Re: [Shorewall-users] Problem getting ProxyARP and loc to playtogether

2006-10-09 Thread Russel
>> vlan0 is the loc zone/interface. (This is an ASUS WL-500GP running OpenWRT, >> if it matters). Well, actually, it does matter, because I can't use the >> iprange module, since it's not included with that package of iptables, >> otherwise, I think I would have solved my problem a while ago.

[Shorewall-users] Problem with routing

2006-10-09 Thread Jan van der Vyver
Hi All I have the following setup Users --- Machine A --- Machine B --- Machine C >From machine A to B: Ipsec VPN Allows 192.168.10.0/24 (Users) to connect to 192.168.20.0/24 (Network on machine B) >From machine B to C: Ipsen VPN Allows 196.44.33.118 to coccent to 19

Re: [Shorewall-users] Problem with routing

2006-10-09 Thread Tom Eastep
Jan van der Vyver wrote: > Hi All > > I have the following setup > > > > > Users --- Machine A --- Machine B --- Machine C > > >>From machine A to B: > > Ipsec VPN > Allows 192.168.10.0/24 (Users) to connect to 192.168.20.0/24 (Network on > machine B) > > >>From machi

[Shorewall-users] FW: Problem with routing

2006-10-09 Thread Jan van der Vyver
> DNAT:info net:192.168.10.0/24 net:192.168.241.65 all - > - 192.168.20.33 > > But for that packets to go to 192.168.241.65 the source must be also > rewritten to 196.44.33.118. > > Any ideas? >In Shorewall, all source address rewriting is accomplished using entries in

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Tom Eastep
Jan van der Vyver wrote: >> DNAT:info net:192.168.10.0/24 net:192.168.241.65 all - >> - 192.168.20.33 >> >> But for that packets to go to 192.168.241.65 the source must be also >> rewritten to 196.44.33.118. >> >> Any ideas? > >> In Shorewall, all source address rewriting

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Jan van der Vyver
>> DNAT:info net:192.168.10.0/24 net:192.168.241.65 all - >> - 192.168.20.33 >> >> But for that packets to go to 192.168.241.65 the source must be also >> rewritten to 196.44.33.118. >> >> Any ideas? > >> In Shorewall, all source address rewriting is accomplished using

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Tom Eastep
Jan van der Vyver wrote: > >>> DNAT:info net:192.168.10.0/24 net:192.168.241.65 all - >>> - 192.168.20.33 >>> >>> But for that packets to go to 192.168.241.65 the source must be also >>> rewritten to 196.44.33.118. >>> >>> Any ideas? >>> In Shorewall, all source address

[Shorewall-users] FW: FW: Problem with routing

2006-10-09 Thread Jan van der Vyver
I am trying to ssh from a machine (192.168.10.198) behind machine A (192.168.10.200) to 192.168.20.33. Between machine A and machine B there is a ipsec vpn. Config for this vpn: conn in2one-to-adept type=tunnel connaddrfamily=ipv4 left=196.44.33.190 leftnexthop=%

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Jan van der Vyver
> >>> DNAT:info net:192.168.10.0/24 net:192.168.241.65 all - >>> - 192.168.20.33 >>> >>> But for that packets to go to 192.168.241.65 the source must be also >>> rewritten to 196.44.33.118. >>> >>> Any ideas? >>> In Shorewall, all source address rewriting is accomplished us

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Tom Eastep
Jan van der Vyver wrote: > I am trying to ssh from a machine (192.168.10.198) behind machine A > (192.168.10.200) to 192.168.20.33. > > Between machine A and machine B there is a ipsec vpn. > Config for this vpn: > > conn in2one-to-adept > type=tunnel > connaddrfamily=ipv4 >

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Tom Eastep
Tom Eastep wrote: > Jan van der Vyver wrote: > >> I am trying to ssh from a machine (192.168.10.198) behind machine A >> (192.168.10.200) to 192.168.20.33. >> >> Between machine A and machine B there is a ipsec vpn. >> Config for this vpn: >> >> conn in2one-to-adept >> type=tunnel >>

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Tom Eastep
Tom Eastep wrote: > > I got a bit ahead of myself -- I'm correct that to do this right, you need > policy match. But you should be able to get it to work if we can determine why > your ruleset drops most traffic to/from 192.168.241.65. Please send me a > tar-ball of your /etc/shorewall/ directory

Re: [Shorewall-users] Problem getting ProxyARP and loc to play together

2006-10-09 Thread Joshua J. Kugler
On Saturday 07 October 2006 17:23, Tom Eastep wrote: > a) The answer to Shorewall FAQ 17 says this about the chain name in a >log message: I apologize for asking a FAQ. I probably read the question, but the fact that it was what I needed didn't click. >Why do I require 'routeback'? I ha

Re: [Shorewall-users] FW: Problem with routing

2006-10-09 Thread Jan van der Vyver
> > I got a bit ahead of myself -- I'm correct that to do this right, you > need policy match. But you should be able to get it to work if we can > determine why your ruleset drops most traffic to/from 192.168.241.65. > Please send me a tar-ball of your /etc/shorewall/ directory. > >Ah -- I s

[Shorewall-users] mutliple ISP's cont.

2006-10-09 Thread Richard
Hi Paul, thanks for your answers. > 3 DSL (ppp0,ppp1,ppp2) providers from the same ISP. (which means they have > the same gateway, but different static ISP's) Do they actually have the same peer address? The connection is pppoe, the gateway is assigned by the ISP and the 3 ADSL connections nex

[Shorewall-users] traffic shaping

2006-10-09 Thread Pop Gheorghe Andrei
Hello. I am searching for somebody who can help me out with a relatively simple traffic shaping setup in shorewall. I have 1 IP and a 64 subnet routed with that IP. It will be used by a verry small ISP ofering last mile solutions (I curently have 7 clients, home users, each paying $10; will hav