quote who=[EMAIL PROTECTED]
[...]
DNS not being special case does make sense. Do you have any suggestions
on how to deal with the DNS look up failures when the requests are sent
to wrong provider.
Easyest is to actually have your own Internal DNS Caching Server.
Configured in a way it has
Cristian wrote:
On Mon, 05 Nov 2007 06:54:22 -0800, Tom Eastep [EMAIL PROTECTED]
wrote:
Please forward the output of shorewall dump (as a compressed
attachment).
Capture the dump with the configuration that fails.
Here they come
The only difference that I see in the two is that,
Franck Routier wrote:
Hi,
I am a novice regarding firewalling in general and Shorewall in
particular... so :
I would like to use shorewall on a laptop.
A have read the doc, but I can't figure out how to handle the fact the I
am alternatively connected via Wifi ( -- eth1 on my machine) or
Great ! Thanks a lot Tom.
I will try this setup and have an attempt to understand how it's done.
I might come back here to find some enlightenment on what it means, if
needed :)
Thanks again.
Franck
Le mardi 06 novembre 2007 à 08:41 -0800, Tom Eastep a écrit :
Franck Routier wrote:
Hi,
Hi,
I am a novice regarding firewalling in general and Shorewall in
particular... so :
I would like to use shorewall on a laptop.
A have read the doc, but I can't figure out how to handle the fact the I
am alternatively connected via Wifi ( -- eth1 on my machine) or cable
( -- eth0). Of course
Franck Routier wrote:
Great ! Thanks a lot Tom.
I will try this setup and have an attempt to understand how it's done.
I might come back here to find some enlightenment on what it means, if
needed :)
Some suggested reading:
http://www.shorewall.net/Introduction.html
Thanks, Jerry.
Cristian -- there is certainly something inconsistent in the numbering of
the providers between the working and non-working configurations.
-Tom
Original Message
Subject: Re: [Shorewall-users] Shorewall 3.2.9 (Etch) 2 providers and
traffic shaping
Date: Tue, 06
Hello,
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able to assign IP. I have a block of 32
and 8 IPs respectively from each ISP that I am trying
[EMAIL PROTECTED] wrote:
Hello,
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able to assign IP. I have a block of 32
and 8 IPs respectively
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able to assign IP. I have a block of 32
and 8 IPs respectively from each ISP that I am
[EMAIL PROTECTED] wrote:
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able to assign IP. I have a block of 32
and 8 IPs respectively from each
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able to assign IP. I have a block of 32
and 8 IPs respectively from each ISP that I am
Il giorno mar, 06/11/2007 alle 11.04 -0800, Tom Eastep ha scritto:
Thanks, Jerry.
Cristian -- there is certainly something inconsistent in the numbering of
the providers between the working and non-working configurations.
Hi Tom, hi did some cleaning in the config files today, now the
Quoting Tom Eastep [EMAIL PROTECTED]:
[EMAIL PROTECTED] wrote:
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able to assign IP. I have a
Cristian Mammoli wrote:
I used traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25 from the dmz
host and some requests went out through provider smrt1, some through
fweb1
Please try the attached patch.
Thanks,
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Il giorno mar, 06/11/2007 alle 13.55 -0800, Tom Eastep ha scritto:
How exactly did you test these two configurations and what did you see
that was different between the two? I ask because I don't see anything
happening in one that isn't also happening in the other.
-Tom
I put the working
Cristian Mammoli wrote:
Ok, I started all over with a clean 3.2.9 shorewall.conf and dumped the
two configurations. I also noticed that TC_EXPERT=Yes breaks the track
options with the working config, but it does NOT with the other
(HIGH_ROUTE_MARKS=Yes and shaping rules).
I attached the two
Ok, I started all over with a clean 3.2.9 shorewall.conf and dumped the
two configurations. I also noticed that TC_EXPERT=Yes breaks the track
options with the working config, but it does NOT with the other
(HIGH_ROUTE_MARKS=Yes and shaping rules).
I attached the two dumps, each done after a
Tom Eastep wrote:
Cristian Mammoli wrote:
I used traceproto $VARIOUS_INTERNET_HOSTS -p tcp -d 25 from the dmz
host and some requests went out through provider smrt1, some through
fweb1
Please try the attached patch.
My belief is that the problem stems from the fact that the compilers use
[EMAIL PROTECTED] wrote:
Quoting Tom Eastep [EMAIL PROTECTED]:
[EMAIL PROTECTED] wrote:
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able
Config files
shorewall.broken.tar.gz
Description: application/compressed-tar
shorewall.ok.tar.gz
Description: application/compressed-tar
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to
On Nov 7, 2007 5:37 AM, Tom Eastep [EMAIL PROTECTED] wrote:
Example:
0x100 192.168.1.440.0.0.0/0
0x200 0.0.0.0/0 0.0.0.0/0 tcp 25
A TCP packet from 192.168.1.44 with destination port 25 would end
up with a mark value of 0x300 whereas the
Prasanna Krishnamoorthy wrote:
On Nov 7, 2007 5:37 AM, Tom Eastep [EMAIL PROTECTED] wrote:
Example:
0x100 192.168.1.440.0.0.0/0
0x200 0.0.0.0/0 0.0.0.0/0 tcp 25
A TCP packet from 192.168.1.44 with destination port 25 would end
up with a mark
On Nov 7, 2007 8:35 AM, Tom Eastep [EMAIL PROTECTED] wrote:
Prasanna Krishnamoorthy wrote:
If I add a mark for traffic shaping in this case, prior to the above
two rules, making them look like
0x11 192.168.1.44 0.0.0.0/0
0x100 192.168.1.440.0.0.0/0
0x200 0.0.0.0/0
I am trying to configure multi-isp system using the latest
Bering-uClibc 3.1-beta1. I have two dual port cards (first
is e100 based driver and the second is tulip) and they are
all recognized and able to assign IP. I have a block of 32
and 8 IPs respectively from each ISP that I am
Hello all,
I have couple more questions:
1. What is the best and quickest way to make one or two changes and
restart the shorewall so that a down ISP is removed from load
balancing and the live isp gets all the load?
2. We have a split dns and serve all outside requests for name resolution.
We
[EMAIL PROTECTED] wrote:
1. What is the best and quickest way to make one or two changes and
restart the shorewall so that a down ISP is removed from load
balancing and the live isp gets all the load?
Simply set the 'optional' option on both interfaces in
/etc/shorewall/providers. Then you
Quoting Tom Eastep [EMAIL PROTECTED]:
[EMAIL PROTECTED] wrote:
1. What is the best and quickest way to make one or two changes and
restart the shorewall so that a down ISP is removed from load
balancing and the live isp gets all the load?
Simply set the 'optional' option on both
28 matches
Mail list logo