This is an excellent question, and has relevance beyond just
troubleshooting and maintenance. I don't know how many times an auditor
has asked the pointed audit question, "What controls (tools and
processes) do you use to verify the technology in place is configured
correctly to support policy...".
Shorewall Geek wrote:
> Hard to say. Multi-ISP works differently for connections originating on
> the firewall itself which is what occurs when you run a Proxy on the
> firewall. See http://www.shorewall.net/MultiISP.html#Local.
>
One thing you might try is to set the 'loose' option on both prov
Hi
anyone can help me to create a TC Rules on my shorewall 3.2.X ?
Shorewall are on my linux gateway (eth0: Net and Eth1:Lan)
I have a link:
eth0 2048kbits 2048kbits (Sdsl)
I want create a tc for:
eth1 and fw to eth0:
All protocol are limited at 1792kbits
(a ftp or web download can
Hinrich Fraemcke wrote:
> Hi all
>
> I just implemented a squid proxy running *shorewall* as firewall and
> load balancer under f9.
>
> Kernel: 2.6.25-14.fc9.i686
>
> The setup run fine except that *shorewall* doesn't seem to untilize the
> two ISP connections and favours one of them
Shorewall
Christian Vieser wrote:
> Shorewall Geek wrote:
>
>> The output of 'shorewall dump' tells you everything you ever need
>> to know about your Shorewall configuration. Of course, you have to
>> understand IP networking, Linux Networking and Netfilter in order to
>> interpret the output.
>
>
> And
Ok, just putting a few answers together.
Karsten Bräckelmann wrote:
> To put it in other words: Isn't the shorewall configuration sufficient
> to get a picture of allowed traffic?
>
> Since you specifically mentioned "small businesses", how large and
> complicated are your policies and rules
Hi all
I just implemented a squid proxy running *shorewall* as firewall and load
balancer under f9.
Kernel: 2.6.25-14.fc9.i686
The setup run fine except that *shorewall* doesn't seem to untilize the two
ISP connections and favours one of them and I have the feeling that the
balancing is not wor
Adrian Chapela escribió:
> Hello, I have configured a Multi ISP recently but It didn't start, it
> shown me the error:
>
> ERROR: Unable to determine the MAC address of 192.168.22.254 through
> interface eth0
>
> ip addr show output:
> inet 192.168.21.219/24 brd 192.168.21.255 scope global eth0 (
Hello, I have configured a Multi ISP recently but It didn't start, it
shown me the error:
ERROR: Unable to determine the MAC address of 192.168.22.254 through
interface eth0
ip addr show output:
inet 192.168.21.219/24 brd 192.168.21.255 scope global eth0 (real Ip)
inet 192.168.22.220/24 brd 192
