similar to: Intermittently denying access to webshop

Hello all, Running the "ancient" 1.4.7-RC1 version I have a problem with port forwarding. I have for a number of external fixed IP addresses forwarding to an internal terminal server - this works :-) DNAT net:111.22.33.44 loc:192.168.1.11 tcp 3389 DNAT net:222.33.44.55 loc:192.168.1.11 tcp 3389 Now I need to forward port 80 from one external address to an

Hi everyone, Sorry for asking OT here, but I need your expertise :-) I am running a standard 3 I/F net, dmz, loc Shorewall 1.4.7 on a RH 9 server In the DMZ I have a web shop running with DNAT from the external address to the DMZ - this all works I want to add a develop server in the DMZ with external access so I set this up as per the live server and from internal network it works, but from

I am faced with a network that needs to autoswitch to isdn should T-1 go down. After a shorewall search it looks to be quite a deal with routing config with linux. Like scripts written to deal with knowing the T-1 is down. I looked into a cisco router that does this. around $3000 This network has used shorewall as the gateway for 4 years now. Currently Fedora as op. system. It appears to me

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hi I am looking at converting a Linux terminal server box to iptables using Shorewall 2.0. (At the moment it uses ipchains). The server currently has scripts which are called as each user logs in which run a series of "ipchains" commands to set the access rights for that user (and again to cancel them when the user logs out). My plan is to replace these scripts with ones that call

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

Hi gang, I''ve got a problem with shorewall, it keeps dropping packets when it should be DNATing them. I want all connections on a tcp port 4662 to be forwarded to a machine on my network (192.168.0.5) - the port is used for mldonkey (P2P app). It seems to be partially working - loads of packets are being DNAT''ed but some are not - I cant figure out why! The firewall

Shorewall version 2.2.1 2 Interface setup. eth1: 10.10.1.3 eth0: 192.168.1.2 modem is 192.168.1.1 I need to be able to connect to my adsl modem, but when shorewall is up I get connection rejected. I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop # RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection rejected Is there

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

Hello all, I''m setting up (for the first time) IPsec and have a question I need to allow another location access to a specific server in our local network, and deny access to all other servers I have followed Tom''s IPsec tunnel guide and setup a vpn zone, but I don''t want to allow all traffic in both directions so I haven''t added a general policy for vpn.

Hello shorewall-users, now that I''ve got v1.4 problems solved I''d just like to ask a general question. Are there any real benefits to upgrading if v1.4 does what I want ? I''m not a fan of bleeding-edge in production and I don''t go for "v2 must be better than v1 because it''s newer" Tom, if you have a few minutes, what''s new in 2.0

I have built a webshop in rails, now it''s time for invoice handling through a third party. The communication will be done by xml-rpc. The built in ruby xml-rpc doesnt seem to be compatible with the third party so I have to use a special php-script (provided by the third party) that will handle the interaction with them. Where on the server should/can I put the script? I would prefer

Hi, I am running a three Node replicated Volume and need to add more Bricks. What I've read so far this that this is not really possible so the question is how it should/can be done? Can I create a replicated Volume with 10000 Bricks where 9997 are missing? Is there a way that I didn't find so far? The Gluster Volume is used to store images for a Webshop in the Amazon Cloud and I

Hello, I just bought a X100P from digitnetworks. It is supposed to be a FXO card, but there are 2 rj-11 plug on the card. One is labelled "phone" and the other "pstn". When i plug the "pstn" on the wall and the "phone" on my analog phone, everything (incoming and outgoing calls) works like before (without asterisk). AFAIU, i should have an FXS card in my

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

Hello: I just started using Shorewall this morning and must say that I''m very impressed. Much nicer than what I was using previously. I love the ability to type ''shorewall logdrop ww.xx.yy.zz'' and completely block a particular IP address. However, the log part doesn''t happen. When I look in the logdrop chain, there is no LOG prefix. I''ve looked

Hi all, I need to do massive simulations in the next two years. I estimated that I will need about 64GB memory, if I do not want to split up the calculations. Additionally I would like to have it as fast as possible. Can R handle multi-core processors and can all standard operating systems handle the same amount of memory and speed? Perhaps someone could point me to a webshop that sales

Hi all, I''m going nuts on a very simple issue. I know what I want but don''t know what to tell rails to do so. I have a very common setup for managing contacts. A companies table and a contacts table. As you''ve guessed it''s a one to many relationship. The database is setup with the appropriate foreign keys, the models have been generated and I added the