similar to: vlan and shorewall

Hi everyone. I am so baffled by the following problem: Office 1 is using ADSL and it is building a VPN tunnel with IPSEC to Office 2. Both ends are using shorewall/freeswan firewalls. Diagram: Office1 fw --- VPN TUNNEL --- Office2 fw --- cisco router ----- VLANS | DMZ Office 1 has the following interfaces: 2: eth0:

Hi! REDIRECT lan 3328 tcp www - !192.168.0.0/29,10.0.0.0/16 This rules redirect all traffic web to proxy but howto exclude 1 ip from redirect ?? REDIRECT lan 53 tcp domain - REDIRECT lan 53 udp domain - And in this case howto exclude some ip ? Thx.

why say: Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Not available not available ? modules is loaded. or for rule = 0 ? TC_ENABLE=Yes say Error: Traffic Control requires Mangle

My actual scenario is: -Hundreds PCs in a internal network (fixed IP), divided in +- 6 different subnets -A +- 6 customers with leased lines -A Cisco Catalyst 4006 connecting groups of PCs to corresponding customers (imagine a Call Center company) -Works fine. The problem: Frequently, it''s necessary to migrate dozens PCs from a customer to another. You know, change all IPs and

Hi, 1. We have 20+ VLANs behind shorewall firewall. We would like to distribute the Internet bandwidth to different VLANs having minimumm, typical and maximum values based on IP ranges after NAT e.g., 172.17.4.0/24. What rules need to be created to do so? 2. We also would like to time the access of internet of some of the VLANs, i.e., 172.17.4.0/24 should be allowed to access the internet only

Well.. I''ve been using shorewall since a few years now, but the first time involved in making it work with (a lot of) vlan''s. The problem is, we''ve got approx 70 vlan''s on a switched cisco network, working fine. The only ''problem'' is the time it takes when we do a shorewall restart.. Each vlan is configured as a separate interface and

Hi all, I some vlan routing problem, I''m using a linux box with an 8021q kernel. I have connect eth2 ethernet controller from linux box to a switch port that carry for vlan tagged as 2 3 4 5, I''m able to connect to the internet from vlan but not to route traffic between vlan, this is the output of ifconfig -a: eth0 Link encap:Ethernet HWaddr 00:A0:24:50:E5:B2

Hi, I don''t know any other group of routing gurus like the members of this list, so may be you can give me some hints. I do have a shorewall firewall up and running, openvpn is installed on this server too and is working fine so far except one new situation: I have set up a new local vlan, which I can access from my other local vlans, but not from the opnevpn-vlan. All "old"

hi, while stopping shorewall 4.5.21.2 on a debian7 box with the ADMINISABSENTMINDED set to no in shorewall.conf, the connections on vlan tagged interfaces that were active before the shorewall stop command was executed are not terminated as it is for the firewall and other interfaces! when the firewall is stopped as expected new connections on vlan tagged interface are refused but even

Ok -- I''ve recovered from the brain cramp that resulted in the hack that I sent out earlier (I plead guilty to the charge of "Watching the Super Bowl and designing the change at the same time"). The version in CVS (Shorewall project) should fix the VLAN problem. -Tom Tuomo -- the ''large complex change'' turned out to be 8 lines :-) -- Tom Eastep \

Hey guys, I have a question regarding shorewall and vrf functionality. I have shorewall 3.4.8 and kernel 2.6.24-gentoo-r8 I have tried to use iproute2 (ip route and ip rule) to establish multiple routing tables. The biggest problem seems to be, that I cannot add interfaces such as vlan interfaces to the routing table. My target is that linux takes attention of on which vlan interface

I just added 802.1Q VLAN support to redhat initscripts. And after support was ready, I tried to restart shorewall. Well it blew into pieces. Seems like shorewall can''t handle device names like: eth0.3 very properly. That''s default naming of vlan devices. eth1 is master device and 3 is id of my test vlan. So when I added to interfaces line: home eth0.3 detect seems like

Ok here are all the information the website said I should include first: [root@residents root]# shorewall version 1.4.8 [root@residents root]# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100

Hi, in my lan I have two firewall, fw1 is the first and manage inte-vlan routing. Fw2 manage internet and dmz. fw1 and fw2 have an interface (eth4 for both fw2 and fw1) on the same subnet that permit to the host behind fw1 to reach internet, my problem is on fw2: eth4 is the NIC that connect fw2 and fw1, I would''t like masquerading hosts behind fw1, so to eth4 of fw2 arrive all

Hi there, can anyone point me to the docs needed to support Tagged Vlans through Shorewall. I might just be blind or my understanding of Tagged Vlans isn''t good enough yet to find it. Axel

In addition to the Beta 1 content, this version corrects numerous problems with VLAN devices of the form $dev.$vid (e.g., eth0.1). Available from: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

Hi All It''s about time to upgrade my shorewall routers again so thinking of possible changes. In our main office have managed switches and 5 xen servers. I''m thinking of running the firewall/router under xen. Don''t have all the details figured out but this is roughly what I''m thinking of: Set up separate vlan for the two isps and plug isps into the switch.

hi i''ve not found many hints on shorewall/ucarp/conntrackd topic. i''m sharing this with the list, so that i''m able to search and find it the next time. :) i''ve setup 2 identical systems with shorewall, ucarp and conntrackd in an active/backup way. ucarp just calls ifup/ifdown, all network configuration is maintained in /etc/network/interfaces (Debian),

Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for helping with updating the sample configurations. New in 1.3.14: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Problems Corrected in version 2.0.9 1) Previously, an empty PROTO column or a value of "all" in that column would cause errors when processing the /etc/shorewall/tcrules file. New Features in version 2.0.9 1) The "shorewall status" command now includes the output of "brctl show" if the bridge tools are installed.