similar to: tcp redirect questions

Hi! This is another thread of "setting gateway in interfaces file" and while i dont want to create any confusion here, i have decided to open a new thread.(which mean Diamond King no longer a subscriber to shorewall-users) Actually, i turned out not to be the MARK issues. Something is missing and i got this error instead :- Setting up Accounting... Creating Interface Chains...

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

good morning all, i have an interesting issue with browsing. details: i have three subnets. (subnet1, subnet2, and subnet3) i have a samba server on each subnet. (samba1, samba2, and samba3) i have a windows 2000 server on subnet1. (m$1) samba1 is the domain master and wins server with ip 192.168.0.1 win2k clients authenticate to their local server and wins is set to 192.168.0.1. when i run a

Hello, Thanks for the great Shorewall which has replaced my hard to maintain home-made scripts. First, what works. Our local network is 10.48.X.X with multiple vlan, each on a dedicated interface. We use Shorewall 4.4.11 from Debian Squeeze. We have a 2 ISP: - isp1 : an optical fiber provider with 10 Mbps. - isp2 : a DSL provider with 15Mbits/1Mbits. We use isp2 as the default outgoing

Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how

Hi, I have 2 internet nic''s with differents ISPs. eth0 = isp1 eth3 = isp2 My internal network is eth1 # /etc/interfaces net eth0 detect routefilter,norfc1918,blacklist net eth3 detect routefilter,norfc1918,blacklist loc eth1 detect # /etc/policy loc net ACCEPT net net DROP

Dear list, Shorewall is running here with 2 ISP''s: ISP1: corporate ADSL-line with fixed set of IP''s ISP2: fast consumer-grade cable-connection with higher bandwidth All our main traffic (web, e-mail) is routed trough ISP1. Only for special purposes (frequent large ftp-transfers) ISP2 is used, configured trough tcrules. ISP2 is not so reliable as ISP1 (duh) and they sometimes

Hi all, I would like to do something like this at Samba level: hosts allow = subnet1/mask1 subnet2/mask2 etc hosts deny = * But this doesn't seem to work (machine that are not in subnet1 and not in subnet2 still have access) I think the * is not understood by Samba, I tried ALL, this didn't work either. I'm gonna check the samba source code but if I could get an expert answer

Hello, I tried to find the answer to my problem already but it is a specialised one I think because nothing was found. I previously have a ISP who was very fast ("extreme speed" service from Cable Modem) but that blocked SMTP port and some other for poor non-commercial users... And it gives dynamic addresses so no DNS at home without tricks... So I went to another

I have 1 100MB NIC with two 2MB-subnets trough a router behind it. I''d like to create multiple default classes: 1: + |\_ 1:10 default, ceiling 100000kbit, rate 96000kbit | |\_ 1:11 ceiling 2048kbit, rate 2048kbit | | | |\_1:110 ceiling 2048kbit, rate 1536kbit | \_1:111 ceiling 2048kbit, rate 512kbit (default subnet1) | \_ 1:12 ceiling 2048kbit, rate

Hi, I am migrating from one ISP to another, and would like to run both simultaneously for a while. So: (both netmask 255.255.255.248) [ISP1] 24.106.62.180 [ISP2] 209.181.237.230 | | | | \ / -----[ HUB ]----- | | -------- eth0 --------- | Linux FW/Server | ---------eth1 --------- | | [ HUB ] | 10.0.0.x/255.255.255.0 The default IP on

Hello everybody: Here is my "network layout": ISP1 ISP2 | | | | +-----eth0---------eth1------+ | | | FC 3 box | | | +-----eth2---------eth3------+ |

Hello,I have single linux router ( fedora core 1 ), 2 ISP, 1 internal network,1 IP space from every ISP My scenario: eth0 1.0.0.2 netmask 255.255.255.252 -> ISP 1 eth1 2.0.0.2 netmask 255.255.255.252 -> ISP 2 eth2 1.0.1.1 netmask 255.255.255.0 -> IP space from ISP1 eth3 2.0.1.1 netmask 255.255.255.0 -> IP space from ISP2 Config I try: /etc/iproute2/rt_tables: 10 isp1 20 isp2 ip

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

I need to route: from 196.33.50.0/25 (default route) to ISP1 from 196.33.248.0/24 (default route) to ISP2 ISP1 --------- fire --+---- 196.33.248.0/24 / | ISP2 --------/ +---- router ----- router ----- 196.33.50.0/25 What I''ve done: Default route via ISP1 created routing table ISP2 for default route via ISP2 I would like to do the following but they get

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Hi all, I have managed to setup a Fedora 7 box with 3 ethernet cards and two ADSL modem/routers from different suppliers as LARTC recommends. I am able to direct traffic for specific internal IPs either to one or the other ADSL line. However, I am faced with two problems I am struggling for the solution: 1. I have opened a few ports on the ADSL router/firewalls to talk to internal hosts; say when

Hi, I have a simple question. I have my firewall with 2 external Ip and 1 lan. For example ISP1 FW LAN----Mail Server ISP2 Ok, when i DANT the smpt port to my mail server, I can see that the conection in my mail server comes from the external IP of my ISP. I need to change this so the conection to my mail server cames from the LAN IP from my firewall Is this possible?

hello, i have 2 links to the ISP of 128kbit each, and i want to balance the trafic between them, but not staticly (local ip1-5 throw isp1, and the rest to isp2). I though at a ingress clasification, then routing by the mark, and at the exit nat (yes i must do nat :(((, but the clasification must be flow based, and i dont know how to do it. C _______________________________________________ LARTC

Hi, At office, we have I ISPs. I want to lightly monitor each link latency in order to decide several routing. For that, I have only one external server: 1 IP, it's an OVH dedicated server. The quick picture is http://s24.postimg.org/n3436z64l/defaul_route.png Default route is via ISP1. If OVH-server pings IP1: - the request will go through ISP1: it's OK - the reply will go through