similar to: (no subject)

https://bugzilla.netfilter.org/show_bug.cgi?id=745 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |netfilter at linuxace.com Resolution|

I''ve set up a simple 2-interface Linux router using shorewall-perl 4.0.8 (and upgraded to 4.0.9). Everything works flawlessly. One small exception I have noticed (since I''m a new shorewall user I assume this is probably an error on my part). 1. Problem: With no "logmartians" entries in /etc/shorewall/interfaces, shorewall-perl sets

Hi all: I see a lot of the errors below in /var/log/messages on my firewall: Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:49:44 munin kernel: [109128.257509] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:50:44

https://bugzilla.netfilter.org/show_bug.cgi?id=1766 Bug ID: 1766 Summary: nfqueue randomly drops packets with same tuple Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: major Priority: P5 Component: netfilter hooks Assignee:

I noticed I got a strange connection from what seems to be a user in italy?!? and he connected to my SMB client maybe?? I'm assuming the errors in his logfile ( http://68.48.247.187/log.gustavo.txt ) not finding the service.c file are because he is being denied access.. but how is he connecting in the first place.. And why isnt he being refused by my servers hosts.deny file...? I have

Guys, good afternoon I'm using in my bond interfaces as active backup, in theory, should assume an interface (or work) only when another interface is down. But I'm just lost packets on the interface that is not being used and is generating packet loss on bond. What can that be? Follow my settings bond [root at xxxxx ~]# ifconfig bond0 ; ifconfig eth0 ; ifconfig eth1 bond0

I have a theory on the cause of a problem but it is still only a theory. I wonder if anyone here can confirm. I have a multi-isp configuration with a multi-path default route to each ISP, equally weighted. I am seeing, periodically, traffic dropped due to martian detection and errors logged on inbound traffic, but at other times, that same exact traffic will be allowed, no errors. My

Hi, I have a setup problem with Shorewall 4.0.6, which I can''t figure out why it is not working: I want to install a fireall with 2 extra interfaces : - My serv ("dmz") zone is a /28 subnet behind eth1, with a small number of SUN servers (IPs between ABC.DEF.75.1 and .13), one of which is a DHCP server for the 75 subnet. - The loc zone are PCs in the 75 subnet behind eth2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.11 In addition to correcting several bugs, this version adds the following features: 1) The default Drop and Reject actions now invoke the new standard action ''AllowICMPs''. This new action accepts critical ICMP types:

[ sorry for cross-posting this to newbies and users, but I''m a bit desperate to get this resolved ] This is strange... I had this working before without any problems, and recently we started to have some odd issues. I can''t be sure exactly what has changed as I''m unfortunately not the only person with access to the server. {sigh} The problem is that I pretty much

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

> I'm using something similar to Amazon's VPCs, where a logical group of > instances has a local subnet from the cloud provider. This local subnet > is always 10.0.0.0/24. As there are multiple VPC's, these private local > subnets dont collide. I do not know what Amazon does, and it looks like I do not want to know it :-) Am I correct? web, gateway and backup have NO

Hi, I have a fedora15 x86_64 host with one fedora15 guest running amavis+spamassassin+postfix and performance is horrible. The host is a quad-core E13240 with 16GB and 3 1TB Seagate ST31000524NS and all partitions are ext4. I've allocated 4 processors and 8GB of RAM to this guest. I really hoped someone could help me identify areas in which performance can be improved at both the guest and

Hi I''m trying to monitor my multi ISP shorewall with swping, the script works fine, i can see in log when an ISP is down, the script restart shorewall and /etc/shorewall/isusable is called, however in the swping log after the shorewall restart i see again a route by ISP (even the ISP down), is it normal ? should i not see one route less? shorewall version 4.4.5.4-1. ****

I have been working really hard configuring and researching very extensively, trying to figure why we are getting "Shorewall:FORWARD:DROP" packets. IPSEC works just fine without the iptable rules created by our shorewall configs but when starting shorewall and creating the iptables I noticed the packets are dropped. I know it is a config situation but I am totally racking my brain as

Shorewall 4.5.1.1 I have 5 interfaces on a centos box, the first two are internal on two different subnets, the next two are two different ISP''s and the last one is a private network for testing and administration. The second internal subnet (eth1) is rejecting all the arp requests to it and I get the following in the log files ever second or two - May 16 05:28:54 services kernel:

a.shubnik@btis.by wrote: > Hello Tom! Aleksandr, In the future, please don''t send your Shorewall support requests directly to me. Please see http://www.shorewall.net/support.htm: > I try to start last version of shorewall-4.0.2 under openvz environment > in virtual server and get follow error messages: > > gate ~ # shorewall check > Checking... > >

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

We are seeing the following in our logs: Nov 25 16:21:41 fw kernel: martian source 139.142.66.253 from 10.0.0.199, on dev eth0 Nov 25 16:21:41 fw kernel: ll header: 00:a0:c9:60:0e:b2:00:02:7e:21:0e:dc:08:00 00:a0:c9:60:0e:b2 is the mac of our firewall interface on IP 139.142.66.253. 00:02:7e:21:0e:dc is the mac of our Cisco router on IP 10.0.0.1 10.0.0.199 is a Cisco switch - we have about

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via