similar to: norfc1918 not working in SW 2.2.1?

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

I''ve applied julian''s paches to a 2.6.14 gentoo kernel with the appropiate options enabled, and i''m using a modified version of the mpath2.sh script also available on julian''s site http://www.ssi.bg/~ja/ Overall everything works nearly perfectly. Incomming connections to either the fios (PPPoE) connection, or cable modem get routed back out correctly. The

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

Hello: I just started using Shorewall this morning and must say that I''m very impressed. Much nicer than what I was using previously. I love the ability to type ''shorewall logdrop ww.xx.yy.zz'' and completely block a particular IP address. However, the log part doesn''t happen. When I look in the logdrop chain, there is no LOG prefix. I''ve looked

* sorry for the other schema, it came out a mess. I hope this one is understandable. hi: I have this 2 boxes set up like this: 2020::2/128 2020::254/128 3030::254/128 192.168.0.2/24 192.168.0.254/24 192.168.30.254/24 +-------+ eth0 eth3 +-------+

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Shorewall version 2.2.1 2 Interface setup. eth1: 10.10.1.3 eth0: 192.168.1.2 modem is 192.168.1.1 I need to be able to connect to my adsl modem, but when shorewall is up I get connection rejected. I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop # RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection rejected Is there

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

Hi, my box is connected to 3 networks, eth0 eth1 wlan0. I want "my" traffic to go via wlan0 and everything from eth1 NATed to eth0: eth0 192.168.1.10/24 eth1 172.16.1.1/12 wlan0 192.168.10.190/24 I first tried this with two single hosts: iptables -A POSTROUTING -j MASQUERADE -o eth0 -t nat iptables -A POSTROUTING -j MASQUERADE -o wlan0 -t nat echo 200 Forw >>

--------------eth0---80.48.56.70---------- -------------80.48.56.65 ISP | my | router1 | | | linux | | | router2 ------------eth1---192.168.200.10----- ----------------192.168.1.1 ISP I''ve two ip from my isp one public and one internal. ISP have two routers router1 is gw for public ip and router2 is gw for internal

Dear List. I try to build multipath connection w/ load balance to internet with two different gateway; My system is RH-8.0 with iproute-2.4.7-7.90.1.rpm and Kernel-2.4.26 (patching with Julian A. patch),and follow guide from http://www.linuxvirtualserver.org/~julian/nano.txt, The problem is; when i try to connect to Internet form gateway machine it;s success , but only one interface is

I have tried (RH7.3/shorewall-1.3.12-1) both of the following in shorewall.conf to eliminate ''rfc1918'' logging into /var/log/messages: RFC1918_LOG_LEVEL=debug RFC1918_LOG_LEVEL=notice Neither appear to eliminate the logging. Here''s what the ''logdrop'' chain shows: 1 229 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix \

Hi to all, I''d like to cut some log in /var/log/messages, as of netbios and ping entries. There are some particular rules in shorewall 1.4.5? I''ve tried with "run_iptables -A common -p udp --sport 138 -mstate --state NEW -j DROP" but it contiunes to send to log every netbios attempt. Also I don''t want to disable ping from loc to net, and from fw to net. Thanks

Hello shorewall-users, we have a strange problem where some of our customers cannot access our webshop, but most of the customers can. I have been slowly eliminating possibilities and am now left with either the firewall (Shorewall 1.4) or the webshop server. What appears a lot in the logfiles is: Jul 26 11:51:04 gw kernel: Shorewall:logdrop:DROP:IN=eth0 OUT=eth1 SRC=84.128.198.240

hi all, i am setting up a load balancing netwrok with failover, i have applied julian patch, but whenever i try to traceroute from any client node, it gives me two entries for that destination, but i get different interface for that entries, so it doesn''t forward my requests, i have done masquerading for client nodes, the ip rule/route are as follows, ip rule add prio 222 table

I can't get IPv6 routing to configure correctly despite everything I've read saying it should This is my network config on a fully-updated CentOS 5.8 system: # cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=yes HOSTNAME=my.hostname.com GATEWAY=aaa.bbb.ccc.ddd IPV6_DEFAULTGW=2a02:aaaa.bbbb::1 IPV6_DEFAULTDEV=eth0 # cat /etc/sysconfig/network-scripts/ifcfg-eth0

Hello Tom, I am not sure if you can help with this but I am at my wits end. If you hit this site and do a force refresh (ctrl + F5) the site will time out and lose connections. Do the same on port 443 and it does not time out??? The web site I am reffering to is www.tituswill.com I think the only problem is port 80. Do you have any idea how to diagnose this I have sent a dump of just

Hello, I need some help about a routing problem on a complex configuration. The problem is that I can''t reach from services outside from my DMZ. The scenario is a gateway linked to three internet connections, so that I used three distinct iproute2 tables for routing. The gw is running ipvs for balancing over the dmz''s servers. DMZ servers are on 192.168.1.0/24 network, .

Hi gang, I''ve got a problem with shorewall, it keeps dropping packets when it should be DNATing them. I want all connections on a tcp port 4662 to be forwarded to a machine on my network (192.168.0.5) - the port is used for mldonkey (P2P app). It seems to be partially working - loads of packets are being DNAT''ed but some are not - I cant figure out why! The firewall

As far as I can tell from <http://shorewall.net/errata.htm> the current shorewall bogons file is <http://shorewall.net/pub/shorewall/errata/2.0.8/bogons> which contains the line: 58.0.0.0/7 logdrop # Reserved This is incorrect. These two /8s were allocated to APNIC as of April 2004. See also <http://marc.theaimsgroup.com/?l=nanog&m=108319003517919&w=2> and the main