similar to: Problems with zone definition

I''m planning an upgrade of my five port, kernel 2.4.23 and shorewall 1.4.10f configuration to kernel 2.6.10 and shorewall 2.2.0 and have stumbled on a strange problem. I started with kernel upgrade with no configuration changes to shorewall, everything seems OK, no error messages except for remote printing service (SAPlpd) from server on subnet 192.168.102.0/24 to server on my subnet

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

Is it possible to somehow build this rule, where net could be any IP on the net? /etc/shorewall/masq #INTERFACE SUBNET ADDRESS PROTO PORT(S) eth3:10.10.10.7 net 10.10.10.1 Thanks, David

It is my plan that the upcoming release of Shorewall (1.3.14) will definitely be the last of the 1.3.x releases and will very probably be the last release of Shorewall 1.x.x. I will continue to support Shorewall 1.3 but will be making no more enhancements to it. I will be devoting my time to Shorewall 2. If anyone is interested in taking over the development of Shorewall 1, please let me

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

Hello all, my apologies if I have failed to RTFM, but the PDF manual and google were no help. I am trying to get a simple two node tunnel setup. I have verified that the up scripts bring up the interfaces as they are written; however my gut feeling is that there is something wrong there, but I am not sure exactly what. Misc items: * I have a Port line in horcrux because I ran INIT as a user,

Hello, I have simple question - is there a way to automatically replicate zone definition (not zone itself - this is easy) to slave server using BIND9? Is it BIND built-in or are there prebuilt scripts? Or I have to write that script on my own (started by Cron, transfer file with zone names, create conf file and finallly restart BIND?)? Thank you in advance -------------- next part

This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t

Hi, I followed the installation instruction step by step with the wine 1.3.13 package. I stick at point 3.1 user guide: using winecfg. If I input /usr/local/bin/winecfg or only winecfg in the wine-1.3.13 directory, the error message -bash: winecfg: command not found appears. There is a directory winecfg under wine-1.3.13/programs/ but no executable files. The wine package is installed under

Hi ALL, I am using below script for DOWNLOADING. it is only for HTTP and HTTPS. I have given the same prio for both. (i.e prio 1). pls see my script given below. (last 2 lines of the script where I have highlighted in BOLD letters) Can I have 2 tc filter rules with the same prio? What is the proper method to write? MY SCRIPT IS BELOW #traffic shaping on eth1 (Downloading) INTERFAZ_LAN=eth1

Hi all, i''m puzzled by a ploblem and I don''t know how to debug it... I have a firewall with 2 gateways, adsl and isdn. Main gateway is via adsl, backup via isdn. I setup 2 table ''adsl'' and ''isdn''. You can find a description below. I made a script to test both tables. That mainly 1. adds an iptables -t mangle -A

------------ Forwarded Message ------------ Date: Tuesday, January 28, 2003 10:19 AM +0100 From: Lorenzo Martignoni To: Tom Eastep Subject: shorewall 1.3.13-3 I built a new debian version for shorewall-1.3.13: shorewall (1.3.13-3) unstable; urgency=high * fixed a bug in shorewall.conf: SHARED_DIR was pointing to the old location of shorewall scripts, now moved to

Hi, I posted this question yesterday on the Openvpn mailing list, with no response, figured I will ask here too. I have been using openvpn for quite a while, no major problems encountered. Now I need to allow the server to access the lan of the client, and I can not figure out the routing. This is what I have after the tunnel is brought up: SERVER (A.A.A.A) Arx:~# ip addr ... 3: eth1:

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

Hello, I've trawled archives looking for changes in the "AllowUsers" option, manuals, changes log, reported bugs and to my surprise I can't find anything or anyone that has reported the issues that I am experiencing. I am using the default installation sshd_config file as supplied by Redhat and the only options I have changed are: ListenAddress AllowUsers The first problem

Hi there I have the following setup Home - Main Tinc server with public IP running on PfSense work - tinc client running behind a CISCO ASA firewall with public IP running on Windows 10 offsite - tinc client running on tomato router behind a double NAT Home & offsite connect & i can see all PCs & devices & connect to them easily, on either side work to Home or offsite connects

Hi all I am conducting the experiments comparing IP router forwarding delay and MPLS LSR forwarding delay, it is obvious in theory MPLS in Core should be faster than IP, but for small netork (only have several core routers), result show it is not, this is why I want emulate a large IP routing table in one core router. can I do it and how ? right now I use static routing table (by using command :

@triso because some of the engines, notably the two strongest, are not offered as native linux programs. i've updated my ubuntu 64-bit wine install script to use wine 1.3.13 http://www.jesseo.com/chess/64-bit-wine-ubuntu-1.3.13.sh i've gotten many engines to run from the terminal with this command "/home/USERNAME/wine64/wine" cmd.exe /K DeepRybka4x64.exe

The second Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The ''check'' command is no longer supported. 2) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.

Here is the report and the complete diagram. And sorry for email problem and incomplete email ! I have made new test. Eth0 and eth2 are bridged. I can ping NET from LAN I can ping every firewall''s interface from LAN I can ping eth1 from private LAN I can ping everything from firewall Bridging is activated in shorewall.conf >From LAN i can ping 192.168.11.253 but not 192.168.11.254