similar to: Proxy Arp

Hello Tom, I am not sure if you can help with this but I am at my wits end. If you hit this site and do a force refresh (ctrl + F5) the site will time out and lose connections. Do the same on port 443 and it does not time out??? The web site I am reffering to is www.tituswill.com I think the only problem is port 80. Do you have any idea how to diagnose this I have sent a dump of just

I noticed the long standing Ipsec FSwan problem was fixed. But do you still have to make sure Ipec is not running when shorewall starts Reason I ask Is I could not get my Dmz working with Ipsec in the equation. Thanks Mike

In an effert move my Dmz from a snapqear roouter to Linux with shorewall. Question is I have network 64.42.53.200/29 which makes default gw 64.42.53.201 network 64.42.53.200 broadcast 64.42.53.207 mask 255.255.255.248 and I want to set up shorewall with eth0 64.42.53.202 eth1 local eth2 dmz where dmz will use say 64.42.53.203 for web and email server. Where I do not need or should I say use

After installing Zebra for ripd to get win2k routes I am getting this May 20 23:24:20 ns1 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=64.42.53.202 DST=64.42.53.207 LEN=92 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=72 May 20 23:25:25 ns1 last message repeated 3 times I am new to zebra, so I am assuming that this is broadcasting to windoz for routes weird !!!

I have had a web server listining sql-1433, www 80, ftp-21 using proxy arp with sub-netting in a three interface DMZ. All these ports are in the rules file as ACCEPT. With one exeception that 1433 allows a few host from the net. 21 and 80 allow all net to dmz connections. The policy is DMZ to net ACCEPT This has been working great for about a month or more until I rebooted the

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

I''m trying to setup Shorewall 2.0.8 with the one-interface settings on my LFS (kernel 2.6.5) system. I''ve read the troubleshooting guide, recompiled my kernel with just about every netfilter/iptables module I could find, but I''m still getting this error: # tail /tmp/trace + prefix=Shorewall:smurfs:DROP: + ''['' 22 -gt 29 '']'' +

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

Hi everyone. I am so baffled by the following problem: Office 1 is using ADSL and it is building a VPN tunnel with IPSEC to Office 2. Both ends are using shorewall/freeswan firewalls. Diagram: Office1 fw --- VPN TUNNEL --- Office2 fw --- cisco router ----- VLANS | DMZ Office 1 has the following interfaces: 2: eth0:

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my

Hi, still trying to understand one thing. I would definitely like to tell iptables to accept all packets coming from remote vpn only if they hit the $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working, looks like ipsec0 device doesn't exist or it is not recognized. I red on the Openswan users list, that Linux kernel 2.6 native ipsec don't create ipsec* interface (if I am

Paul Whittaker <paul.whittaker <at> drisq.com> writes: > > > Hi Arnaud, > Great to hear this is an isolated case; hopefully it means we've > found a bug we can help solve. > On 27/11/12 22:50, Arnaud Quette wrote:please send the log here, in compressed form. > are the photos taken with a still cam? > please put

------------------ ---------| external ip eth0 | ---------- -------------------------- | |--------------------------- | -------| Internal IP eth1 | -------------------------- | |-------------------------- ---------| external Ip eth2 | ---------- -------------------------- i want to put web and ftp traffic

------------------ ---------| external ip eth0 | ---------- -------------------------- | |--------------------------- | -------| Internal IP eth1 | -------------------------- | |-------------------------- ---------| external Ip eth2 | ---------- -------------------------- i want to put web and ftp traffic to

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

/var/log/maillog showed this Oct 19 13:25:41 ns1 postfix/smtpd[1298]: 7599A2C19C6: client=unknown[127.0.0.1] Oct 19 13:25:41 ns1 postfix/cleanup[1085]: 7599A2C19C6: message-id=<edc55a9b-eb49-3945-dc60-0e1d51a78e97 at nbmlaw.co.uk> Oct 19 13:25:41 ns1 postfix/qmgr[1059]: 7599A2C19C6: from=<matthew.broadhead at nbmlaw.co.uk>, size=3190, nrcpt=1 (queue active) Oct 19 13:25:41 ns1

Op 10/20/2016 om 7:38 PM schreef Matthew Broadhead: > do i need to provide more information? > It still doesn't make sense to me. I do notice that the version you're using is ancient (dated 26-09-2013), which may well the problem. Do have the ability to upgrade? Regards, Stephan. > On 19/10/2016 14:49, Matthew Broadhead wrote: >> /var/log/maillog showed this >>

are there any instructions or tests i can make to check the sieve configuration? or does the magic all happen internally and there are no settings to change? On 21/10/2016 10:22, Matthew Broadhead wrote: > the server is using CentOS 7 and that is the package that comes > through yum. everything is up to date. i am hesitant to install a > new package manually as that could cause

it seemed like a simple configuration issue. i was hoping someone could point me in the right direction. seems i was wrong. i may as well unsubscribe this list as there is not much help here On 02/11/2016 18:29, Matthew Broadhead wrote: > is there something more i need to be doing my end? > > On 25/10/2016 09:11, Matthew Broadhead wrote: >> are there any instructions or tests

I am attempting to create an ipsec tunnel between two CentOS 5.1 systems, network-to-network with two different 192.168.xxx.0/24 LAN segments. I have gone through the documentation on the centos web site, and have the machines to the point where the /var/log/messages show ``IPsec-SA established'' on both machines after runnig ``ifup ipsec0'' (same ipsec0 on each machine). IP