similar to: shorewall and approx 70 VLANs

My telco is moving to feeding me over fiber, breaking out with a media converter to one Ethernet interface. At present, I am retaining the static feed over copper on eth0, and taking the two new feeds via vlans on eth1. I have configured the static IP feed on eth1:790 as vlan 790, and that seems to be fine, and eth1:780 as the PPPOE feed, and brought up PPPOE to give me an IP, that is

Hi there, can anyone point me to the docs needed to support Tagged Vlans through Shorewall. I might just be blind or my understanding of Tagged Vlans isn''t good enough yet to find it. Axel

My actual scenario is: -Hundreds PCs in a internal network (fixed IP), divided in +- 6 different subnets -A +- 6 customers with leased lines -A Cisco Catalyst 4006 connecting groups of PCs to corresponding customers (imagine a Call Center company) -Works fine. The problem: Frequently, it''s necessary to migrate dozens PCs from a customer to another. You know, change all IPs and

The 1.4.6 version of Shorewall makes additional demands on the shell. I have found that both the RH9.0 version of ash and the version of ash that has long been available from the Shorewall download sites are *not* suitable for use with Shorewall 1.4.6. The LEAF Bering version of ash on the other hand works fine. Attached is a small shell program that will allow you to test your shell for

I just added 802.1Q VLAN support to redhat initscripts. And after support was ready, I tried to restart shorewall. Well it blew into pieces. Seems like shorewall can''t handle device names like: eth0.3 very properly. That''s default naming of vlan devices. eth1 is master device and 3 is id of my test vlan. So when I added to interfaces line: home eth0.3 detect seems like

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

Hi, in my lan I have two firewall, fw1 is the first and manage inte-vlan routing. Fw2 manage internet and dmz. fw1 and fw2 have an interface (eth4 for both fw2 and fw1) on the same subnet that permit to the host behind fw1 to reach internet, my problem is on fw2: eth4 is the NIC that connect fw2 and fw1, I would''t like masquerading hosts behind fw1, so to eth4 of fw2 arrive all

Hi all, I some vlan routing problem, I''m using a linux box with an 8021q kernel. I have connect eth2 ethernet controller from linux box to a switch port that carry for vlan tagged as 2 3 4 5, I''m able to connect to the internet from vlan but not to route traffic between vlan, this is the output of ifconfig -a: eth0 Link encap:Ethernet HWaddr 00:A0:24:50:E5:B2

Greetings, What programming languages besides shell scripting are used in shorewall? What knowledge is needed to help in shorewall development? I figure iptables is a goood bet but is there anything else as well? Thank you for your time. Regards, Jason

Dear All, I think I have a useful idea for how shorewall startup could be speeded up in a more automatic manner. Apologies if this is daft, but I think it might work.... Motivation: not all users understand the intricacies of shoreall beyond using the distro setup tool. [And on this particular laptop, shorewall takes 15 seconds during boot.] I have already read this (about shorewall

I have /bin/ash from rh8 installation and I have following error when I tried to change using ash instead of sh with shorewall-1.4.7: + eval options=$tap0_options + options= + list_search newnotsyn + local e=newnotsyn + [ 1 -gt 1 ] + return 1 + run_user_exit newnotsyn + find_file newnotsyn + [ -n -a -f /newnotsyn ] + echo /etc/shorewall/newnotsyn + local user_exit=/etc/shorewall/newnotsyn + [

Hey guys, I have a question regarding shorewall and vrf functionality. I have shorewall 3.4.8 and kernel 2.6.24-gentoo-r8 I have tried to use iproute2 (ip route and ip rule) to establish multiple routing tables. The biggest problem seems to be, that I cannot add interfaces such as vlan interfaces to the routing table. My target is that linux takes attention of on which vlan interface

Shorewall 3.4.6 running on SuSE Linux 10.2 Compiling Rule Activation... Shorewall configuration compiled to /var/lib/shorewall/.restart Processing /etc/shorewall/params ... Restarting Shorewall.... /sbin/shorewall: line 665: 6782 Segmentation fault $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart got this with V3.4.4, updated to 3.4.6 this morning, but that didn''t help.

Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup.. I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall

Season Greetings to all Tom, in your faq, u have this noted: While I am currently using the HTB version of The Wonder Shaper (I just copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in the Wondershaper README), I treid this with wondershaper, using Bearing Leaf 1.0 stable i even changed the tc command to run_tc, and tried it in both angles, and i receive the following..

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

Hello, I''m trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan trunk. My internal networks are : LAN(eth9): 10.0.0.0/16 VLAN10(eth9) 10.10.0.0/24 VLAN20(eth9) 10.20.0.0/24 VLAN30(eth9) 10.30.0.0/24 VLAN100(eth9) 10.100.0.0/24 I would like to post my configuration here since i don''t success to do the following: 1. Communicate between VLANxx to LAN

Hi everyone. I am so baffled by the following problem: Office 1 is using ADSL and it is building a VPN tunnel with IPSEC to Office 2. Both ends are using shorewall/freeswan firewalls. Diagram: Office1 fw --- VPN TUNNEL --- Office2 fw --- cisco router ----- VLANS | DMZ Office 1 has the following interfaces: 2: eth0:

Hi all, after a half day searching for an error, sniffing and upgrading to the newest shorewall version I give up and the problem to you. I have following configuration in my /etc/shorewall/masq: #INTERFACE SOURCE ADDRESS vlan7::10.231.0.0/16 192.168.222.0/24 10.231.113.30 vlan7 192.168.222.0/24 10.1.0.38 Towards a

RC2 is available -- hopefully I got it right this time. http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net