similar to: Help! AllowPing not working

I *think* we are finally making some progress in tracking our elusive performance problems. After employing a second 10Mb link from our ISP, along with another firewall box and proxy, we were able to determine the problem *is* our firewall. We don''t know exactly why yet, but our sporadic slow web access seems to have gone away since swapping a new firewall in this morning. The

In the panic of replacing our firewall(s) earlier in the week, we ended up moving our original shorewall 1.4 config onto a machine with 2.0.10 already installed, overwriting all the 2.0.10 config files. Most things seem to work fine, except for our masq entries. I''ve examined the default 2.0.10 files compared with our 1.4 files, and can''t spot the problem. What am I missing?

Hello, I am stumped on a problem I am having with Shorewall 2.0.1 on Mandrake 10. My setup is as follows. I have a /28 and have assiigned all ip addresses to my firewall using aliases. I am able to setup rules to allow specific traffic to specfic ip addresses on the firewall like so: ACCEPT net:w.x.y.z $FW:w.x.y.z tcp 22 This works great for TCP and UDP traffic. I can

We are seeing the following in our logs: Nov 25 16:21:41 fw kernel: martian source 139.142.66.253 from 10.0.0.199, on dev eth0 Nov 25 16:21:41 fw kernel: ll header: 00:a0:c9:60:0e:b2:00:02:7e:21:0e:dc:08:00 00:a0:c9:60:0e:b2 is the mac of our firewall interface on IP 139.142.66.253. 00:02:7e:21:0e:dc is the mac of our Cisco router on IP 10.0.0.1 10.0.0.199 is a Cisco switch - we have about

I'm building 3.0.14a on Mandrake 10.2, trying to use the same config as my other servers (3.0.11), but ACLs are not working. In checking the outout of smbd -b, I see this line is missing: System Headers: HAVE_SYS_ACL_H .... But I am specifying ./configure --with-acl-support ... Adding an acl using 'setfacl -m 'NTDOMAIN+NTUSER' file does successfully add an ACL for the NT

I just recompiled a plain vanilla 2.4.28 kernel, and used the Shorewall.net kernel config as a guideline. For some reason, I get this: Nov 30 12:05:34 fw shorewall: Shorewall has detected the following iptables/netfilter capabilities: Nov 30 12:05:34 fw shorewall: NAT: Available Nov 30 12:05:34 fw shorewall: Packet Mangling: Available Nov 30 12:05:34 fw shorewall: Multi-port Match:

We have encountered a number of problems with our firewall recently, and the past 24 hours have left me quite concerned. Here is what we are seeing: 1. Original firewall, a PentiumPro/200 with 96Mb RAM, serving approx 500 client PCs for a 10Mb internet connection. Running Mandrake 9.2, we began seeing severe swapping a few weeks, with kernel mem usage exceeding 200Mb. Given an ip_conntrack

I''m re-reading the section on dns names in the shorewall docs: "I personally recommend strongly against using DNS names in Shorewall configuration files. If you use DNS names and you are called out of bed at 2:00AM because Shorewall won''t start as a result of DNS problems then don''t say that you were not forewarned." Having been stung by this a few times

Ok, I''ve flogged this issue probably longer than some of you can stand by now. (remember, I''m the nut trying to use a PPro200 to support ~500 users on a 10Mb internet link :o) To appease those who think I''m nuts, I am ordering a new firewall shortly to allow for future growth. (probably a Dell PE750 with P4/2.8 and dual GE nics.) However, since I have yet to prove

I'm sure there is a simple solution to this one... how do I make the printers share go away? I have no printers, and no [printers] section. I tried adding one, and making it browseable=no, but it still appears. This is on v 3.0.11 and 3.0.14a -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca swright@sls.bc.ca

A problem has arisen with the way samba handles file creation dates compared to NT/win2k, which prevents xcopy /d from working correctly. On NT/Win2k, files copied from another NT machine using xcopy end up with the modified dates equal to the original modified date of the file, and the created and accessed dates become the date of the xcopy operation. On Samba, files copied from an NT

I have just upgraded two of our samba boxes to 2.2.8 and ended up with partially broken winbind after the upgrade. The machines are slightly different, and so are the symptoms, so here goes: System 1: Was at 2.2.3 compiled from source Feb4/02, using options: "./configure --with-winbind --with-acl-support --with-quotas". Running on RedHat 7.2, installed from SGI's XFS installer

I have just completed the installation of a new firewall running Shorewall 1.4 on Mandrake 9.2 for our campus network. It appears to be running fairly well so far, but is generating significantly more log entries than our previous linux 2.0.x firewall... Our previous firewall enjoyed more than 6 years of 24/7 operation with no downtime before we finally decided it needed more horsepower, and

If you can see the server, but not shares, you most likely have not published any directories. What version of the BE agent are you using? I've noticed 4.6 works well (the install actually works well and will walk you through the setup to publish the directories to be backed up). It's often easier to just publish root (but exclude /proc /tmp). Also, I've found out that in the hosts

It''s now been over a week, and we are nearly at wits end trying to track down our performance issues here. We now have a P3/667 (single CPU! SMP was definitely the source of previous lockups) with 256Mb RAM. It is running along with a load avg of less than 0.1 even at peak times. Max ip_conntrack is around 1500-2000. Sounds fine, but, we have also tried 3 different squid proxies (2

On 11 Aug 2005 at 14:40, samba@lists.samba.org wrote: > Way back on Mar 10 2004, I wrote this: > > ========== > Perhaps this is a known problem, and if so, hopefully it is fixed > in 3.x: > > Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL > support with > XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). > > Adding/editing an ACL for

Has anyone encountered a situation where packets dropped by the newnotsyn chain can result in sporadic browsing problems, slowness, and even timeouts? I noticed that of the 3300 hits for newnotsyn in our current log (6 hours worth), over 2700 of them were to/from our proxy servers. And browsing through them, most *appear* to be otherwise valid packets from remote web servers that would have

>From: "Shawn Wright" <swright@sls.bc.ca> >Subject: [Shorewall-users] Finally making some progress >I *think* we are finally making some progress in tracking our elusive >performance problems. After employing a second 10Mb link from our ISP, >along with another firewall box and proxy, we were able to determine the >problem *is* our firewall. We don''t

Hi to all. I would to ask if there''s way in shorewall that I can be able to check my bandwidth, if im really getting what I paid for. Second, Is there a fast and effective way to implement traffic shaping with shorewall. Many thanks Jan --------------------------------- Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now

Perhaps this is a known problem, and if so, hopefully it is fixed in 3.x: Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL support with XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). Adding/editing an ACL for an NT domain group to a folder on samba, and attempting to apply permissions to all subdirs and files only goes one level deep when using the win2k standard gui tool.