similar to: Fwd: Re: [Shorewall-newbies] Shorewall 1.4.8 Debian setup problems

Hi, this is my first message to the list and I want to thank the the autor for developing Shorewall. And now the problem. I''m using version 1.3.13 and I have eth0 (IP a.b.c.d/24) as a public interface. I have an alias on eth0:0 (address a.b.c.e/24) and my dns servce listens on this IP (in this moment the dns is stopped). This is my policy file: #SOURCE... fw all

Hi, I am using linux kernle-2.6.15, iptables-1.4 and bridge-utils-1.4. Everything intslled without any issue and i am able to enable the bridge and traffic is also flowing without any issue. But i did not see any traffic on the iptables forward chain due to which i am not able to control the traffic. Do i requie enable anything more to make the traffic pass through iptables forward chain.

I have obviously done something on my system to cause it to no longer show Shorewall log entries in the syslogs, but for the life of me I can''t figure out what. Let me first give you some details about my config which will hopefully show why I think logging should be working, and perhaps you can tell me why it''s not. I am using version 2.0.9 from the debian sarge package

We switched over from a bordermanager firewall to a shorewall firewall. Some stuff is not working now. I realized that I had not created the route for the network that is not working however once I created it, it still didn''t work. Most of our network is fine however some pieces are not working. [Net] - [Shorewall] - [LAN] - [Cisco] - [Clients and servers not working] The firewall

hello , i''m currently trying to set-up Traffic Shapping with Shorewall and I have strong feelings that I found a bug. I may be mistaken, but I tried everything and can''t get it to work. I''ve turned ON TC_ENABLED=Yes and CLEAR_TC=Yes when i start shorewall ( shorewall start ), i get this message : Setting up Traffic Control Rules... TC Rule "2 eth1 0.0.0.0/0 tcp

Hi all, I some vlan routing problem, I''m using a linux box with an 8021q kernel. I have connect eth2 ethernet controller from linux box to a switch port that carry for vlan tagged as 2 3 4 5, I''m able to connect to the internet from vlan but not to route traffic between vlan, this is the output of ifconfig -a: eth0 Link encap:Ethernet HWaddr 00:A0:24:50:E5:B2

Hello, I am attempting to set an IP-IP tunnel between two PC in a same LAN in order to evaluate the performances of the tunnel (kernel 2.4.26). I read the section of LARTC HowTo about it and it seems simple but i do not succeed in setting it. I don''t find the new_tunnel.o module (cf LARTC HowTo). I found Configure.help a bit confusing : CONFIG_NET_IPIP "Saying Y to this option

I just recompiled a plain vanilla 2.4.28 kernel, and used the Shorewall.net kernel config as a guideline. For some reason, I get this: Nov 30 12:05:34 fw shorewall: Shorewall has detected the following iptables/netfilter capabilities: Nov 30 12:05:34 fw shorewall: NAT: Available Nov 30 12:05:34 fw shorewall: Packet Mangling: Available Nov 30 12:05:34 fw shorewall: Multi-port Match:

I''ve tried with iproute and it works now ! commands for A: ip tunnel add mode ipip tunl1 local IP_A remote IP_B ip addr add dev net1 local virtual-IP_A remote virtual-IP_B ip link set net1 up Same on B. And then from A i''m able to ping virtual-IP_B. It seems one can not use tunl0 as a tunnel name, is it true ? I think it will be a good thing to add to the section 5.2 of the

On Tue, Jan 03, 2006 at 11:28:47AM +0100, <Alpt>: ~> On Sun, Dec 25, 2005 at 11:29:21AM +0100, <Alpt>: ~> ~> The multipath code creates new cached routes. Since ~> ~> after connect the socket is "connected", i.e. saddr and ~> ~> daddr are known and they are always provided when resolving ~> ~> route ~> ~> ~> ~> So, the connected

Hi, I have a problem with GRE tunneling. I read Advanced-Routing HOWTO about this and I did all as is written in this documentation. Even the same example is here which I need for my project. I want create (by means of GRE tunneling or IP in IP tunneling) virtual private network VPN - in first phase without IPsec in other phase with IPsec. I have two local networks distant apart with two routers.

Hello Tom and others on the list. Tom - you might recall that the other day (night) I had problems with my axip setup (protocol 93) and we made some changes to the policy, zones and interfaces files. You added ''peers and tunl+'' Following that change nothing seemed to work. In fact you wanted to see the shorewall status file, among other things. Well - tonight, I carefully put

I am trying to setup GRE between two CentOS 4.5 boxes. I have tried several variations of what''s listed below, but none of them work. box1: modprobe ip_gre ip link set gre0 up ip tunnel add gretun mode gre local 66.1.1.161 remote 66.1.2.161 ttl 20 dev eth0 ip addr add dev gretun 10.253.253.1 peer 10.253.253.2/24 ip link set dev gretun up ip route add 10.2.0.0/16 via 10.253.253.2 box2:

Hello Lartc Mailing List: Been working on something the last week and a half and ALMOST have it working.., just need a few pointers from the wizards on this mailing list to nail it. Ok, my setup is a hub and spoke arrangement, hub is Cisco 2821 with IOS 12.4. Spokes are ruggencom RX1000 routers, Debian based with the following versions installed: rx1000test:~# uname -a Linux rx1000test

Hello, Here is my network: ------------------ ------------- ----------- Linux box ----------- GRE --------- Cisco ---------- ------------------ ------------- What I wan to accomplish. I want ripv2 to go across (both ways) through the GRE tunnel. No packets are being passed thought the GRE

Hi All, As it is written in the "Linux 2.4 Advanced Routing HOWTO" GRE tunneling has some benefits compare to IP-in-IP, on of it benefits is the ability to transport multicast traffic through a GRE tunnel. I used the mrouted daemon and I know that the daemon supports tunneling but I don''t want to use its tunneling method. Assuming I have gre0 as my tunneling device I did the

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my

Hi there, I''m trying to achieve the classic load balancing using the multipath. The gateways are: A (tunl0) and B (tunl1) This is the classical situation covered by the HOWTO: one computer with two Internet connections. The problems come when I try to use the same IPs for both A and B. So A is 10.229.25.8 and B 10.229.25.8. I cannot do otherwise, I''m forced to use the

Hello, I have been maintaining, well watching, no real maintenance yet, the shorewall wiki (http://wiki.rettc.com/wiki.phtml?title=Wiki_Shorewall_FAQ) and though its evolution is slow, there is definitely evolution. Maybe it will become useful yet. I looked at this recent post: http://wiki.rettc.com/wiki.phtml?title=Talk:Port_Forwarding Here someone has requested help for Kazaa. I am sure this

Hello, I have forwarded this to the shorewall-users list. You will find better support for this obscure problem there. Regards, Alex Martin http://www.rettc.com Cristian Valentin Barean wrote: > Hello ! > My name is Barean Cristian, and I have a network of 35 users, on a > Linux Mandrake 9.2 server. > As I was adding more users in my network, I found a problem with