similar to: Time-based rules

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, ok here is my question, I have 2 ISP''s connected to the firewall, and I already set up th routing tables, I have a 256k and a 1.5m connection, and I want a couple pcs from the internal network to masquerade through the 256k connection and the rest through the 1.5m connection, how do I setup this on shorewall??? I am not subscribed to the

hi, it seems wine aint using my linux hostname so how do i know what hostname is using? There used to be a config file with the network settings but I dont know how that works now.. thanx

Hello, is it possible to configure Shorewall for different network environments? I am using it on a single Linux computer. When I am at home, I am using an internal IP address (192.168.0.X), and when I am using my cable modem, I get an internet IP assigned. I now want to be able to use Samba/Windows Filesharing when at home and to disable it when I am using my computer directly on the net.

Tom, I was upgrading a remote firewall, when upon restart, shorewall found a rule with a wrong zone and decided to not continue and stop itself. The problem now, is I cannot access that firewall over ssh anymore. One suggestion would be to instead of "shorewall stop" to have a basic emergency rule with only ACCEPT:info all all tcp ssh rule instead with DROP all policy. Shorewall could

good day to you i have compiled evertything related to ip tables as modules, but still i get this error when trying to use /etc/shorewall/routes can someone tell me the spicific module i need to have? here are my info intranet linux # shorewall version 2.4.2 intranet linux # uname -a Linux intranet 2.6.12-gentoo-r10 #10 SMP Sun Sep 11 15:01:49 SAST 2005 i686 AMD Athlon(tm) XP 2400+

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hello, I am fitting a coxph model with factors. I am running into problems when using 'survfit'. I am unsure how R is treating the factors when I fit, say: > DATA<-data.frame(time.sec,done,f.pom=factor(f.pom),po,vo) > final<-coxph(Surv(time.sec,done)~f.pom*vo+po,data=DATA) > final.surv<-survfit((final), individual=T,conf.type="log-log")

H, I am using libvirt from maven using a nexus proxy pointing to http://www.libvirt.org/maven2/ It downloads the jar fine but is expecting libvirt-0.5.1.pom (and ...sha1). In the proxy only the jar appears. When I download and rename the pom to my local .m2 cache my build works fine. Is this a bug in the distribution of libvirt in its maven repo or is my dependency wrong somehow? Kind regards,

Hi I am try to write rpm spec for install tomcat on a linux machine.But while build the rpm i found following error + /usr/lib/rpm/find-debuginfo.sh --strict-build-id /home/rpmbuild/BUILD/Install_tomcat-1.0 extracting debug info from /home/rpmbuild/BUILDROOT/Install_tomcat-1.0-1.el6.x86_64/usr/local/jdk1.7.0_13/lib/visualvm/profiler/lib/deployed/jdk16/linux-amd64/libprofilerinterface.so ***

I have an internet router powered by gentoo+shorewall2.0.7+adsl(pppoe) but my clients(and gateway) cant access some websites----these sites must be okay,other sites are okay. The I believe it is caused by MTU or MSS, but I have no idea yet. Btw, the unaccessable sites are dynamic, it says: today I cant access www.oracle.com nextday I redail--to get another ip,I can access www.oracle.com. Help!

Hi I know I still need to learn a lot about firewalls so if I''ve missed some doc I should have read don''t hesitate to point it out to me. I have set up shorewall on my desktop and my laptop and everything appears to be working fine but now I''d like to allow certain services (like shh, rsync, unison, http) between these two PC''s. My LAN looks like this:

Hello, Could someone with the requisite shorewall expertise please help me? Here is a description of my problem. I dial in to my ISP using kppp. It seems to establish a connection just fine. However, only a handful of bytes are exchanged. I must then become ''root'' and issue ''shorewall start'' in order to get the Internet connection to work normally. Once

I'm trying to install MS office 2007 standard trial using Playonlinux on Wine 1.3.8. I need to install stuff like MSXML, .net 2 etc... but when I start installing them, a dialog pops up saying 'choose a prefix to patch'... and the list below is empty. If I forward the dialog just closes.

Hi, I''m having problems with this configuration: iptables 1.3.7 (vanilla or repackaged for fc5) kernel 2.6.19 (vanilla) ROUTE 1.11 (last pom-ng) layer7-filter 2.6 (last in sf.net) connlimit (last pom-ng) When I try to use -j ROUTE in any chain in mangle table I have this error: [root@myhost ~]# iptables -v -t mangle -A POSTROUTING -p tcp --dport msnp -j ROUTE --gw

Trying again, after re-subscribing: On 11/20/06, Bob Beers <bob.beers@gmail.com> wrote: > Hello, > > I want to dynamically create DNAT rules for > RTP streams (port-mapping for a SIP proxy). > > If my proxy adds the rule before the first packet > of the RTP stream hits the port, all is well. But, if > the stream begins arriving before my rule is in > place,

Hi I would like some helpand advise on icecast configuration. I hope I suscribed on the correct list... Zissis -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/icecast/attachments/20061110/358eb66e/attachment.htm

I have a linux box with kernel 2.4.22 and iptables 1.2.9 First, i patch linux kernel with Norbet Buckmuller''s .diff #cd \usr\src\linux #patch -p1 < imq-combo-debian-2.4.22.diff All correct Second, i -try to- patch iptables (following www.linuximq.net/faq.html) #cd /usr/src/linux/net/ipv4/netfilter I edit IMQ.pom-ng.patch and replace $KERNEL_DIR with /usr/src/linux #patch

I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as my main firewall. It is running a home-built 2.6.9 kernel with the ipsec-netfilter and policy match patches. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hi, I''ve been wondering if anyone has thought of a way to differentiate between an established http download and interactive http traffic? I would like to give interactive http traffic priority over someone downloading large files. Has anyone any ideas how to detect packets that are part of a download like this? Thanks. _______________________________________________

Hi all I am using a pass trhu router and I need to QoS some clients output by its IP address. The problem is that QoS is due after NATing. Is there some clever way of doing this besides MARKing every packet with some IP hashing in POSTROUTING NAT table? Regards Ethy