coming from remote vpn only if they hit the $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working, looks like ipsec0 device doesn't exist or it is not recognized. I red on the Openswan users list, that Linux kernel 2.6 native ipsec don't create ipsec* interface (if I am

I am attempting to create an ipsec tunnel between two CentOS 5.1 systems, network-to-network with two different 192.168.xxx.0/24 LAN segments. I have gone through the documentation on the centos web site, and have the machines to the point where the /var/log/messages show ``IPsec-SA established'' on both machines after runnig ``ifup ipsec0'' (same ipsec0 on each machine). IP

I just got the list confirmation and noticed it''s text only email so here it is again in plain text. Below is the oringal message. Hi all, I am really struggling with this one, I have built a lot of linux machines using IPSEC tunnels and shorewall gateways. I decied to build a new test machine with Debian running 2.4.25 and Shorewall 2.0.15. I have two subnets on their own switches and

I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0 Linux gateway machine. I have one working tunnel defined, all works well. I am not clear how to define mutiple concurrent tunnels. I can not add further interface entries as all the tunnels come in on ipsec0, do I still have mutiple zone definitions? some of the tunnels will be dynamic roadwarriors and as such would need a

Hi, I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear FVS318. When trying to initialise the connection - ifup ipsec0 - I get the error: RTNETLINK answers: Network is unreachable This would lead me to believe shorewall is blocking ipsec. My config is below. The output of ''shorewall status'' is attached. Any help in pointing out if I''ve

I am new to Shorewall and FreeSwan, please excuse my ignorance I was wondering if someone could help me. I had help getting my FreeSwan running with the following iptables commands: iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j ACCEPT iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j ACCEPT If I manually run this FreeSwan works, however I am not sure

Hi. I am trying to force some traffic that goes to address 203.7.93.94 through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use the same shorewall and freeswan). I have successfully set up a tunnel between the two network (using a point to point topology, not hub). I added a static routing that redirect

Hi list, I am trying to create a VPN between two different locations. On the first location we have a cisco pix 525 Natting the internal 192.168.100.x network, while on the second location we have a Centos3 box Natting via iptables the internal 192.168.10.x netowrk. My goal is to connect this 2 over the internet via IPsec. I created the IPsec Net2Net via the network configuration graphic

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, been awhile since I''ve written. I now have a situation where I get to use traffic shaping for a client. ~ We implemented the WonderShaper script on our own firewall and experienced no problems. I made some modifications to it to add IPSec protocol packets into the 1:10 high priority class using the u32 filter. ~ So far on our