similar to: setting gateway in interfaces file

Hi! This is another thread of "setting gateway in interfaces file" and while i dont want to create any confusion here, i have decided to open a new thread.(which mean Diamond King no longer a subscriber to shorewall-users) Actually, i turned out not to be the MARK issues. Something is missing and i got this error instead :- Setting up Accounting... Creating Interface Chains...

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

Hello, I tried to find the answer to my problem already but it is a specialised one I think because nothing was found. I previously have a ISP who was very fast ("extreme speed" service from Cable Modem) but that blocked SMTP port and some other for poor non-commercial users... And it gives dynamic addresses so no DNS at home without tricks... So I went to another

Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

I''m having another little problem with my new firewall. I want outgoing port 25 from my mail server to appear on the address 65.223.121.227 so I created the file masq: eth2 192.168.124.18 65.223.121.227 tcp 25 eth1 eth5 eth1 eth3 eth1 eth4 eth1 == net0 == 209.189.103.196/27 eth2 == net1 == 65.223.121.237/28 eth3 == dmz0 eth4 == dmz1 eth5 == loc ==

My need: Considering a Sendmail relay running on the firewall (IP: 200.1.1.1), I need all TCP/SMTP outgoing connections to the Internet appers to be from another ISP allocated external IP (200.1.1.2), not the main FW''s IP. As stated in Docs (http://shorewall.net/shorewall_quickstart_guide.htm#id2485947), I read Setup Guide to try to solve my problem but I cannot figure out how to change

I have a setup with two Internet providers. One circuit (net0 == eth1) is used primarily for employees and tunnels to other sites. The other (net1 == eth2) is for the production machines that customers access. Everythung works in teh sense that packets get to where they are sent (mostly) but I recently I had a sniffer on the system and noticed a problem I cannot solve. traffic coming in

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

Hey all, I''m trying to setup roadwarrior connection to my internal network. So I''ve setup openvpn to create a tap0 connection and also have bridged the eth1 (leads to my internal computers 192.168.2.10-30 and tap0 which is the VPN connection. On my shorewall setup I have br0 maped to zone loc and eth0 to be my internet and I have masqing on my br0 to get my internal computers

I have built a fedora 3 test box that has 4 pptp client vpn''s from my T-1 to a Group of businesses (test environment). The businesses all have pptp vpn concentrators on their ends. The purpose is that all of the businesses will be at an offsite location together for a 3 day sale. I have the box working now with the latest ver of shorewall with two nics on this fedora box eth0 will

Dear list, I have a network of 600 users and im using shorewall as the firewalling system for our Linux gateway. We would like to allow all the users to online by entering the MAC addresses of them. Is it possible for shorewall to handle 600 entries of mac address and how about the performance issues? Please advice. __________________________________ Do you Yahoo!? Jazz up your holiday

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

hi list, oh it''s not really a problem. Each time i fire shorewall, i run a custom iptables script: (for the openvpn machines to have route back from my bridge/fw - $SOURCEIP is the ip of my OpenVPN/Fw/bridge) iptables -A POSTROUTING -t nat -s 10.8.0.0/16 -j SNAT --to-source $SOURCEIP i wish to better integrate it within shorewall, so is there any config files that could achieve the

----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, August 19, 2004 08:06 Subject: Re: [Shorewall-users] Two Links and DNAT > > > > Btw, by "shorewall show nat" I just noticed that I was doing snat only > > for packets comming

Hi Tom (and others) encase you don''t know my network already ;) here''s a quick run down eth0 lan 192.168.1.1/255.255.255.0 eth1 wan1 172.30.7.4/255.255.240.0 eth2 wan2 202.37.230.93/255.255.255.192 eth3 wan3 203.96.213.73/255.255.254.0 I''ve got routes and rules for all the above interfaces :) I want to add another one, however I fear this might cause some issues I have

Hi All, I''m using the Mandrake Linux MultiNetwork Firewall which is a web based interface to the shorewall firewall. I have an internal ip address of 172.25.38.1 which I am try to nat to a public address so that the client pc can ftp to the internet I have add the following in the nat file: 168.10.10.1 eth3 172.25.38.1 No No And this to rules: ACCEPT lan:172.25.38.1 wan tcp

Hello, I have been running Shorewall for quite some time at an ISP client of mine to protect his LAN. We have just upgraded to 2.2.4 and he now wants to put his servers in a DMZ. The servers have public IPs in two classes xxx.xxx.79.0 and xxx.xxx.242.0. The public IP on the router for each class is xxx.xxx.79.126 and xxx.xxx.242.126. I am using masq and 192.168.1.0 on eth0 LAN I have tried