similar to: Issue migrating from 1.4.6c to 2.4.0 with all zone in DNAT rule

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all, im using shorewall 2.2.1 on a CentOS 4, im newbie with shorewall, just testing it i created a dnat rule like this #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

Hi I have this configuration: eth0 Link encap:Ethernet HWaddr 00:C0:F0:54:DC:1E inet addr:10.10.10.166 Bcast:10.10.10.167 Mask:255.255.255.248 inet6 addr: fe80::2c0:f0ff:fe54:dc1e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1738708 errors:0 dropped:0 overruns:0 frame:0 TX packets:1538724 errors:0 dropped:0

Thanks Tom Sorry, I was wrong, this is the correct question... I have this configuration: | Email Server 192.168.0.253 | ___|___ Port 25 SMTP ___|____ ____ | LAN |-------------------------------------Eth1

I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I

Dear Rusers, The default behavior in R when performing a regression model with missing values is to exclude any case that contains a missing value? How could i set the bahavior that R deal with missing values? e.g.: exclude cases listwise exclude cases pairwise replace with mean Thanks very much! -- Kind Regards, Zhi Jie,Zhang ,PHD Department of Epidemiology School of Public Health Fudan

Hi folks, When we first started talking about Shorewall post-Tom, a few people offered to help with testing. Would those people please raise their hands again? :-) I''m investigating Nicolas Helleringer''s recent message on shorewall-users (http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018898.html), and a good test environment would come in really handy,

Hi, I have seen this come up in a couple of threads, but nothing recent. I was wondering a couple of things and was hoping someone could clarify. I have an existing working shorewall configuration (Details at end of post). >From within this config, I have a few ports redirected for use with portsentry (like the mini-howto directs forbidden port accesses to port 49999). This works

Hello, I am running a web server on my internal network. Clients outside the web can view it but inside the network, they get page cannot be displayed. I have tried shorewall faq 2 but it still doesn''t work. interfaces #ZONE INTERFACE BROADCAST OPTIONS net ppp0 detect dhcp,routefilter,norfc1918,routeback masq eth1 detect routeback masq #INTERFACE SUBNET ADDRESS ppp0 eth1 #LAST LINE --

Hi guys, i have a 2-interfaces nic cards Shorewall 3.0.x Firewall. I need to allow access to an internal saprouter server from internet. When i try a connection from the sapgui from a workstation on Internet i get a connection time-out on port 3299 by the saprouter My shorewall interfaces configuration is: ZONE INTERFACE BROADCAST OPTIONS loc eth3 detect

Beta 1 is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Features include: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

I have a script for dual internet connections that does this: ------------------------- #!/bin/bash IF1=eth1 IP1=203.219.190.106 P1=203.219.190.105 P1_NET=203.219.190.104 IF2=eth2 IP2=220.245.224.46 P2=220.245.224.45 P2_NET=220.245.224.44 IF0=eth0 P0_net=192.168.0.0 TABLE1=inet1 TABLE2=inet2 ip route add $P1_NET dev $IF1 src $IP1 table $TABLE1 ip route add default via $P1 table $TABLE1 ip

Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for helping with updating the sample configurations. New in 1.3.14: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

Hello, everyone, I'm new to this mailing list. So please excuse me if this topic has been discussed before. We have a network that consists of a few subnetworks. Each subnetwork has its own network address. In each subnet there are Windows 95/98/NT machines, as well as Linux/Unix machines that run Samba. NO NT Domain is used! I've configured cross-subnetwork browsing by 1. using

On Fri, 25 Nov 2016, Jonah Naylor wrote: > I'm still getting "Connection refused on the client cgi screen as well > as in the shell it gives me UPS upsname at ipaddresshere is unavailable... You reported that access works correctly from elsewhere on the master subnetwork. Does access from the master subnetwork produce the "accepts" e-mail message generated by the

Am Dienstag, 23. April 2013, 22:50:51 schrieben Sie: > [...] > Giving more-than-expected precision can be just as bad for the user as less. > It tends to come up in situations where the optimization would break some > symmetry, the same way that aggressively forming FMAs can break user code. > [...] > > It boils down to the fact that giving excess precision in >

Hi, I plan to reorganise our IP management and I'd like to implement a slave DHCP server. Right now we assign IP addresses based on the ethernetadress of a client 1:1. The tutorial here [1] is simple and looks like the thing I need. I do have a lot of subnetworks and my cisco router has an DHCP helper address set. I know I'll have to add the second dhcp-server address. My questions now

I feel I should know the answer to this, but I wanted to verify. I have a bunch of Windows PC's running Win 2K Pro, on three subnetworks. Two of the subnets are served by Unix (FreeBSD) boxes running NATD, but all are joined to a domain being run on a Win 2K Pro server in another building on the campus. So far I haven't joined the two Unix boxes to the domain. I'd like to