similar to: Shorewall config format

Hello newsgroup, I hope somebody with more routing experience then me can help me with the problem I have. The setup is as described below. A dual internet provider routing, multiple local area networks, and a dmz network with one public and one private ip range. I followed the instructions at lartc.org, and so far everything is working. The default route is via

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

I''ve got a linux machine (fedora core 3) with 4 network cards. I looked at the howto and the only example that is close to what I need to do is section 4.2 on multiple uplink providers. I feel like I''m so close but just can''t get my head around the final part. Here is what I have eth2 and eth4 connect to 2 different isps. I want all connections the come from my dmz

hi all, i saw this message today & am reporting it(as it says) [root@cab1 surfNet]# tail -f /var/log/messages Sep 1 04:02:03 cab1 syslogd 1.4.1: restart. Sep 1 09:35:27 cab1 kernel: HTB: mindelay=500, report it please ! [root@cab1 root]# iptables -V iptables v1.2.6a [root@cab1 root]# tc -V tc utility, iproute2-ss020116 [root@cab1 root]# uname -a Linux cab1 2.4.19-r #2 Sun Aug 25 01:49:24

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

Hi, I have a little problem to setup iproute in my network It looks like this: ---- ----- ------ R1 R2 R3 ---- ----- ------ | | | | | | ------------------------------- ETH1 ETH2 ETH3 ETH0 ETH4 -------------> DMZ ------------------------------ | |

Hi, I am trying to put together a hashing filter based on example provided in LARTC how-to document. I want to link two hashing filters together where first one will use 3rd octet of an IP address as hashkey and second one will use 4th octet as hash key. How do I tell mask the address so that u32 filter uses 3rd octet as hashkey? Venkatesh K _______________________________________________

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in

Hi, in my lan I have two firewall, fw1 is the first and manage inte-vlan routing. Fw2 manage internet and dmz. fw1 and fw2 have an interface (eth4 for both fw2 and fw1) on the same subnet that permit to the host behind fw1 to reach internet, my problem is on fw2: eth4 is the NIC that connect fw2 and fw1, I would''t like masquerading hosts behind fw1, so to eth4 of fw2 arrive all

Ok folks, here goes.. I have been boggling with a problem for the past week, and still haven''t found a solution.. I''m trying to route traffic from two providers through a Linux machine. But that is not the problem. The ISP''s have provided me with a WAN IP class for both of the lines, to be routed into a DMZ where the machines a to respond to their respective

I have been studying Tom''s configuration at: http://www.shorewall.net/myfiles.htm -and- http://www.shorewall.net/NAT.htm I am using SBC as an ISP and also have 5 "real" IP addresses and because of other issues, have to re-do my set-up. If I have a block at .120/29 assigned to me, what SBC does is give you 5 usable addresses, in my case .121 is the SBC modem/router and

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

My sincere apologies to all on this list. After looking for returning packets with tcpdump and not finding ANY I called our provider to confirm our IP assignment. The IP range that I was given by my boss was incorrect. After adjusting the ip assignments, everything is working perfectly. Thank you all for your time in troubleshooting this, and I hope to be able to return the favor at some

Hello, I''m new to Xen (and this mailing-list) and facing some problems with the network. I''m stuck and don''t know how to continue. And Google isn''t very helpful either... My setup: - Ubuntu 7.10 for dom0 and Debian 4.0 for all domU - 4 physical NIC (DHCP from my ISP, internal LAN, DMZ & WLAN) - 1 Dom as firewall/router - 1 domU with internal services

Hi, Please suppose following config: Two external interfaces for two different providers On each of them configured NAT for specific IP addr. ie. 4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100 inet 1.1.1.30/30 brd 1.1.1.31 scope global eth2 6: eth4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc htb qlen 100 inet 2.2.2.66/27 brd 2.2.2.95 scope global eth4 On eth2

Hello, I am attempting a PXE boot between two systems, each with multiple network cards. While there are a total of 8 ports on each computer, only two (each) are connected as follows: Boot Server eth0 - 10GbE fiber channel (private to the set of computers being managed) (Qlogic) eth4 - 1Gb ethernet (public and out of my sphere of management) (NetExtreme II)

http://bugzilla.netfilter.org/show_bug.cgi?id=680 Willie <MidSpeck at hotmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |MidSpeck at hotmail.com --- Comment #8 from Willie <MidSpeck at hotmail.com> 2011-12-16 21:29:19 --- I

Hi all, I have one bridge system (used for controlling bandwidth) connected to three different DSL ISP provider. I have the following setup below: - +-------------+ | br0 | | -> eth1 | -> DSL_1 | -> eth2 | +-------------+ | br1 | | -> eth3 | -> DSL_2 | -> eth4 | +-------------+ | br2 | | -> eth5

Hi! This is another thread of "setting gateway in interfaces file" and while i dont want to create any confusion here, i have decided to open a new thread.(which mean Diamond King no longer a subscriber to shorewall-users) Actually, i turned out not to be the MARK issues. Something is missing and i got this error instead :- Setting up Accounting... Creating Interface Chains...

the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table