Displaying 20 results from an estimated 20000 matches similar to: "ipip setup issues"
2004 Dec 30
3
IPIP Tunnel
Hi guys,
I''m trying to setup an IPIP tunnel between a Cisco router and a firewall
running Debian GNU/Linux Sarge with Shorewall 2.0.13.
I''ve read and implemented the http://shorewall.net/IPIP.htm document,
but I don''t understand why there should be at the same time a "tunnel"
and a "tunnels" script.
Shorewall still refuses to let the
2004 Aug 13
2
Problem setting up Shorewall with 2 public IP''s
Greetings.
I run an Amateur Radio system (ampr.org) that requires 2 public ip''s on a RH 9.0 box. The primary one is 209.52.173.97 and is used for connections to the normal linux system and the usual apps such as web, ssh, smtp, etc. The secondary address is 209.52.173.98 and is routed via a pseudoslip link to the systems ampr address of 44.135.163.21. This setup takes place in the
2007 May 19
2
ipip/gre tunnel behind NAT environments.
Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ?
i''m trying to make both side tunneling with ipip or gre with private address
just like belows..
A -------------------FIRWWAL -------------------INET ------------------- B
PRIVATE PUBLIC PUBLIC
(10.100.0.1) (211.xxx.xxx.xxx) (
2003 Feb 27
3
Unknown commments in shorewall status.
I wonder if someone can tell me what these ''unknown'' remarks mean in my
status file. They are only in the last portion of the file and are listed
below. If they mean nothing, I will rest easy. But if not it means
I need to fix something. Your thoughts would be appreciated.
----------------
udp 17 92 src=24.224.173.220 dst=24.222.0.75 sport=1027 dport=53
src=24.222.0.75
2002 Dec 02
1
ipip and nexthdr
After carefull reading (LARTC) and experimentation, I am in a dead
end...
I am using several IPIP tunnels (linux ipip module, IP protocol 4).
I''d like to filter packets going through these tunnes to different
classes, on the ingress device, based on source and destination IP
_INSIDE THE TUNNEL_.
First I tried the nexthdr bit. As explained in LARTC, nexthdr jumps to
the next header
2004 Aug 30
3
[Bug 98] state ESTABLISHED allow ipip tunnels
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=98
netfilter@linuxace.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter@linuxace.com
Status|ASSIGNED |RESOLVED
Resolution|
2011 Jul 21
42
Problem With OpenVPN Connectivity
Hi,
I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the
VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in
Slackware 13.1 using the same Shorewall version and files, the ''interfaces'',
''policy'' and ''zone'', are all I have configured, it was working and this also
works in Arch at
2004 Jan 07
1
Forward some traffic to VPN
Hi. I am trying to force some traffic that goes to address 203.7.93.94
through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one
machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use
the same shorewall and freeswan).
I have successfully set up a tunnel between the two network (using a
point to point topology, not hub).
I added a static routing that redirect
2004 Dec 11
5
Problem report -- shorewall 1.4
Hello list,
I wish to report a problem with openvpn tunnels.
Synopsis: Despite adding policies to the shorewall policy file, I have
to add extra rules to allow the UDP port 5000 packets to get through.
I have used no particular setup guide.
I believe this problem goes away with shorewall 2.0.9, as I have
implemented openvpn with that version on a different machine, and I see
no UDP:5000 packet
2004 Sep 24
10
hopeless - smb over bridged firewall
Dear List!
I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection
to the Internet (ppp0 - eth1 to the modem) and a bridge to the local
lan. The bridged config i''ve made with bridge.html from the shorewall
site. The Bridge is between local net and a openvpn tap device. This
works. I ccan make tunnels, and a can make a lot of things through the
firewall. I can get a list
2005 Apr 26
13
IP Tunneling
Hello
I have /25 addressed on a box (virtual devices on eth0) and I want to
tunnel some of these addresses to my home network. One address to my
gateway (a.b.c.d, external IP) and one address to my internal network
(192.168.0.0/24-style). I will use the tunnels for irc, smtp and surfing.
What protocol and which technique is easiest and best to use?
One more thing. I don''t want to set up
2006 Jul 26
1
IPSec tunnel mode, through a IPIP tunnel
Hello Gurus,
I am a small problem with routing and here are the details.
Interfaces on my server:
* ipsec0 - 172.19.58.94
* tunl0 - 172.19.58.94
* eth0 - 172.19.58.94
Now, the problem is that there is another host 172.19.58.200. All
communication to 172.19.58.200 should be through tunl0, and all the data
should be secured using IPSec (tunnel mode - because there are more
machines on my
2004 Jul 23
4
shorewall 2.0.3a, (ULOG) doesn''t log anything
Dear all:
Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the
firewall is running, but nothing is printed on the logs.
I try, for example, to do a connection to a port that is opened on the
server but closed by the FW and I get a connection refused. If I stop
the firewall, this port is accesible from the outside.
I think I''ve followed all the steps on
2005 Feb 02
1
Masq errors?
Hi all,
I have a problem with a new Shorewall box I''m trying to migrate from
iptables rules to shorewall 2.2.0.
I have a 3 interfaces setup:
- eth0 ---> internet (ip address)
- eth1 ---> remote office (10.0.0.0/8)
- eth2 ---> lan (192.168.16.0/24)
I''m using a very simple and common setup, with just a few DNAT rules in
my /etc/shorewall/rules file, and about twenty
2005 Feb 21
12
NAT
Hello,
I installed my linux server for 3 months now. It does almost everything
(dns, web & mail server, firewall ...).
I just encounterd two problems with the firewall: behind this server
there are 2 computers: i got emule on one and msn on the other. The
problem is that I can''t configure well the firewall fore these 2 rules.
I''ve added DNAT rules but it
2008 Jan 10
5
Want to log all ISP traffic to ULOG
I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate
NetFlow information about traffic going through my router. The question
is how to get the logging rules added to the appropriate chains (I''m
assuming eth2_in and eth2_out in my case)? I''m using the perl version
of shorewall 4.0.6.
--
Orion Poplawski
Technical Manager 303-415-9701
2007 Jan 05
18
GRE over IPSec VPN
Hey guys I''ve been beating my head on this for a few hours. Maybe it is
just a stupid configuration error you can point me at. First here is a
small diagram of what I am trying to configure:
http://6bit.com/img/netdiag.png Currently I only have Shorewall running on
the host on the right of the diagram until I can get this working then I''ll
add it to the other host as well.
2003 Apr 17
9
VPN Tunnel
Hi Tom,
I nearly completed the test and installation related to
http://www.shorewall.net/PPTP.htm.
However, there is no serious problem when it is operated as it is in the
general companies, but there is Client Program for MS-Window that is
operated only by Public IP. So I am very concerned about it.
I would like to use Internet through Gateway in (B) as local
computers in (A) receive Public
2002 Mar 17
2
ulog support in shorewall?
Hi,
I''ve just recently switched off my (lame) hardware firewall onto an
old box running linux 2.4.18, iptables 1.2.6 and shorewall 1.2.9. I''m
kinda new to linux firewalling myself but so far Shorewall has taken
much work from me.
While reading myself into iptables I saw that just recently something
called ULOG (userspace logging) has been implemented in newer kernels
and
2007 Jul 26
3
Definitive way to aggregate bandwidth using multiple links
I always used multiple links from different ISPs and in my
oppinion the best way to really aggregate bandwidth is using some kind
of proxy which the client connects to and distribute multiple
connections to the links.
Years ago, a friend of mine wrote Netsplitter:
http://www.hostname.org/netsplitter/
but it''s outdated, abandoned (last version from 2002). And it
was mainly written for