similar to: multiple external interfaces

Dear all, Has anyone experienced this whilst running DRBD over eth1 between two CentOS 5.7 servers? eth1 is a private IP address, unroutable. eth0 is the public address. CentOS will reply sometimes once every 3 days or every 14mins~ saying "My public IP is on eth1" to arp requests when it's not, it's eth0. This freezes traffic and causes issues. We've looked at arp*

Hi, I have a question. I have a routeable /24 netblock including a server at a colocation and I would like to use tincd to tunnel part of that netblock to an internal network on another location being connected to the internet via gateway with DSL link and a single static IP address, so I can use public routable IP addresses on the local network. I have tincd 1.0 pre7 installed on both the local

Hi, We have configured several xen guest OSes on a server running SLES10. The physical server is a Sun 4200 with 3 NICs installed, configured, and working. Each of the xen guest OSes have three virtual nics, configured for RAC, Interconnect, and public IPs as follows; eth0 - public (routable and registered in DNS) eth1 - private (not routable, uses a seperate network subnet for

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this might seem like a classical problem but I''ve trouble getting this working correctly: # ifconfig ### output stripped down: eth0 Link encap:Ethernet HWaddr 00:50:FC:2B:EB:1B inet addr:192.168.5.220 Bcast:192.168.5.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:02:44:60:EC:58 inet

I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m

I added a virtual interface eth0:1 on one of my machines and suddenly networking breaks on startup of the system (eth0 is gone) when xend starts and runs the network-bridge script. This is supposed to be fixed according to: https://bugzilla.redhat.com/show_bug.cgi I checked and the network-bridge script contains this fix. It works fine on one of my PCs when eth0:1 is added, but not on this

Hi Tom (and others) encase you don''t know my network already ;) here''s a quick run down eth0 lan 192.168.1.1/255.255.255.0 eth1 wan1 172.30.7.4/255.255.240.0 eth2 wan2 202.37.230.93/255.255.255.192 eth3 wan3 203.96.213.73/255.255.254.0 I''ve got routes and rules for all the above interfaces :) I want to add another one, however I fear this might cause some issues I have

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

(I know that what I''m wanting to do can be done, but for some reason I can not get it to work for the life of me. I think I have been staring at it too long and too closely.) I have two different internet connections from two cooperating ISPs. I also have a small 8 block of IPs that are globally routable that both ISPs will route to me via my world facing globally routable IPs that

Hi again, I have now configured a 2.0.8 shorewall with two interfaces: interfaces: net eth0 detect loc eth2 detect masq: eth0 eth2 the interface eth0 has the 192.168.1.10 ip and its connected to internet the interface eth2 has the 192.168.2.1 ip and its conected to a router (CMTS - Cable Modem Termination System)

I forgot to include my masq file. It''s pretty straightforward: eth2 eth0 eth2 eth1 Cheers, Brian

Hello ! I am using shorewall , it is okey. Just i like to forbid edonkey as i did for kazaa using ftwall. Thanks. Wahid.

Hi, I have what to me is an interesting issue. I am wanting to prioritize (QoS) traffic that will be passing through an IPSec (OpenS/WAN) VPN between two (identical) Linux routers. I know that I can apply the IPSec patches (1-4) to the kernel and IPTables (if they are not already applied by now) filter traffic before and after IPSec encapsulation. My problem is that I don''t know

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. I have NAT working on 192.168.0.0. I want to feed a second subnet 192.168.21.0. What is the best way to implement it ? Thanks Varun

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external