similar to: question on IPSEC behind NAT

Hi all, ive been reading lartc howto, im new about traffic shaping/police. As far as red (chapter 9 complete) i saw that first the packet passes at the ingress qdisc, then it passes to the ip stack if the packet is directed to the box or its forwarded (is my case), then it falls to the egress classifier/s. Now, i understand if i have an ipsec vpn at the outside interface, the egress

Hello all, I updated from CVS 3 days ago and now my IAX2 gateway is dropping calls without warning. It happens right in the middle of a conversation with no pattern. I never had this Problem before and am usually talking 2-3 hours a day. Is their a bug? Should I rollback? Cheers, Paul Seniuk -------------- next part -------------- A non-text attachment was scrubbed... Name: Paul

I was looking at the wiki on 'Asterisk as a voice/fax switch' And was wondering if the extension 'fax' is global to extensions.conf Or just to the context it is in? The reason I ask, is that my PRI might have 5 channels that will be scrictly Fax, and to be functional, I need multiple 'fax' extensions in my various Contexts. Hope that makes sense, Paul Seniuk

Tuomo Soini wrote: > You don''t happen to read shorewall-devel mailinglist ? I read it -- I just didn''t know what to make of your post and it arrived while I was on vacation. What exactly are you trying to accomplish that Shorewall isn''t doing for you now? e.g. /etc/shorewall/zones rw Roadwarriors Road Warriors /etc/shorewall/interfraces rw ipsec+

Is it possible to allow distinctive rings work for FXS ports as well? I need a certain FXS extension to ring a distinctive double ring. I modified zapata.conf appropriately for dring1,dring2 and it just Seems to ignore my updates. Do distinctive rings only work for FXO ports? Paul Seniuk -------------- next part -------------- A non-text attachment was scrubbed... Name: Paul Seniuk.vcf

Hi all! I have got a vpn connection set up using FreeSwan and shorewall. Everything works fine but I want to add another subnet to the whole. This means that 1 box will get two net-to-net connections. I want to limit the services on one subnet however. Cuurently I have defined a vpn zone for the current connection and allow all vpn<->loc traffic. How would I go about in tightening the

Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup.. I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall

Hello, I use Julian Anastasov ''routes'' (to be more specific: static_routes, alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run IPSec. I have discovered after a few hours of networking problems that, when IPSec is enabled on that patched kernel, inspecting packets with tcpdump while arping-ing a host from a network physically connected to this

Has anyone has issues with echo using a Wildcard with a PRI from a major Canadian Telco? (Bell, Telus, AllStream, Sprint, Group Telecom). We are using a T1 from GT that is giving use annoying echos whenever a SIP/IAX2 client calls a local analog line. Calling cells phones is no issue since its digital. Regardless, there should be no issue with echo on a PRI at all. NOC at GT is telling us

I am attempting installation of spandsp on to an Asterisk installation on Linux RH9 the distribution i am using is that are URL http://ftp2.tootai.net - the README for which i have followed verbatim - my only issue on this was the target for the port.h / tif_dir.h / tiffiop.h files in the 'headers' folder of the distribtion i put these in the /usr/include folder based simply on the

Hi! I have a Linux shorewall firewall that is the default gw of the network. I want to redirect all localy originating traffic to port 80 into another machine on port 8002 into the local network. This machine is a WIN2000 machine running a commercial software (proxy, content filtering) that only runs into Windows... :-( I tried something like this but this doesn''t seem to work: local

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup of ''shorewall restart'' on my firewall when compared to 1.3.11a. Please test with these files -- I don''t anticipate making any more performance changes for 1.3.12 and I want to be sure that I didn''t break anything. -Tom -- Tom Eastep \ Shorewall

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

Shorewall 1.3.9 is available. In this release: 1. DNS Names are now allowed in Shorewall config files (I still recommend against using them however). 2. The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule. 3. Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. 4. The

I have purchased a license for Vexira MailArmor (an antivirus product) and the good news is that it is installed and working at shorewall.net. The bad news is that I have yet to get Vexira running together with SpamAssassin :-( As things currently stand, list posts will be protected from viruses but may contain Spam. I''ll continue to work to correct this situation. -Tom -- Tom Eastep

does anyone know how to enable the "udp loose" function in kernel 2.4.x? one of my fave games requires this to work on the net and i''d really like to move away from the 2.2 series kernels. tia

Hello all, i am new to shorewall and i already have a question ;) i am running a mailserver in my dmz (or actually this will be when = evertything will be working fine with shorewall) with public ip = addresses.. i have a subnet of 8 ip addresses (255.255.255.248 mask) and = i was planning of the classic 3 nic (eth0-2) setup... the dmz should = work with proxy-arping...=20 now my quesion is

This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t