similar to: FW outgoing connection with multiple public IPs

Which CPU is best for Shorewall, a PIII-450 Celeron or a PII-266??? ================================== Joakim Hellström Chief System Engineer United Computer Systems Scandinavia AB Klostergatan 56 S-582 23 Linköping, SWEDEN Phone 1: +46 (0)13 13 97 92 Phone 2: +46 (0)13 13 96 00 (recep.) Fax: +46 (0)13 13 97 35 GSM: +46 (0)708 13 97 35 URL: http://www.ucs.se

I''m building a 10 branch/1 headquarter network with Shorewall/Linux as gateway on all locations. The TI guy asked me if there is a way to ''cache'' TCP/UDP traffic between them. I crawled on Internet and I only find very expensive solutions for this. Some of them appeared in this comparison article: http://www.networkcomputing.com/showitem.jhtml?docid=1524f5 Does anyone

Hello all, After perusing the documentation, faqs, and mailing list archives, I have not been able to find a way to do the following. I''m hoping "you" can help. I want to transparently redirect all outbound SMTP connections to an SMTP server of *my* choice. This way, regardless of what a user on my network has set their SMTP server to be within their MUA, I will redirect

Okay, I wasn't going to try and fix up the messed up mail server I was given; however, I decided that I might as well try. Situation: The system has a Postfix MTA and uses Dovecot for LDA and Cyrus-SASL for SASL. That works fine. I decided that I wanted to switch over to Dovecot for SASL. dovecot is presently using MySQL for its database. I make the (I thought) necessary changes in Postfix

Hi list, This is my first post there. CONTEXT : -------------- I have a little lan behind a shorewalled box (internet) -- NET_IP [gateway] LOC-IP -- (lan X.Y.0.0) internet -> net zone connected to the gateway via a ppp interface lan -> loc zone connected to the gateway via eth1 NET_IP and LOC_IP are defined in shorewall params file GOAL : --------- i want to forward http and

Ok. I''m knocking down one problem at a time. I''ve managed to figure out how to bridge my tap0 and my eth1 with br0. This is good stuff. But if I have shorewall running, I can''t ping the local network at all. If I have shorewall not running, I can ping the local network. Here is my setup. Firewall/NAT box: eth0 - DHCP from cable provider eth1 -

Hello All, I have installed Shorewall 2.0.7 and configured , I am using masq to share internet for users. I have problem of perticular sites . I blocked site IP address. and succeeded but i have problem of Public proxy addresses , some user use anonymous proxy Ip and get thru it and use blocked sites. I blocked Public proxy adresses but it lot of them( I mean more than one public proxy

I've googled around and although I get a lot of hits about postfix smarthost authentication with ssl, I can not find out how to actually accomplish the task. I've read through smatterings of postings from Neophasis and the like searching for just the syntax and what file (I assume it's main.cf) I should be using; however, any smtpd_ lines I have tried result in postfix hanging and

Folks, I can''t keep this up. The demands that my job and my personal life are currently placing on me are such that supporing Shorewall to the extent that I have been doing is just not possible any more. I will continue to be active on the development list and will continue to develop Shorewall if at all possible. I will also continue to read the user''s list and will help

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adem has contributed a nice IP Subnet chart which I''ve placed at http://shorewall.net/pub/shorewall/contrib/IPSubNetMask.html Thanks Adem! - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

I recently installed Shorewall 2.0.9 onto my RedHat 9 linux system running the latest 2.4 kernel. I think I have everything working except for passive mode stuff and IRC DCC and fserve stuff. I am reading the postings and files and so, I hope I can figure those things out on my own. My question pertains to a proxy tunnel (httport) and host (htthost) that I use. The htthost is in my local zone

Hi, Summary of problem: Local mail on the firewall stopped working after installing shorewall Background yesterday I installed shorewall, based on the debian package from www.backports.org (which seems to be a 2.0.3 package) on an otherwise virgin debian woody set up. Configuration was done based on the two-interface setup. Kernel is 2.6.8.1 unpatched. A 2.4.23 kernel, with

I have an office setup with shorewall and when there''s bandwidth problems, I''d like to know who''s hogging my bandwidth and how (port). What would be the best approach to have shorewall show me something like: IP | Port | Bytes In | Bytes Out I have 20 PCs connected via DHCP. I looked at the documentation and thought that accounting may be close, but accounting

Hi, I need to running snmpd at shorewall gateway (1.4.10g). How to make the rules necessary to do it ? I have 3 interfaces, eth0 (public), eth1 (private) and eth2 (dmz). When I runnig mrtg, I have this message: --- cfgmaker gw-host@localhost > ~netbox-sp/eth0.cfg --base: Get Device Info on gw-host@localhost: SNMP Error: no response received SNMPv1_Session (remote host:

I am not a member of the mailing list. Shorewall version 2.0.9 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000

Hi, I''m trying to block Windows Messenger by Shorewall 1.4.10b, but I]m don´t have success. If the rules below, all access are blocked /etc/shorewall/rules # Windows Messenger Rules REJECT:info loc net tcp 1863 REJECT:info fw net tcp 1863 But if use the rules below, any access are allowed, why ???? /etc/shorewall/rules # Windows

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

On Wed, 2016-10-12 at 08:36 +0200, Paul Slootman wrote: > As always it's best to first upgrade to the current version (3.1.3) > if at all possible, as there's always the chance that the cause of > your problems has already been fixed. Good call, but I believe I may have ruled this out. I didn't upgrade to 3.1.3, but both sides are running 3.1.1 protocol version 31 now. Same

I *think* we are finally making some progress in tracking our elusive performance problems. After employing a second 10Mb link from our ISP, along with another firewall box and proxy, we were able to determine the problem *is* our firewall. We don''t know exactly why yet, but our sporadic slow web access seems to have gone away since swapping a new firewall in this morning. The

Having moved from a "cascading LANs" configuration to two independent LANs on eth0 and eth1, I still get some "state INVALID" for which I am not sure what the cause is. Can somebody help me understand its probable origin? Thanks, Costantino [see attachment]