similar to: new Shorewall + strongSwan blog

Hi all Firewall is Linux SLES8 kernel 2.4.21-278-default with 2 interfaces, fixed IP addresses on LAN and Internet (INT, WAN), NAT from LAN to INT (Masquerading-SNAT). Shorewall is v2.2.2. I am trying to allow access from LAN to Internet for all workstations EXCEPT for some of them. Default policy is REJECT LAN to INT traffic, so rule created in /etc/shorewall/rules is: ACCEPT

Hi all I need to create following rule (described): All connections from any zone going to server 80.1.1.1 on port 210 in zone DMZ should be redirected to that same IP in same zone but on port 200 So basically for all zones I want to redirect requests for port on server to different port on same server. None of the examples i found in documentation, FAQ or mailing list cover this particular

Hi Guys, Just need some guidance regarding AD across sites. We have two sites, siteA and siteB. Until about a month ago both sites were running NT4 domains, separate domains but with the same names, let's say thedomain. We classicupgrades siteA to AD and now need to migrate siteB to AD. The sites are connected with a WAN link We think ,the steps involved will be the following -

I need to replicate MySQL DB of mulltiple server on SiteA to my DR-Site Site_B... all DB are alocated on RHEL,SuSE,Centos,Debian, FreeBSD servers. I need a script to take Multiple MySql DataBase Backup and then import to SiteB, the replica can be done as cold or hotbackup and cron it Thanks -- Madunix_at_Gmail Sysadmin "Computers are useless. They can only give you answers" - Pablo

Hi all We are planning to upgrade Dovecot from production version 1.0.10 to latest version 1.2.9 Users are using maildir style mailboxes with ~20 GB of messages on SLES10 server. Upgrade will be done by installing new server and then migrating mailboxes from old on new server. Since dovecot-uidlist file have new format and index files have changed in v1.1, what must be done to have new

Good Day list, I have a friend who is interested in implementing an asterisk implementation at his offices. The configuration would consist of the following Site A ---- Asterisk Box With 12 incoming lines and 15 phones Extensions 101-115 Site B ---- Asterisk Box With 4 incoming lines and 7 phones Extensions 201-207 Site C ---- Asterisk Box With 4 incoming lines and 6 phones

Hi all Hi everyone Shorewall 3.2.6 and OpenSWAN 2.4.4-18.2 are on SLES10 machine with public fixed IP address on Internet interface. I am trying to establish IPSEC VPN tunnel to network behind D-Link DI-804HV VPN router who is on dynamic IP address. For this I am using dyndns.org alias on DI804 side. Shorewall is stopping all packets comming from DI804 whey trying to establish tunnel. Log on

Hello, Consider the following; You have a number of sites, all controlled by puppet. You have identified which files that are common to every host, and then which files are common to any particular site. Finally, you have the files which are private to the node in question. What I was wondering was if it would be possible to have some sort of directory hierarchy which has some kind of

HI, I had read from the rsync man page on transferring files using the user's numeric id and gid. I have a user which resides on 2 remote sites, having the same user names, but different uid and gid on both sites. I'm transferring the files as a root user. site A site B ----------------------------------------------- usr_A usr_A uid = 100 uid = 200 file1(usr_A)

First, background information. We are a large (geographically local) organization with 50 sites, including our HQ. Each site has a Debian Server running Samba in NT-Domain Controller mode. Each site is independant of the next, but are all named <SITE>.example.com. The workstations are connected, and working fine in our sites with the single servers. We had a recent network upgrade that now

Let''s say I have two different geographic sites. They are pretty much identical ie. each site has a machine called web1 which is a web server, etc. Except there are couple site-specific settings ie. outgoing DNS servers are different, SSL certs are different etc. On the puppetmaster I can put in a file called e.g. /etc/sideid which would uniquely identify a site ie. siteX or siteY.

First, background information. We are a large (geographically local) organization with 50 sites, including our HQ. Each site has a Debian Server running Samba in NT-Domain Controller mode. Each site is independent of the next, but are all named as a 3- or 4-character site code <http://example.com>. The workstations are connected, and working fine in our sites with the single servers. We had

I''m a newbie attempting to get a custom fact distributed to clients. I''ve followed the instructions at http://reductivelabs.com/trac/puppet/wiki/AddingFacts and based my first fact on a simple recipe. I''m having at least one problem and possibly more. 1) Puppet/facter fails to load the custom fact, complaining that "non- sh interpreters are not currently

Dear R-community, I started using R to control yield and output from different factories by production week. A typical example is below. Location Week ShippedWafer SortedWafer UnsortedWafer WaferYield GoodDie A 47 9 4 5 0.476 -12 B 40 5 5 0 -0.3262 -9 B 48 2 1

All, I have a simple question and a complicated reason for asking: Is it possible to change asterisk's source port for outbound IAX2 connections? I've tried using "sourceaddress" to no avail. I can set it to: proper.ip.of.box:4569 or 0.0.0.0:4569 and it works as expected. But if I try to set it to: proper.ip.of.box:5000 or 0.0.0.0:5000 it fails around line 8536 in

> > If rpm is configured for _that_ location of log files, I would remove the > repository this rpm comes from from configuration and will remember to > never-never ever use that repository for anything. > > Just my $0.02 > Yeah I completely get where you're coming from there. However it's not an RPM from a repo. I downloaded the rpm from the appdynamics site itself.

Hi, I''ve been successfully using shorewall in our K12 school since the 2.x days initially on Mandrake and now on Debian. Because of that my config has got quite complicated. The firewall has a working MultiISP setup with four interfaces (I''ve renamed them with udev to easy their identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers (the one on dnt-if) is a DSL

Beta 1 is now availablew for testing. Problems Corrected: 1) Previously, the Shorewall and Shorewall6 install.sh scripts did two things wrong with respect to the /etc/shorewall[6]/routes file: - The existing file was unconditionally removed. - A skeleton file was not installed when SPARSE was not set in the shorewallrc file. Additionally, the installer would remove

Beta 1 is now availablew for testing. Problems Corrected: 1) Previously, the Shorewall and Shorewall6 install.sh scripts did two things wrong with respect to the /etc/shorewall[6]/routes file: - The existing file was unconditionally removed. - A skeleton file was not installed when SPARSE was not set in the shorewallrc file. Additionally, the installer would remove

I''m experiencing a problem with masquerade downloads saturating my internet connection. I''ve implemented an IFB and now am looking into flow keys. Although I''ve read the documentation, I''m not sure I have this right. Can someone help? /etc/shorewall/params: MID_IF=eth0 MID_IF_TC=1 INET1_IF=eth1 INET1_IF_TC=2 INET1_IFB_IF=ifb0 INET1_IFB_TC=3 Note: MID_IF