similar to: Firewall design

Hi, I tried sending this earlier, but it didn't come through. Apologies if this appers twice on the list. I'm running bridging using the brouter setup described on this page: http://ebtables.sourceforge.net/examples.html "Making a brouter". The setup described there is like this: ifconfig br0 0.0.0.0 ifconfig eth0 172.16.1.1 netmask 255.255.255.0 ifconfig eth1 172.16.2.1

I''ve set up shorewall with the two-interface mode. pc #1 eth1 ---> ppp0 ---> Internet eth1: 10.10.10.254 eth0: 10.10.10.1 > via a crossover cable pc #2 eth0: 10.10.10.2 (gateway=10.10.10.254) I am able to surf the net with pc #1, but pc #2 is completely cut off from pc #1 and the net. I am also unable to ping from and to pc #2.

Hi, Is there documentation for the details of the xend HTTP protocol available? Thanks, Denis Bohm -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.8.7 - Release Date: 2/10/2005 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of

Hello, Which port Smb4K uses? I am not able to use Smb4K on my server for the local network. Thanks Varun

Hello, I''m a very happy user of shorewall but I have found a problem or maybe a misconfiguration I made which I can not resolve. I use a fairly large blacklist based on probes, nimda & codered attacks, proxy & relay probes etc. The only problem is that I want to block incoming trafic on all ports FROM a block but it does also block a httpd, ping etc TO a ip in a block what I do

How does one interpret the mac addresses in the log which seem to have 14 segments... Example, this appears in the log... 00:40:c7:2e:09:c0:00:01:64:4a:70:00:08:00 Yet I can''t find that in the arp table norcomix:~ # arp -an ? (192.168.2.148) at 00:10:4B:6A:AE:E7 [ether] on eth1 ? (192.168.2.149) at 00:D0:B7:1D:F2:F2 [ether] on eth1 ? (24.237.19.16) at 00:10:DC:67:BA:80 [ether] on eth0 ?

Since you''ve started signing your email, Tom, my machine can''t verify your sig. Where are you publishing your key? -- John Andersen - NORCOM http://www.norcomsoftware.com/

I have a senario I hope one can help me out with... I have a range of Public IP Address 203,xxx.59.106-114 I have 4 internet servers that need to communicate to internal servers/clients 172.16.x.x/24 using port 80. These are Windows2000 servers (no software firewall solution) I have a 2nic shorewall device at present and ,as you know, I can only NAT 80 to one internal server. My immiediate

Hi All, I am trying to create the following configuration: dom0 |---eth2 Masquerading interface to OUTSIDE | |---eth0 LAN:10.0.1.1/24 | |---eth1 WLAN:10.0.2.1/24 | |---xenbr0 DMZ:10.0.3.1/24 | |-- vifX.0 -- eth0 domU:10.0.3.2 I would like to do it this way because I will not be using xen all the time on this machine. I created a network-virtual script which

First of all, My apologies for this maybe slight OT post, but I have so much confidence and read so much good replies on this list, that I am still asking my question. I''m looking for a linux distribution to use on our school''s homemade routers. The routers are small miniITX based systems with 2 network interfaces. I added a 4 port D-Link network card in some cases, when I

Hello, I want VNC Server,which is outside my network ,add my VNC Client, which is behide shorewall box. How should I config the rule? TIA Thongchai

Hello, i need to write a little personal patch in the bridge code. For this patch, i need to know the original src and dst mac addresses of the packet incoming to the bridge. As i work on a brouter (some packets are bridged, some are routed based on ebtable rules), packets that are routed have their mac addresses modified by the IP stack). I put a software probe in br_input.c::br_handle_frame( ),

Hello all, I am having some trouble getting a firewall filter to work with TC. I am actually setting the mark via EBTables (which is working as far as I can tell, I am also logging the packet and my syslog reports lots of marks): ebtables -t broute -A BROUTING -p ipv4 -i eth1 -s 08:00:46:60:B3:57 -j mark --set-mark 7 --mark-target CONTINUE --log --log-level debug --log-prefix "EBFW Mark

Ok this is admittedly OT, but when you want network advice you go to where network gurus hang... When popping mail from my primary mail server (Linux) from my linux laptop a simple mail check takes 15 seconds to connect when using a wireless nic (802.11g) and 1 second using the hardwired nic. Popping my backup mailserver (also linux) which is sitting RIGHT BESIDE the primary takes one second

Hi, I am trying to use the update_attributes on object with nested attributes and I am getting the following error: ProductPrice expected, got HashWithIndifferentAccess Here''s the situation (simplified): class Product < ActiveRecord::Base belongs_to :productPrice end class ProductPrice < ActiveRecord::Base has_one :product, :dependent => true

Hi, I''m a home user who doesn''t understand the workings of the Shorewall firewall (or the linux OS on which I''ve just installed it) very well. Having just installed Shorewall 1.4.6c with a default "home user" configuration I gave it a run against the online ShieldsUp scan. Main surprise was that the ICMP echo was enabled. I''ve since gone into

Hola and thanks for any help in advance I installed mandrake 9 a few days ago and wanted to set up some additional rules to shorewall, bu i failed :) What i want to do is basicly route any incomming udp and tcp packets on port 4665 to a workstation behind the router. router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0) connected to dsl modem and gets a dynamic ip

I am making a new box to test with and was trying to install shorewall via rpm. So I download the shorewall 2.2.5 rpm and issue a rpm -ivh shorewall-2.2.5-1.noarch.rpm. I then get an error: error: Failed dependencies: which is needed by shorewall-2.2.5-1.noarch So as you can see there are no dependency issues. I thought I saw this on the mailing list a while ago but I just searched for it I did

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

Hi, Sorry to bother you all. I have a typical problem sharing DSL upstream bandwidth with users. I have 3 types of traffic high-priority, medium-priority and low priority. My upstream rate is 960kbits. Traffic (any priority) can vary in bandwidth from 0 to 960kbits. I have a test setup where I can pump 600kbit of high priority sustained and I have 400kbit of low priority traffic sustained. I