similar to: Architecture Help: OpenVPN

Hi all, I have set up a working OpenVPN2 connection between my Server and my gateway at home. Now I want all traffic to be routed through this VPN connection. Currently everything is going through eth1 to the internet (to the gateway of the University which forwards it to the internet :-). We must use a prox-server and because of this I am not abel to watch the real-Media streams on

Hello All, I have installed Shorewall 2.0.7 and configured , I am using masq to share internet for users. I have problem of perticular sites . I blocked site IP address. and succeeded but i have problem of Public proxy addresses , some user use anonymous proxy Ip and get thru it and use blocked sites. I blocked Public proxy adresses but it lot of them( I mean more than one public proxy

Hello - I am not a subscriber to the mailing, please email me with help at mfabache@yahoo.com My shorewall (v2.0.1) has been working wonderful for the past year. I just added my Vonage and cannot get the Phone Adapter to sync up (2 blinks (looking for IP)) All I have done is run an ethernet cable from the WAN outlet on the phone adapter to a lan port on the router. After googling, I found

All, I've updated the open-vm-tools packages that have been floating around to the latest release - 4/25/2010 - for those that are interested. There is quite a bit of new additions/changes over the past year such as the addition of a fuse driver for vmblock devices, vmxnet3, pvscsi, etc. SRPMS and .spec's available here: http://www.davehollis.com/packages/open-vm-tools-kmod.spec

Hi all, We want to do some stress testing of firewall configurations/hardware. We have discovered hping that seems a great tool for this, but funny enough Shorewall cuts it !!! even when you leave ports open :) So besides hping, any tool for this? Why is shorewall cutting this traffic? Thanks in advance. Regards. -- Jaime Nebrera - jnebrera@eneotecnologia.com Consultor TI - ENEO

I said: > # MSS CLAMPING > # Your kernel must have CONFIG_IP_NF_TARGET_TCPMSS set. > > I''ve activated the option, but to no result watsoever. > Checked my kernel config, and it states that CONFIG_IP_NF_TARGET_TCPMSS is a > loadable module, that should be loaded on demand. > Simon said: > Did you try adding it to /etc/shorewall/modules ? Actually, no I

Hello, I have the following situation : Server with 2 nics 1 nics connected to the internet, 1 connected to the LAN I have OpenVPN running on the system and the following setting in the tunnels file : =================================== openvpn:2000 net 62.58.0.226 openvpn:2001 net 62.58.0.226 openvpn:2002 net 62.58.0.226 =================================== All tunnels ran for weeks

Shorewall (as of 1.4.5) currently doesn''t work "out-of-the-box" with the recently released 2.6.0-test1 kernel. Fortunately, the problems are trivial and easy to fix. The check for OS version only checks for 2.4* and 2.5*, 2.6* obviously needs to be added to this. The next part is with loading the modules. Currently, loadmodule checks for $MODULESDIR/$module.o or

Hi, I had set rules so that my client can only visit few sites instead of the whole net. My question is, how can I allow my client to activate it''s product key and also to run windows update? One more thing is, can I use domain name in the rule config? if yes, can I put just microsoft.com to refer to aaa.microsoft.com bbb.microsoft.com? Please advice

What version of shorewall do you suggest I try on a FC3 system? TIA, /ChJ

I have been given a set of "firewall rules" to open my firewall for DCC to support my spam filtering. (I have done many web searches trying to find info relating to DCC with Shorewall, to no avail. The problem is that I am clueless on how these "rules" translate into the shorewall rule format. Could someone please help me translate these? allow udp local gt 1023 to remote

I''m running a Fedora Core 1 Samba server and Shorewall 2.0.1 Connections to Samba shares from both loc hosts and the fw host are usually impossible, unless I boot the Server and connect a loc machine to a Samba share before starting Shorewall. This requires manually toggling the startup_disabled filename and starting Shorewall manually after each boot. I used the two-interface

First of all, My apologies for this maybe slight OT post, but I have so much confidence and read so much good replies on this list, that I am still asking my question. I''m looking for a linux distribution to use on our school''s homemade routers. The routers are small miniITX based systems with 2 network interfaces. I added a 4 port D-Link network card in some cases, when I

hi, there is no support for patch-o-matic netfilter modules. what i have to do if i want to use several patch-o-matic modules? which parts of code has to be changed and will that changed be included into the main shorewall tree in future or not? best regards claus

While I have concentrated on support for 2.6 native IPSEC in release 2.2.0, I am still of the opinion that unless you absolutely need IPSEC compatibility that OpenVPN is a much easier (and in the case of roadwarriors, a much better) solution. Having already generated all of the required X.509 certificates, it took me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one using the new

Hello all, What I am doing seems fairly straight forward to me, I just am not sure how to put it into Shorewall''s config files. Here is what I have: I have a single router that takes 5 public IP addresses and routes them to internal IP addresses. In the past, I had control over that router and could port filter at the router, forwarding only the traffic I wanted. However, now, I

I''ve just discovered that I do not have access to the remote gateways for a set of IPsec tunnels to remote networks. This prevents me from changing the routing table on those gateways. I need "roadwarrior" systems connecting to me local network using OpenVPN (tun) to be able to access those systems. Since the remote gateways don''t know about 10.100.1.0/24, where my

I have a zone "rw" defined as tun0 in interfaces. From that zone, pings to zone "loc" succeed but pings to remote networks (On IPsec VPNs) are rejected in the all2all chain. From my point of view, these pings should be in the rw2cctc chain. (rw to cctc is ACCEPTed in policy.) I must have a hole in my config, where would it be? Thanks, A.

You definetly need a TAP connection to make samba work over VPN. We use OpenVPN host2net-accounts created with IPCop here since quite a while and it works with samba without problems. However, the speed is of course not as fast as in local net, but this is rather related to the way the SMB-protocoll works. ;-) ________________________________________ Von: samba [samba-bounces at

Greetings, I want to setup bandwidth restrictions for a few clients that use openvpn to connect to my server. I''m using iptables to mark the packets in the mangle table (PRE/POSTROUTING) on eth0 before they get sent via the tunnel. Will the mark survive even if the packets then get routed via an openvpn tunnel (tunX) out the box or does openvpn change it removing the mark ? damnit,