Hello!
I am doing some implementation about tunneling and routing protocols.
Tunneling is no problem with shorewall but Rip, OSPF, BGP aren't
supported "by default". I am thinking about Quagga which has a RIP
daemon.Has someone any tips for the implementation ??
I think I can doing routing wit
On Mon, 2008-03-24 at 00:55 +, Andrew Suffield wrote:
>
> Do it as a heartbeat resource script. That'll be pretty near
> transparent to shorewall, and farm all the hard work out to heartbeat.
Hrm. Maybe my use of HA was misleading. I meant HA of multiple
Internet connections, not multiple S
On Sun, 2008-03-23 at 15:42 -0700, Tom Eastep wrote:
>
> So long as I am running the Shorewall project, there will be no such
> monitor included in the product.
Heh. That's about the level of reception I was expecting. :-)
> Any piece of software that monitors
> state and reacts to changes b
Brian J. Murrell wrote:
On Sun, 2008-03-23 at 15:42 -0700, Tom Eastep wrote:
I'll be happy to link to anyone's site that hosts such a monitor
project, provided that the project does it's own support.
That's fair, and perhaps a workable solution. Perhaps such a project
could leverage on the c
[ Not sure my CC to -devel will actually propagate but I will give it a
go ]
On Mon, 2008-03-24 at 07:50 -0700, Tom Eastep wrote:
>
> Sure. Feel free.
OK.
> I would like eventually to get Shorewall entirely out of the routing
> business because I really think that routing should be controlled
On Mon, Mar 24, 2008 at 10:24:16AM -0400, Brian J. Murrell wrote:
> On Mon, 2008-03-24 at 00:55 +, Andrew Suffield wrote:
> >
> > Do it as a heartbeat resource script. That'll be pretty near
> > transparent to shorewall, and farm all the hard work out to heartbeat.
>
> Hrm. Maybe my use of H
On Mon, Mar 24, 2008 at 11:09:55AM -0400, Brian J. Murrell wrote:
> But yes, I agree that
> policy routing and general firewalling are only very loosely related if
> at all and only by nature of the firewalling rules marking packets for
> policy routing.
The underlying problem is that shorewall's
On Mon, 2008-03-24 at 15:13 +, Andrew Suffield wrote:
>
> Oh, yes, I habitually assume that you can't possibly do HA in one box
> (because you can't really, I get dead motherboards about as frequently
> as I get dead internet connections).
Ahhh. Your experience is different than mine. I fin
Brian J. Murrell wrote:
I would like eventually to get Shorewall entirely out of the routing
business because I really think that routing should be controlled
separately from the firewall. There is no earthly reason why restarting
the firewall should have to rebuild the policy routing configur
On Mon, Mar 24, 2008 at 11:39:28AM -0400, Brian J. Murrell wrote:
> > No idea if it makes any sense with one box (insofar as that makes any
> > sense at all) - I'd never try, a second box is the cheapest element of
> > the setup.
>
> But you first have to solve my basic problem: adjusting to Inter
On Mon, 2008-03-24 at 09:06 -0700, Tom Eastep wrote:
>
> Sorry -- I meant '-n'.
Hrm. 4.0.6 doesn't document a "-n" option either. But it's moot for my
purposes given the comment at the bottom.
> It may need to be cooperative where Shorewall creates the overall
> infrastructure and the policy
Brian J. Murrell wrote:
On Mon, 2008-03-24 at 09:06 -0700, Tom Eastep wrote:
Sorry -- I meant '-n'.
Hrm. 4.0.6 doesn't document a "-n" option either.
shorewall-lite help
(the man page doesn't document it :-( )
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Sh
Brian J. Murrell wrote:
If you remove policy routing from Shorewall, does Shorewall need the
mangle table for anything else? Is policy routing handled anywhere else
in netfilter other than the mangle table? I'm trying to judge the
feasibility of actually achieving the goal.
Shorewall also n
> Оригинално писмо
>От: Tom Eastep <[EMAIL PROTECTED]>
>Относно: Re: [Shorewall-users] Shorewall and xen
>До: Shorewall Users
>Изпратено на: Понеделник, 2008, Март 24 04:16:58 EET
>--
>
>Hristo Benev wrote:
>> This is not my first setu
On Mon, 2008-03-24 at 09:36 -0700, Tom Eastep wrote:
>
> Shorewall also needs it for traffic shaping. There are some things that
> you can do with iptables that you cannot do with u32 filters.
Right. But you were to draw a line between Shorewall and "Routing and
Shaping", does Shorewall need th
Brian J. Murrell wrote:
On Mon, 2008-03-24 at 09:36 -0700, Tom Eastep wrote:
Shorewall also needs it for traffic shaping. There are some things that
you can do with iptables that you cannot do with u32 filters.
Right. But you were to draw a line between Shorewall and "Routing and
Shaping", do
On Mon, 2008-03-24 at 10:09 -0700, Tom Eastep wrote:
>
> No.
So that seems to be an interesting delineation point that meets with
your desires for Shorewall. If a Routing and Shapping package were to
use the mangle table exclusively then it should be able to co-exist with
Shorewall without one o
Hristo Benev wrote:
>
>
Sorry I was not really clear.
I'm little bit confused by Xen Networking, so I may have some interfaces that
are not used.
Basically I'm trying to limit the access from net to DMZ to certain ports only.
> Initially my DomU machine (lets call it Mail) with IP x.x.x.16
Adrian Chapela wrote:
Hello!
I am doing some implementation about tunneling and routing protocols.
Tunneling is no problem with shorewall but Rip, OSPF, BGP aren't
supported "by default".
I guess I don't know what you mean by that. Shorewall doesn't admit any
traffic 'by default' -- you hav
Tom Eastep wrote:
If you mean configure multiple ISPs with shorewall and then run quagga
with RIPv2, I have no idea what will happen. But I suspect that Quagga
will only update the main routing table in reaction to changes in the
network topology.
And will only propagate changes to the m
Dear list,
I have several years' experience with Bering Firewall and have configured
Shorewall a
dozen times in different setups. The issue I am facing has to do with
the Xen routed context as outlined at
http://www.shorewall.net/XenMyWay-Routed.html
I have a similar working setup without the w
Werner van Staden wrote:
Dear list,
I have several years' experience with Bering Firewall and have configured
Shorewall a
dozen times in different setups. The issue I am facing has to do with
the Xen routed context as outlined at
http://www.shorewall.net/XenMyWay-Routed.html
I have a similar
22 matches
Mail list logo
