similar to: Bridging problem with Shorewall and OpenVpn

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

Hi, I have a few questions about the inner workings of netfilter (a graphical layout of my network setup @ https://aequorin.homeunix.net:62389/local/media/network-graph.png) 1) These are the syslog entries for some simple connection tests. Shorewall/netfilter has been set to record all stateful connections SSH is recognized as phys(eth0) -> $FW traffic. This is because PHYSIN is

Hi, I've some problems with this network : [ host1 eth0: 10.22.2.4/8 ] [ host2 eth0:10.22.2.5/8 default route host3] \ / SWITCH internet | | |

Hello All, I have a question about setting up the shorewall firewall for squid, I followed the instructions on "Using Shorewall with Squid" --> "Squid Running in the DMZ" section. For some reason I am unable to get the program to work. I am able to have the squid work properly by using squidclient program, but once I setup the firewall to use the redirect I am unable to

Hello everybody, I have an odd problem with iptables using a Xen bridge setup. I don''t know if it would be better to post to netfilter Mailing-List. But I hope someone here know how to solve it. If it''s OT here, please let me know. I''ll try to do a little bit ASCII-Graphics to explain the topo better: _________ ________

This patch adds an ACM hook into the network scripts (/etc/xen/scripts). It adds iptables rules that enforce mandatory access control on network packets exchanged between virtual interfaces. If ACM is active, this patch sets the default FORWARD policy in Dom0 to DROP and adds iptables ACCEPT rules between vifs that belong to domains that are permitted to share (determined by using the

Hi all, I have a strange problem with GPL PV 0.8.8 (0.6.4 did work). On my 2nd vif I cannot establish TCP connections. The 3rd IP packet (ACK from XEN-Image) is not forwarded by XEN/DOM0-Bridge. If I boot Windows without /GPLPV option, everything works fine. I did some investigation and found out that the packages arrive differently if GPLPV is enabled. "br_inet" is a bridge

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hi, I contact you as i have difficulties to use nwfilter with KVM host. I want to implemente flow filtering between my Linux guests. I created the following filter : cat admin-dmz-internet.xml <filter name='admin-dmz-internet'> <!-- this zone is an SSH ingoing only zone --> <!-- but SSH can go to an other SSH proxy --> <filterref

Hi, I''ve been making leaps and strides with Xen on FC4. It has been easy to get installed and to start our first virtual host. I''ve got one outstanding issue with iptables that is preventing me progressing further. This is a colo''d server. It has s single NIC with public IPs. The bridge is set to come up binding vif* <> xen-br0 <> eth1. I can start a

Hi all, I''m new to shorewall and have been struggling with several problems for several days now. Most of them are solved, but one still persists. The firewall is running on my server under Debian Sarge (Kernel 2.6) I''ve got three network interfaces: ppp0 (DSL Internet) eth1 (lan) ath0 (wlan) eth1 and ath0 are bridged together to br0. The problem is, that Samba (also running

Package: xen-utils-common Version: 3.0.3-0-2 Severity: normal I cannot find a use the network-nat and vif-nat provided in the general case, where I'd like to NAT between vifx.0 and ethx interfaces. I have setup the following in /etc/xen/xend-config.sxp : ## Use the following if network traffic is routed with NAT, as an alternative # to the settings for bridged networking given above.

Hi We have the following situation: A hypervisor using KVM-Qemu/libvirt with a single VM. The VM has the internal IP 192.168.122.151 on the default network pool using virbr0 on the hypervisor. We've set up netfilter rules to DNAT requests on one IP of the hypervisor to the VM. So, first of all, forwarding to the internal IP range is allowed: > $IPTABLES -I FORWARD -m state -d

Hi * in xend-config.xsp I have: ******************************** (network-script network-route) (vif-bridge xen-br0) (vif-script vif-bridge) ******************************** and in /etc/network/interfaces ********************************* iface eth0 inet static address 0.0.0.0 auto xen-br0 iface xen-br0 inet static pre-up ifconfig eth0 up pre-up brctl addbr xen-br0 pre-up brctl addif

Hi! I''m not new to Xen but I''m new to this list. I''m having a truely bizarre problem with Xen bridged networking at the moment. This is a new install, on RHEL4. The symptom is that any domU set up simply fails to talk to anything else. It''s there, and running, and it has an ethernet device, but there''s never any response. After digging through the

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=479 Summary: tunnel0 and br0 Product: iptables Version: 1.2.11 Platform: i386 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: iptables AssignedTo: laforge@netfilter.org ReportedBy: tom@tomdeb.org I have a ipsec

I have what strikes me as an odd problem with shorewall. Let me describe my setup. My desktop (alfred) is connected to the network through an ADSL modem. I am running rp-pppoe, and this works perfectly. I have a small home network, with two LANs; an Ethernet LAN (including a machine running Windows XP), and a WiFi LAN, including the laptop (william) I am using now. All the computers except for

Dear, The problem is resolvido.Removi the standard rules of CENTOS and dns is responding. I do not need these, I have a firewall. Below is a table with the filter and reject rules CENTOS: [root at samba ~]# iptables -nvL Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 2527 775K ACCEPT all -- * * 0.0.0.0/0

Hello, loading conntrack resolve my problem ... layer 7 have got a dependency with conntrack but doesn''t load it automaticaly... so module is loaded but no packets match with l7-protocols ... reported as a bug http://sourceforge.net/tracker/index.php?func=detail&aid=1596065&group_id=80085&atid=558668 regards ArcosCom Linux User a écrit : > With: >

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall