similar to: [OT] New (old) Firewall at shorewall.net

Hi Guys, I''m trying to compile IMQ with kernel-2.4.26 and iptables-1.2.9 and I want to know is this procedure is correct: ---------------------------------------- - In Kernel 2.4.26 Directory (/usr/src/linux) # cd /usr/src/linux # wget http://www.linuximq.net/patchs/linux-2.4.24-imq.diff # patch -p1 < linux-2.4.24-imq.diff - In Patch O Matic Directory

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Hi, I''m having problems with this configuration: iptables 1.3.7 (vanilla or repackaged for fc5) kernel 2.6.19 (vanilla) ROUTE 1.11 (last pom-ng) layer7-filter 2.6 (last in sf.net) connlimit (last pom-ng) When I try to use -j ROUTE in any chain in mangle table I have this error: [root@myhost ~]# iptables -v -t mangle -A POSTROUTING -p tcp --dport msnp -j ROUTE --gw

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running, > but I still have a problem: > > Validating hosts file... > Error: Your kernel and/or iptables does not not support policy match: ipsec > > I had a look for netfilter patch-o-matic, but I did not find the

Hi all I am using a pass trhu router and I need to QoS some clients output by its IP address. The problem is that QoS is due after NATing. Is there some clever way of doing this besides MARKing every packet with some IP hashing in POSTROUTING NAT table? Regards Ethy

Hello, I''m stuck IPSECing my wireless network at home and would appreciate any comments. I appologize in advance if I''m wasting your time with trivia - I''m not a professional and staring at the problem for days from various angles hasn''t done me any good ... My home server/firewall (morannon) is hooked up through an USB to ethernet adapter (eth1) to my DSL

I''ve installed Shorewall 3.0.5 on a Debian Sarge box, and I''m attempting to route internet traffic through a couple of ISPs, and I''ve come up against some problems. The first is that one of my links is a pppoe connection to a wireless modem, and I can''t configure it to have a static IP address... therefore I can''t see how I can set up the two

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=490 netfilter@linuxace.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter@linuxace.com Status|NEW |RESOLVED Resolution|

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, I''d like to know how to set up shorewall to deny a user-defined action in a time-based basis, for example, I have a group of users using MSN, AOL, www and https, in a defined action called action.BasicAccess now, I want this access to be enabled only on lunch time from Monday through Friday and weekends from noon to 6pm... I know

Hello, You will find in attachment the layout of my current physical configuration. For now, the Cable ISP is not used. Since it is a dynamic ISP, my mailserver is rejected and my domain name registers on blacklists like ORDB and al. I want it to be used as a default gateway except for my mail server that would be seen as coming from my "honest" ADSL ISP. Here is

Trying again, after re-subscribing: On 11/20/06, Bob Beers <bob.beers@gmail.com> wrote: > Hello, > > I want to dynamically create DNAT rules for > RTP streams (port-mapping for a SIP proxy). > > If my proxy adds the rule before the first packet > of the RTP stream hits the port, all is well. But, if > the stream begins arriving before my rule is in > place,

Has anyone been successful at using the TARPIT target in iptables under CentOS 4? I am using CentOS 4.3, fully updated with iptables-1.2.11-3.1.RHEL4 and kernel-2.6.9-34.107.plus.c4 Doing a locate on TARPIT returns: # locate TARPIT /lib/iptables/libipt_TARPIT.so This makes me think that the TARPIT target would be valid, however when I try to use it, I get the following reponse: # iptables

Hi, I''ve been wondering if anyone has thought of a way to differentiate between an established http download and interactive http traffic? I would like to give interactive http traffic priority over someone downloading large files. Has anyone any ideas how to detect packets that are part of a download like this? Thanks. _______________________________________________

To all, I''ve just recently finished my "Security Gateway Server" project which separates a 10 laptop WLAN subnet from our main LAN/Internet network. I used Debian Sarge with kernel 2.6.9/ipsec-netfilter patched, and Shorewall 2.2.0-RC3 on a Asus P4S533, 2.4 GHz PenIV and 512MB memory. The Toshiba A60-S166, PenIV, 2.4G laptops run Windows XP Pro and have internal Atheros based

Hello everyone, I''m not sure whether to place my question here or in the racoon mailing list or even in that of iptables. I have created an ipsec connection with racoon in tunnel mode to another gateway to connect one subnet on each side to each other. This works fine. Only the ipsec gateway itself can''t send packages to the opposite subnet. Shorewall is configured according

Hi, I get this error when trying to insmod the ipp2p kernel module: "insmod: error inserting ''ipt_ipp2p.ko'': -1 Invalid module format" in the kernel log: "ipt_ipp2p: disagrees about version of symbol struct_module" Kernel version 2.6.20.4 iptables version: 1.3.5 ipp2p version: 0.8.2 (latest) Anyone tried ipp2p with kernel 2.6.20? Best Regards Niclas

Hi! I''m wondering whether anyone has successfully set up a bandwidth control system using ipp2p and shorewall. I have been able to drop connecions altogether, but I don''t seem to be able to get CONNMARK working with ipp2p. Any pointers would be greatly appreciated :) ______________________________ Mario R. Pizzolanti

Is the 192.168.1.2 an ip on the router? If yes, you''ll have to mark in OUTPUT, not PREROUTING, also, after you set up the rules and routes, did you an ip route flush cache ? I hope these works On Wed, 21 Jul 2004 20:02:32 -0700, Jens <jens@pacificsun.ca> wrote: > I have a particular problem that has caused me grief for some time now and > even though the answer is probably

I''m just looking for a quick sanity check to make sure what I''m finding is really all necessary here. I''m upgrading a gateway/firewall from Linux 2.4 to 2.6 using Mandrake 10.1. In the old 2.4 kernel I structured my firewall rules around the ipsec0 interface, which I understand isn''t present with Openswan running under 2.6 (no KLIPS). Ok, So as I start to

Hello! I need assistance to solve my problem related to traffic shaping based on the user ids. The problem: each unix user (of the linux host) has to be limited with incoming channel (internet) bandwidth. I need this to implement internet access solution based on ltsp (http://www.ltsp.org). As far as I know the best way to shape traffic in linux is CBQ. But there is no filter based on unix