Martin Leben wrote:
> Martin Leben wrote:
>
>> mess-mate wrote:
>>
>>> In addition of my previous post;
>>> the vserver people said _'there is no DNAT:thing '_
>>> So the only i can think is that the vserver-host have to dnat, do it ?
>>> That's twice, one's from the router/firewall and no
mess-mate wrote:
> Thanks Martin, i didn't consider yoy as 'a big talker' :)
> But as a helpfull person.
:-) You're welcome. Actually I did it more to make sure that what I said was
true than anything else.
> For any raesen i don't know my ISP considered some shorewal messages as
> spam ?
> ( m
I noticed for the first time that my Xen Dom0 firewall does not have a
PID for Shorewall (v4.0.10.1). Shorewall starts and restarts
successfully but does not show when I run 'ps aux' or 'pidof shorewall'
Is this normal?
-
Th
> I noticed for the first time that my Xen Dom0 firewall does not have a
> PID for Shorewall (v4.0.10.1). Shorewall starts and restarts
> successfully but does not show when I run 'ps aux' or 'pidof shorewall'
>
> Is this normal?
Yes, shorewall is not "running", it configures netfilter and then ex
>We've done something similar, just assign no IP to the bridge
>interface. Make sure there are no routes on to that interface.
>
>You'd get almost the same effect if you assign an IP and block all
>traffic to the fw from that interface - and you need to reach the ADSL
>modem somehow? Or will you be
Joseph L. Casale wrote:
Tom, I hate to hijack the OP's thread but I was literally about to
> post regarding the same topic. Is it the most secure way in the
> situation where I have a physical NIC connected to a dsl modem,
and have created a bridge where multiple virtual interfaces each
> col
>Bridges usually need to be defined to Shorewall even if they aren't given an
>IP address. That is because vendor kernels typically support
>Netfilter/bridge interaction so traffic going through the bridge is passed
>through Netfilter. I usually assign them to a zone by themselves and set up
>polic
Sean Whitney wrote:
I have created the following tcrules, tcclasses, and tcdevices files.
The LAST MATCH decides the mark in tcrules, NOT THE FIRST MATCH! So it looks
like the order of your tcrules is totally wrong.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented
I've sent 2 replies to this list, haven't seen either yet
Sorry for the spam, please ignore.
jerry
-
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time
I had sent this early this morning, but it never made it to the list.
It's not the first time my ISP has ate my email. I wonder how many of my
resumes didn't get delivered, might explain a couple of things
As a PS to the below mail:
1) Or go with what Martin suggested, use an ip address on 20
mess-mate wrote:
> Tom Eastep wrote:
>
>> Martin Leben wrote:
>>
>>> If you have more questions about vserver networking, I am sure that
>>> you would get better help on a mailing list or forum about vserver
>>> where the vserver experts hang out, than you get on this list.
>>> Remember, this is a
11 matches
Mail list logo
