similar to: Xen 3.0 and a virtual net (brouter with masq)

Hello, We have 3 DSL connections connected to eth3 and another interface with a dedicated link in eth0 (main table) We want to balance selected traffic (using fwmark and iptables) through our 3 DSL connections in a secondary table named DSL (without using the dedicated link in eth0), but the next command is not accepted, and gives us the following error: # ip route add default

Hi, I tried sending this earlier, but it didn't come through. Apologies if this appers twice on the list. I'm running bridging using the brouter setup described on this page: http://ebtables.sourceforge.net/examples.html "Making a brouter". The setup described there is like this: ifconfig br0 0.0.0.0 ifconfig eth0 172.16.1.1 netmask 255.255.255.0 ifconfig eth1 172.16.2.1

I have used shorewall in the past and loved it. However, at the time it did not support brouting and because of that I had to remove it for a faster solution. Now that faster solution is failing and I want to go back to what I liked. I have never set up a brouter but I have been doing a lot of reading on it, both on your site and many others. I all cases what I see is a brouter/firewall

I setup some IPSEC between 2 networks. From 1 network I can ping the other networks local connection but not anything beyond that. Network A - 10.0.1.1 (loc) 23.23.23.23 (net) Network B - 10.0.2.1 (loc) 44.44.44.44 (net) I''m on local machine 10.0.1.10 on network A, I can ping 10.0.2.1 but I cannot ping a machine on that network ex. 10.0.2.200. I was thinking it probally has to do

Hi, Sorry to bother you all. I have a typical problem sharing DSL upstream bandwidth with users. I have 3 types of traffic high-priority, medium-priority and low priority. My upstream rate is 960kbits. Traffic (any priority) can vary in bandwidth from 0 to 960kbits. I have a test setup where I can pump 600kbit of high priority sustained and I have 400kbit of low priority traffic sustained. I

Hi, [sorry for the crosspost, I don''t know whether this is a routing or ebtables problem] I want to redirect all HTTP traffic passing through my bridge to a squid proxy on another machine. However, setting up brouting as suggested in the ebtables examples doesn''t work and the packets get dropped on the floor completely. /\/\/\/\/\/\/\/\ +----------------------+

Hi all, I've run across this problem before but this time it's a rather complicated setup. a. We have a long list of local users, all of them resident at the system level /etc/passwd, and on three different primary groups (each of these groups corresponds to what needs to be a different Windows Domain) b. Some of these users will actually belong to more than one Domain,

Hi, I am experiencing a strange network problem. It looks like some packets get lost on the way from frontend network device in domU to the backend vifx.x in dom0. But first my configuration: - Xen 3.4.0 from the gentoo ebuild and the pvops dom0 kernel from jeremy/xen.git - The system has two physical network interfaces called gblan (Gigabit Ethernet) and felan (Fast Ethernet) - Two network

Here is an extract of my current iptables that are not working: iptables -L -n -v Chain INPUT (policy DROP 8 packets, 1120 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- lo * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 0 0 ACCEPT udp -- lo * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306

Dear all, I get a problem with masq, why it doesn''t work for connect to internet? my masq configuration /etc/shorewall/masq eth0 10.2.0.0/16 202.158.1.99 but if my masq file without 202.158.1.99 it work! /etc/shorewall/masq eth0 10.2.0.0/16 and the ip nat will be same with ip address eth0. FYI: IP number (202.158.1.99) just valid IP but doesn''t have interface

I am wanting to verify that I am properly using the MASQ for a series of hosts. I have 2 providers, and my providers file has the contents: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY l3 1 100 main eth0.100 1.18.139.1 track,loose,fallback eth1 ws 2 200 main eth0.101 1.155.136.193

Hi! Progress is much better now with my new install with not many problems left! I just have a simple - I hope - question. I have a few users that need access to the net via masquerade rules. The rest have to go via squid on the firewall. That all works well. I also have two windows servers that also need access to the net but they have to each use a specific outgoing ip address. I add two

Hi, I''m trying to configure a machine with two public ip''s to work as a firewall Two different suppliers provide both public ip''s, so as I have an fw which is made of: eth0 -> supplier A eth1 -> supplier B eth2 -> internal LAN Using the 4.2 section of LARTC documents, a divided rooter between two providers can be made. Even it can be configured to have a

Hi All, Our internal users need to connect to the bank to do internet banking. The bank requires that the client computers connect to ports 15000-15010. In Shorewall how do I do a masq for anyone trying to connect to these ports? Thanks Raymond

Hi All, I have a weird issue I''m not sure how to solve.  I''ve got Xen 3.2.1 working under RHEL 5.2 x86_64 just fine.  I fired off a CentOS 5.2 PV install and everything went smoothly... except that when I fire up the PV, the tap0 for bridging isn''t being created.  This results in the CentOS 5.2 domU''s bridged eth0 only being able to ping the RHEL5

Still learning Xen, and would like to know if it''s possible to run Squid in D0 when running in bridging mode. I have iptables and ebtables going, and am able to log packets with those, but can''t seem to get any traffic out of the bridge into Squid in D0 (or through iptables in D0, for that matter). Information I''ve gathered so far is that I need

-----BEGIN PGP SIGNED MESSAGE----- On Fri, 07 Aug 1998 11:17:31 -0400, Mailing Lists wrote: >for a hacker to directly connect to one of my protected computers from the >outside. Can a java or activeX applet do the thrick? Or if a computer >from the inside initiate a connexion to some.evil.org, can this host piggy >backs the link and access the computer from which the connection was

Is it possible to somehow build this rule, where net could be any IP on the net? /etc/shorewall/masq #INTERFACE SUBNET ADDRESS PROTO PORT(S) eth3:10.10.10.7 net 10.10.10.1 Thanks, David

Wondering about being able to see MASQ activities with IPTABLES. With IPCHAINS I used -M -L to make this possible. Nothing like that with iptables, at least as far as I can see. Any thoughts on that fellows.. --- Ted Gervais Coldbrook Nova Scotia Canada B4R1A7

Hi, I need some special masq rules to allow internal servers to resolve public IP''s which are loadbalanced by LVS - the rule are: iptables -t nat -A POSTROUTING -m ipvs --vaddr <LVS PUBLIC IP>/32 --vport 80 -j SNAT --to-source <LVS INTERNAL IP> Also I need to enable: echo 1 > /proc/sys/net/ipv4/vs/conntrack Currently I do all this from /etc/shorewall/started - but is