Displaying 20 results from an estimated 11000 matches similar to: "Shorewall 2.3 problem"
2005 May 25
1
Shorewall 2.3 problem (repost)
Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 so I could explore the multiple ISP/dual default route setup feature of version 2.3, I also upgraded iptables from 1.2 to 1.3 (rpm-based install) but when I tried to start shorewall it terminates and I noticed it''s giving me this error
iptables: No chain/target/match by that name
ERROR: Command "/sbin/iptables -t mangle -A
2007 Apr 18
1
[Bridge] Multilink + bridge + nat problem
Hi, I have a suspicious problem with multiple uplinks configuration.
First of all my configuration:
1) kernel 2.6.20.3
2) iptables 1.3.7
3) last iproute (for masked marks)
All wan interfaces are bridged (stp disabled) in only one interface
(wan0), all lan interfaces are bridged (stp enabled) in only one interface
(zlan0).
The wan0 bridge is to allow UPnP works.
To allow related
2004 Oct 17
8
Shorewall and IPP2P
Hi!
I''m wondering whether anyone has successfully set up a bandwidth control
system using ipp2p and shorewall. I have been able to drop connecions
altogether, but I don''t seem to be able to get CONNMARK working with ipp2p.
Any pointers would be greatly appreciated :)
______________________________
Mario R. Pizzolanti
2005 Jun 06
23
Multi-ISP in 2.4.0
Hello Shorewall list,
I''m a happy Shorewall user since a few years now and everything works fine
for me except one thing that I try to implement since a week, the multi-isp.
I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a
week.
My config is a Debian running a kernel 2.4.27 home made with the
CONNMARK.diff patch applied
I''m using 2 ISP,
2006 May 01
1
Traffic Shaping with Shorewall
Does anyone here implement traffic shaping with shorewall? I need to shape
BitTorrent traffic on my network so that upload/downloads do not overwhelm
normal function or, even more importantly, my imminent conversion to VOIP for
all telephone service. I followed the shorewall documentation guide but am
not sure if what I have done is the Right Way Of Doing Things. Nor am I
satsified with the
2012 Oct 08
3
Shorewall 4.5.8 IPSEC in a multi-ISP configuration
Hi,
I'm using IPSEC in a multi-ISP configuration,
lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0
This worked fine with Shorewall/Shorewall-Lite 4.5.7.
After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work.
If I change the Providers.pm file and add connmark => "! --mark
0/$mask" like before in Shorewall 4.5.7 than everything works fine.
add_ijump
2007 Jan 25
4
":T" flags in 3.4.0-RC1
I am trying to apply the new :T flag in tcrules. the man page for this
file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT.
this doesn''t seem to work on my setup. I have in tcrules :
------------------------------------------------------------------------
RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0
CONTINUE:T 0.0.0.0/0 0.0.0.0/0
2005 Jul 05
14
issues in tcrules
Hi! This is another thread of "setting gateway in interfaces file" and
while i dont want to create any confusion here, i have decided to open
a new thread.(which mean Diamond King no longer a subscriber to
shorewall-users)
Actually, i turned out not to be the MARK issues. Something is missing
and i got this error instead :-
Setting up Accounting...
Creating Interface Chains...
2005 Jun 24
6
Is it that difficult?
Hello,
You will find in attachment the layout of my
current physical configuration.
For now, the Cable ISP is not used. Since it
is a dynamic ISP, my mailserver is rejected and
my domain name registers on blacklists like ORDB
and al.
I want it to be used as a default gateway except
for my mail server that would be seen as coming
from my "honest" ADSL ISP.
Here is
2009 May 29
5
CONNMARK target and connmark match support in Ubuntu kernel
Hi,
as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html
), it says
"Use of this feature requires that your kernel and iptables include
CONNMARK target and connmark match support (Warning: Standard Debian™
and Ubuntu™ kernels are lacking that support!)."
it means MultiISP wont work properly if i am using Ubuntu server. if
yes whats the
2012 May 08
19
Shorewall, TPROXY, Transparent Squid and Multiples ISP
Hello,
I wonder if someone could use the TPROXY with Shorewall and
transparent Squid with using the routing rules on shorewall
(tcrules) for hosts / networks (LAN) with multiples providers (WANs)
directly from the internal network on port 80 (with TPROXY
transparent squid or REDIRECT).
On this issue, the routing rules is not work propertly because the
source is the
2006 May 29
4
IpSec support with kernel 2.6.16.18
Hi all,
I''m currently using ipsec with Shorewall 3.0.7 on a patched 2.6.10
kernel. Having heard that ipsec support was in the standard kernel
starting from 2.6.16, I tried to upgrade to the last kernel.
My problem is that shorewall won''t start anymore.
I get this output in /var/log/shorewall-init.log:
Starting Shorewall...
Initializing...
Shorewall has detected the
2006 Mar 13
1
Dynamic Zones and IPSET (with a DNAT for good measure!)
Hello all,
I have been putting together a shorewall firewall together for a couple
of days, but have hit a bit of a dead end.
I am using Shorewall 3.0.5
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type
2007 May 09
10
Load balancing using connmark
Hi,
I''ve been implementing a load balancing solution using CONNMARK, based
on solution described by Luciano Ruete at [1]. Gracias por el post y por
apuntar en la dirección correcta Luciano!
Once implemented, I''ve found that due to some reason packets aren''t
properly marked (or improperly remarked) and sent out using the wrong
interface.
My topo setup is:
2005 Jun 06
20
2 ISQs
Hello,
I tried to find the answer to my problem already but
it is a specialised one I think because nothing was
found.
I previously have a ISP who was very fast ("extreme
speed" service from Cable Modem) but that blocked
SMTP port and some other for poor non-commercial
users... And it gives dynamic addresses so no DNS
at home without tricks...
So I went to another
2007 Mar 02
8
DNAT and Load Balancing
Hi all!
After that good thread "DGD patch not detecting dead gateway" I was
able to set up a Load Balancing with ping based DGD (without Julian
Anastasov patch). But now I''m facing a new problem and tried some
options, with only partial solutions.
I made a script based on
http://www.mail-archive.com/lartc@mailman.ds9a.nl/msg16257.html (Thank
you Manish Kathuria),
2004 Sep 24
2
CONNMARK problem
Hello everybody.
i have the folowing problem:
i have this in the top of PREROUTING chain in mangle table
iptables -t mangle -A PREROUTING -j CONNMARK --set-mark 0 # rule 1
iptables -t mangle -A PREROUTING -m connmark --mark 5 # rule 2
iptables -t mangle -A PREROUTING -m connmark --mark 6 # rule 3
i think when packet is passing trough my POSTROUTING in mangle table
2005 Jun 22
3
block p2p: ARES
Hi....
I''m trying to setup a LAN router with P2P filter
but the problem is that can''t "catch" Ares.
There is a way to DROP "ares" p2p packets ?
I''ve tried with last "ipp2p" snapshot without sucess...
I''ve
Kernel 2.4.28
iptables 1.3.0
Various Patches from patch-o-matic-ng-20040621
iproute2-ss020116
IMQ Patch
Esfq Patch
2006 Mar 25
2
Multiple uplink problems
I''ve installed Shorewall 3.0.5 on a Debian Sarge box, and I''m
attempting to route internet traffic through a couple of ISPs, and I''ve
come up against some problems.
The first is that one of my links is a pppoe connection to a wireless
modem, and I can''t configure it to have a static IP address...
therefore I can''t see how I can set up the two
2011 Apr 24
1
Logging specific Classified packets
Hi All,
I''m not convinced I have my tcrules correctly setup and looking at the
counters in the mangle table''s tcpost doesn''t really help much as I can''t
tell what is the final match.
Is there a way to match packets in iptables based on the classifier? i.e.
so I can LOG packets classified with 1:18 for example.
I can''t see anything in iptables, except