similar to: Shorewall 2.2.0 RC1

hi, we use openvpn as for our vpn endpoints and we''ve got about 70-80 vpn connections which means we have tun0 - tun80 interface. i''d like to define one zone for all of our vpn connections how can I do that? actualy our local zone is 192.168.0.0/17 (not 16) and all of the vpn''s are in 192.168.128.0/17. our should i define somehow the local zone as 192.168.0.0/16? but in

Hello, I have the following situation : Server with 2 nics 1 nics connected to the internet, 1 connected to the LAN I have OpenVPN running on the system and the following setting in the tunnels file : =================================== openvpn:2000 net 62.58.0.226 openvpn:2001 net 62.58.0.226 openvpn:2002 net 62.58.0.226 =================================== All tunnels ran for weeks

Hello Tom and all, Quick question: Is it possible to operate an OpenVPN server from behind a firewall? Is it as simple as setting it up and placing: DNAT net loc:192.168.10.20 udp 5000 - ipaddress -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v Global IQX is the leader in integrated e-business automation solutions for the group life and health insurance

For some reason, ip_conntrack_ftp & ip_nat_ftp aren''t loading automatically. If I load them manually with modprobe FTP works. Both ip_conntrack_ftp & ip_nat_ftp are listed in the modules file - I haven''t mucked with the order at all, so I assume it''s right. I''m using Mandrake 9.2 but, as recommended, I uninstalled the Mandrake version of shorewall and

Hello I''m hoping you guys can help me figure this out. When I use shorewall clear my windows openvpn client connects perfectly every time. But when I have the shorewall up 90% (not every time) it will connect for about a second and then the connection will reset and that will repeat over and over so i never don''t really get a steady connection at all. I can tell you that

While I have concentrated on support for 2.6 native IPSEC in release 2.2.0, I am still of the opinion that unless you absolutely need IPSEC compatibility that OpenVPN is a much easier (and in the case of roadwarriors, a much better) solution. Having already generated all of the required X.509 certificates, it took me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one using the new

Hi all, I have set up a working OpenVPN2 connection between my Server and my gateway at home. Now I want all traffic to be routed through this VPN connection. Currently everything is going through eth1 to the internet (to the gateway of the University which forwards it to the internet :-). We must use a prox-server and because of this I am not abel to watch the real-Media streams on

hi, i create rule such action.AllowPostGrey: ----------------------------------------------- ###################################################################################### #TARGET SOURCE DEST PROTO DEST SOURCE RATE USER/ # PORT PORT(S) LIMIT GROUP ACCEPT $A_IP $PORTAL_IP tcp 10023 ACCEPT

Hello, I was helping a friend to extend his Shorewall firewall and noticed something strange in the syslog Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.0.1 DST=192.168.0.2 LEN=39 TOS=0x00 PREC=0x00 TTL=64 ID=3021 DF PROTO=UDP SPT=44337 DPT=1503 LEN=19 Anybody got an idea what this can be? -- Groeten, Peter Device response received when none expected. - - Heb je een Dreambox 7000S ?

Hello, My workstation should synchronize its clock on my server but from some reason this is not allowed This is what I get in the log when the client tries to sync with NTP Oct 25 08:25:47 server kernel: Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.0.5 DST=192.168.0.4 LEN=76 TOS=0x10 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=123 DPT=1031 LEN=56 My internal network is eth1 , external is

hi, while all files is owned by nsd user and nsd run as nsd the nsd.db is still owned by root user (because the compiler run as root and create this file as root, ok i know just it'd be better if this file is owned by nsd too). another strange thing is that on the slave nsd i've got such messages: ----------------------------------------- zonec: reading zone "lfarkas.org".

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and

hi, we've a few 10-20 server in a lan each has 4-8 hdd. we'd like to create one big file server on these server hard disks and we'd like to create it in a redundant way ie: - if one (or more) of the hdd or server fails the whole filesystem still usable and consistent. - any server in this farm can see the same storage/filesystem. it's someting a big network raid5-6... storage where

may here someone can answer me... -------- Original Message -------- Subject: Re: [CentOS-announce] Release for CentOS-5.2 i386 and x86_64 Date: Tue, 24 Jun 2008 18:31:20 +0200 From: Farkas Levente <lfarkas at lfarkas.org> To: The CentOS developers mailing list. <centos-devel at centos.org> References: <4860E6EB.5000906 at centos.org> Karanbir Singh wrote: > > We are

hi, in the masq file''s documentation, there is a sentence: "If you have a static IP on that interface, listing it here makes processing of output packets a little less expensive for the firewall." this realy means that SNAT to the primary address is less expensive than a MASQ rules in the netfilter? is this documented anywhere in iptables/netfilter? thanks. -- Levente

On 08/07/2015 01:04 PM, Johnny Hughes wrote: > 6.7 is there most places ... since we have more than 500 external > mirrors (right now 593) not all of them are updated. (looks like > 4% still are not completely updated) what about the src.rpms? it seems http://vault.centos.org/6.7/os/ and http://vault.centos.org/6.7/cr/Source/ is empty and while

Hi, May be it's not clear to everyone.. so this's just a quick notice to everyone. Don't use CentOS 7 as a developer workstation since currently there is not included any developer IDE. As eclipse was pulled out from the main distro and put into Red Hat Developer Toolset (which is imho a good idea not to use a 7 years old IDE). But Red Hat Developer Toolset is still not supported on

hi, after i test nsd i find the following. if i use this in a zone file: $ORIGIN example.com. CNAME www www CNAME x x A 1.2.3.4 then it's excepted by nsd what's more give the proper result. if the slave is nsd than there is no problem, while if the slave is bind i've got the following error:

hi, is dovecot are support all required feature for kolab imap server? the requirements can be found here: http://www.kolab.org/doc/kolabformat-2.0rc3-html/index.html ie. can i replace cyrus-imap with dovecot in a kolab server? thanks in advance. yours. -- Levente "Si vis pacem para bellum!"

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. I am using shorewall. I have NAT on eth0. I have squid running. I am not able to connect to MSN. What are the rules to allow MSN ? Thanks Varun