Le 13/11/2013 01:00, Tom Eastep a écrit :
> On 11/12/2013 3:50 PM, Jérôme Blion wrote:
>> Hello everyone,
>>
>> I use shorewall for years. I'm installing a new server today and have
>> some troubles having Shorewall working exactly the way I want.
>> I have the following Network:
>>
>> FTTH (Orange
On 11/12/2013 3:50 PM, Jérôme Blion wrote:
> Hello everyone,
>
> I use shorewall for years. I'm installing a new server today and have
> some troubles having Shorewall working exactly the way I want.
> I have the following Network:
>
> FTTH (Orange) == ONT (fiber to ethernet) ==[eth0->vlan835->p
Hello everyone,
I use shorewall for years. I'm installing a new server today and have
some troubles having Shorewall working exactly the way I want.
I have the following Network:
FTTH (Orange) == ONT (fiber to ethernet) ==[eth0->vlan835->ppp0] Server
(Linux Debian Wheezy) [br0 (eth2/wlan0)]== s
On 11/12/2013 3:25 PM, Axel Zöllich wrote:
>>> I forgot to say that this is only the case for packages originating from
>>> the firewall itself. SNATed packages from the local network are handled
>>> correctly.
>> Look carefully at http://www.shorewall.org/MultiISP.html#idp1955662608.
>> You are mi
> > I forgot to say that this is only the case for packages originating from
> > the firewall itself. SNATed packages from the local network are handled
> > correctly.
> Look carefully at http://www.shorewall.org/MultiISP.html#idp1955662608.
> You are missing two entries.
As i've got no public sub
thanks answered my on question by just using the ftp helper no src or
dst port. now ftp traffic gets marked.
On Wed, Nov 13, 2013 at 1:19 AM, JC Putter wrote:
> Tom or anyone
>
> Last question.
>
> i have a tcrule to limit ftp as well now and i am using the ftp helper
> however i am not seeing
Tom or anyone
Last question.
i have a tcrule to limit ftp as well now and i am using the ftp helper
however i am not seeing any hits on the rule.
any ideas why? 80 and 443 work 100% now..
see attached
On Tue, Nov 12, 2013 at 7:58 PM, JC Putter wrote:
> Tom,
>
> Thank you very much! got it wor
On 11/12/2013 2:34 PM, Axel Zöllich wrote:
> I forgot to say that this is only the case for packages originating from the
> firewall itself. SNATed packages from the local network are handled correctly.
Look carefully at http://www.shorewall.org/MultiISP.html#idp1955662608.
You are missing two en
I forgot to say that this is only the case for packages originating from the
firewall itself. SNATed packages from the local network are handled correctly.
Axel
--
Wir verwenden ausschließlich blaue Elektronen aus biologischem Anbau.
Hi,
in my two ISPs Setup every package except that for aaa.117.77.217 should be
routed via the ppp0 (tcom) interface.
provider:
tcom1 0x100 - ppp0-
balance=2 -
netco 2 0x200 - eth4aaa.117.77.217
bala
Tom,
Thank you very much! got it working, after re-reading shorewall.conf man
FORWARD_CLEAR_MARK was not set (which if i understand the man
correctly it defaults to YES?) after changing it to No, it seems to
work now!
On Tue, Nov 12, 2013 at 7:10 PM, Tom Eastep wrote:
> On 11/12/2013 8:24 AM,
On 11/12/2013 8:24 AM, JC Putter wrote:
> attached the shorewall dump.
>
> MARK_IN_FORWARD_CHAIN=No
>
As I explained in the last email, it is *never* going to work with
MARK_IN_FORWARD_CHAIN=No and FORWARD_CLEAR_MARK=Yes. You must change the
setting of one or the other or you must do your markin
attached the shorewall dump.
MARK_IN_FORWARD_CHAIN=No
many thanks
On Tue, Nov 12, 2013 at 6:07 PM, Tom Eastep wrote:
> On 11/12/2013 7:47 AM, JC Putter wrote:
> > Tom,
> >
> > Thank you for you reply. Please accept my apologies for the email format.
> >
> > Here is my config now, i have MARK
On 11/12/2013 7:47 AM, JC Putter wrote:
> Tom,
>
> Thank you for you reply. Please accept my apologies for the email format.
>
> Here is my config now, i have MARK_IN_FORWARD_CHAIN=No
>
>
> LAN=eth0
> WAN=eth2
>
> so traffic now goes to the default class which is good however seems
> like my
Tom,
Thank you for you reply. Please accept my apologies for the email format.
Here is my config now, i have MARK_IN_FORWARD_CHAIN=No
LAN=eth0
WAN=eth2
so traffic now goes to the default class which is good however seems
like my marking isn't working because as shown in tcrules, i've mark
tho
15 matches
Mail list logo
