similar to: Routing changes break NAT (not a shorewall question)

Displaying 20 results from an estimated 2000 matches similar to: "Routing changes break NAT (not a shorewall question)"

2005 Jan 07
6
Questions: place for doco, and routestopped during ''shorewall restart''
Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s
2004 Oct 08
5
local yp/nis on the server
So, now I see why I was doing the fw 2 fw rule. It was for my YP/NIS usage. Does anyone know how I get that to work?
2005 May 26
11
Quick poll: CVS commits
Hi folks, I''m conducting a straw poll for your opinions on whether we should send CVS commit logs (probably with diffs) to the shorewall-devel list, or to another (new) list? I can see advantages to both ways: separate lists mean that people who aren''t contributing code don''t get flooded with code noise, but a single list will help keep everyone involved in the
2004 Aug 22
12
Tom''s Key
Since you''ve started signing your email, Tom, my machine can''t verify your sig. Where are you publishing your key? -- John Andersen - NORCOM http://www.norcomsoftware.com/
2005 Mar 01
3
I''m out of here for a while
I''m going to start being rude with people if I don''t take a break from the list for a while. I''ll be back in a couple of days after I cool off..... --Tom -- Tom Eastep \ Off-list replies are cheerfully ignored Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2005 Jun 26
1
Vservers and shorewall
hello I''m using the 2.6 series 5 vservers on eth1 running on debian unstable and I wanted two of them to be used as "proxies". One of the proxies has 3 interfaces (well 4 if you count the ath0 interface whose traffic I''d like to pass through the "vproxy"); one facing the hosts''/out interface, one facing the "dmz" where two vservers
2005 Feb 24
3
[Fwd: Re: 2.2 shorewall installation fails on suse 9.2]
Anyone else seeing this?? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2005 Jan 07
1
smtp / pop allow
Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None fw net ACCEPT None None net Any DROP info None Any Any REJECT info None I have done NAT on eth0 and I am running squid proxy on the server. I am not able send or
2004 Sep 11
2
just checking if you have seen this before Tom.
Been trying to track down an issue where when I issue a restart on shorewall it stalls for maybe 5 minutes. I have tracked it down to the removing of the rules portion but have not been able to get any closer yet. Some place after "strip_file rules" and echo "Deleting user chains..." It seems to fix itself after a reboot of the system for an unknown time then it resurfaces
2004 Aug 12
1
Blacklist and rules - order of processing
I was wondering if i could stick a certain ip in the blocklist, but at the same time have an allow rule for http in the rules section. In other words i would like to block pretty much all access from a certain internet address except for http from the internal network. So does the rules file get parsed before the blacklist in the firewall to make this possible?
2005 May 26
28
Shorewall development web site
Hi folks, Last night and this morning i''ve hacked up a quick web site for coordinating our development work based on Drupal (http://drupal.org). You can find it at: http://shorewall.dyndns.org I''ve put a few ideas in there - feel free to use the comments or sign up for an account and create your own pages (particularly in the two books about development and web site work).
2005 Jun 04
3
[Fwd: [shorewall-coding] Shorewall2 functions, 1.39, 1.40]
Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 186 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050604/bee263f3/signature.bin
2004 Sep 03
3
getting up and running
Hello, I have read the getting started guides, FAQ, etc, so if your response to the following is RTFM, please at least refer me to the appropriate one :) I have shorewall set up as follows: zones: net Net Internet loc Local Local networks dmz DMZ Demilitarized zone policies: loc net ACCEPT dmz net
2005 Jul 04
5
SysV install problem in FC4
After a fresh install, I noticed that shorewall 2.4.0 wasn''t starting automatically under FC4. The startup script installs properly from the rpm: /etc/rc.d/init.d/shorewall ... but the post install "/sbin/chkconfig --add shorewall" produces this in the runlevel symlink directories: /etc/rc.d/rc5.d/S-1shorewall /etc/rc.d/rc0.d/K-1shorewall /etc/rc.d/rc6.d/K-1shorewall
2005 Jun 24
9
WINS across two networks and a router
 Hello, everybody.  This one''s got me stumped.  What I''m trying to do is have two networks--192.168.1.0 and 192.168.2.0--with SMB and WINS running between them.  So far I can mount SMB shares allright, but I can''t browse by WINS names across the router.  I''ve posted this question on Linuxquestions.org; you''ll find the details there.  Here are my
2007 Nov 21
1
Load Balancing with secondary tables (not main as in the howto)
Hello, We have 3 DSL connections connected to eth3 and another interface with a dedicated link in eth0 (main table) We want to balance selected traffic (using fwmark and iptables) through our 3 DSL connections in a secondary table named DSL (without using the dedicated link in eth0), but the next command is not accepted, and gives us the following error: # ip route add default
2006 Feb 06
0
ip rule, fwmark, mangle and src IP
I made a script to test if in a moultiple gateway setup all default connection are up, regardless of the fact that that gateway is the default gw. Suppose adsl1 and adsl2 are present, and all traffic goes by default to adsl1, and you want to test if adsl2 is ok. 1. I use mangles from iptables to mark icmp packets to some test machines 2. I set up a routing table for each adsl 3. I use
2004 Aug 12
5
shorewall iprange problem
Perhaps someone can help me understand why this is happening. I''m trying to write a script using ''shorewall iprange'' to parse some ip ranges into subnets so that i can place them into the blocklist. I keep getting an error when i run the script though. Here is the script: #!/bin/csh foreach i (`cat ipranges`) shorewall iprange $i >>
2005 Jul 02
6
Port redirection on standalone pc to pop3 proxy AV scanner
G''day all. I''m trying to set up Clam AV scanning of incoming POP3 email to my Thunderbird mail client; I have a standalone laptop with a 56k dialup connection to my ISP. I can''t seem to get port redirection working: I''m trying to redirect incoming POP3 mail from my ISP''s mail server to p3scan which is listening on 127.0.0.1:8110 and will do the AV
2004 Oct 06
9
Problem with local email after shorewall installation
Hi, Summary of problem: Local mail on the firewall stopped working after installing shorewall Background yesterday I installed shorewall, based on the debian package from www.backports.org (which seems to be a 2.0.3 package) on an otherwise virgin debian woody set up. Configuration was done based on the two-interface setup. Kernel is 2.6.8.1 unpatched. A 2.4.23 kernel, with