Displaying 20 results from an estimated 10000 matches similar to: "Problem with 2.4.28 kernel config"
2004 Nov 20
5
Differences in masq from 1.4 -> 2.0?
In the panic of replacing our firewall(s) earlier in the week, we ended up
moving our original shorewall 1.4 config onto a machine with 2.0.10
already installed, overwriting all the 2.0.10 config files.
Most things seem to work fine, except for our masq entries. I''ve examined
the default 2.0.10 files compared with our 1.4 files, and can''t spot the
problem. What am I missing?
2004 Nov 27
6
Finally making some progress
I *think* we are finally making some progress in tracking our elusive
performance problems. After employing a second 10Mb link from our ISP,
along with another firewall box and proxy, we were able to determine the
problem *is* our firewall. We don''t know exactly why yet, but our sporadic
slow web access seems to have gone away since swapping a new firewall
in this morning.
The
2005 Jul 28
3
Routing for multiple uplinks/providers problem.
Been running this for quite a while and noticed that have intermittent
problems getting out.
Find that if I ping the same site from 2 computers it may work on one
and fail on the other.
Also was surprised that some time they are going out different
interfaces at the same time.
Seems to work all the time from the firewall.
Running 2.6.10 kernel with the multipath routing patches on a debian
2004 Apr 19
16
Firewall sizing guidelines?
I have just completed the installation of a new firewall running
Shorewall 1.4 on Mandrake 9.2 for our campus network. It appears to
be running fairly well so far, but is generating significantly more log
entries than our previous linux 2.0.x firewall...
Our previous firewall enjoyed more than 6 years of 24/7 operation with
no downtime before we finally decided it needed more horsepower, and
2004 Mar 16
4
split route questions
I am working on a split route and ShoreWall system. I reviewed the
lartc documentation but have a few areas that I still need help on.
Here is my network:
64.xxx.xxx.1/25 66.xxx.xxx.129/26
| |
#################################################
# Eth2 64.xxx.xxx.2 eth0 66.xxx.xxx.130 #
#
2007 Apr 18
1
[Bridge] Multilink + bridge + nat problem
Hi, I have a suspicious problem with multiple uplinks configuration.
First of all my configuration:
1) kernel 2.6.20.3
2) iptables 1.3.7
3) last iproute (for masked marks)
All wan interfaces are bridged (stp disabled) in only one interface
(wan0), all lan interfaces are bridged (stp enabled) in only one interface
(zlan0).
The wan0 bridge is to allow UPnP works.
To allow related
2004 Feb 10
22
Re: [Shorewall-newbies] specific log-prefix ... patch
Let''s move this to the Shorewall Development list....
On Tuesday 10 February 2004 03:14 pm, xavier wrote:
> here is a patch to allow this :
> |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp
>
> a problem with the patch is that now the logprefix is mandatory.
> i''m trying to debug it, but i can''t find the flaw.
Also, with
2010 May 04
7
Packet Not 100% Received
I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.
2004 Nov 26
6
Help! AllowPing not working
Sorry for the frantic nature of this message, but we need to allow pings on
our firewall so our ISP can test things. I''ve done this, and it still doesn''t
work: (I am now at v.2.0.10)
rules:
AllowPing net fw
AllowPing sls fw
show indicates some matches, so where are they?
Chain AllowPing (4 references)
pkts bytes target prot opt in out source
2005 Mar 23
9
multiple vpn connections out via shorewall
Hi All,
Just joined the list to try and solve a problem.
To show that I''ve read the rules I''ll start with the requested info
os linux kernel-2.4.27 with latest netfilter pom for gre and pptp conntrack
etc
iptables is 1.3.0 - downloaded and compiled with the pom stuff and the 2.4.27
kernel
shorewall version shorewall-2.2.1-2 from rpm
ip addr show
[root@squid3 root]# ip addr
2004 Oct 21
6
After shorewall restart NAT SMTP connection slow; reboot and it works fine
I recently implemented v2.0.9 using ''shorewall setup guide'' 2004-07-31.
Starting with block everything not known to be in use and opening ports
as complaints come in. This has led to a few rule changes. After a
rule change I use shorewall restart to reload the rules. Seems to work
OK... except for an outbound NAT SMTP connection from a mail server on
.122 to postini.com. The
2005 Mar 07
10
DNS Name problem with mail server on LAN
Hi,
I have a big "name problem" with my internal mail server (10.0.0.152).
It is "seen" on the internet through DNAT (213.58.230.27). Also there is a
MX record pointing to the machine. Everything works fine from the outside.
However i can''t set the mail clients on the lan pointing to the mx record,
because this one points to 213.58.230.27 and the firewall
2004 Nov 25
5
newnotsyn responsible for sporadic delays?
Has anyone encountered a situation where packets dropped by the
newnotsyn chain can result in sporadic browsing problems, slowness, and
even timeouts?
I noticed that of the 3300 hits for newnotsyn in our current log (6 hours
worth), over 2700 of them were to/from our proxy servers. And browsing
through them, most *appear* to be otherwise valid packets from remote
web servers that would have
2012 Mar 12
8
CentOS6/RHEL6 - net.nf_conntrack_max not applied
2004 Dec 09
6
Can''t allow ICMP to firewall?
Hello,
I am stumped on a problem I am having with Shorewall 2.0.1 on Mandrake 10.
My setup is as follows. I have a /28 and have assiigned all ip addresses to
my firewall using aliases. I am able to setup rules to allow specific
traffic to specfic ip addresses on the firewall like so:
ACCEPT net:w.x.y.z $FW:w.x.y.z tcp 22
This works great for TCP and UDP traffic. I can
2004 Nov 17
9
Serious stability issues
We have encountered a number of problems with our firewall recently,
and the past 24 hours have left me quite concerned. Here is what we are
seeing:
1. Original firewall, a PentiumPro/200 with 96Mb RAM, serving approx
500 client PCs for a 10Mb internet connection. Running Mandrake 9.2, we
began seeing severe swapping a few weeks, with kernel mem usage
exceeding 200Mb. Given an ip_conntrack
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2005 Mar 07
2
Bandwidth Meter/monitoring
Hi to all. I would to ask if there''s way in shorewall that I can be able to check my bandwidth, if im really getting what I paid for. Second, Is there a fast and effective way to implement traffic shaping with shorewall. Many thanks
Jan
---------------------------------
Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now
2007 Aug 20
6
have to restart shorewall after a dynamic IP change
Hi,
I''ve to restart shorewall when my dynamic IP was changed from my ISP.
Of course i can with a shell script do it automatically, but the
question is still there.. why ?
mess-mate
--
"I understand this is your first dead client," Sabian was saying. The
absurdity of the statement made me want to laugh but they don''t call me
Deadpan
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
Hello all,
Yesterday I noticed that my system was "leaking" traffic towards the
10/8 network, I have shorewall installed on multiple machines ranging
from single interface devices to ones with 10+ interfaces. I tested all
the boxes and they are showing the same behavior.
All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp.
Shorewall version: 2.2.1
For the host mentioned is a single