Re: [Shorewall-users] Shorewall rejects NTP requests

2017-05-12 Thread Paul Gear
On 12/05/17 21:15, Roberto C. Sánchez wrote: > > [SNIP] >> Chain loc-net (1 references) >> pkts bytes target prot opt in out source >> destination >> 11685 3316K ACCEPT all -- * * 0.0.0.0/0 >> 0.0.0.0/0ctstate RELATED,ESTABLISHED >> 21402 16

Re: [Shorewall-users] Shorewall rejects NTP requests

2017-05-12 Thread Roberto C . Sánchez
[SNIP] > Chain loc-net (1 references) > pkts bytes target prot opt in out source > destination > 11685 3316K ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0ctstate RELATED,ESTABLISHED > 21402 1627K ACCEPT udp -- * * 0.0.0.0/0 > 0.0.

Re: [Shorewall-users] (no subject)

2017-05-12 Thread Bill Shirley
I have several servers where I'm seeing this. Here's my understanding of the problem: 1)at some time in the past there was a printer at 192.168.3.25 which has now moved (probably DHCP) 2)at that time, the Windows PC at 192 168.1.222 latched onto that address 3)now that Windows PC can

Re: [Shorewall-users] Q: 2 Links (providers) Behaviour

2017-05-12 Thread Simon Hobson
andreil1 wrote: > I have 2 links and this config: > > LTC1 1 0x1 - eth0gw1.xx.xx.xx > track,balance=1 - > BTC2 2 0x2 - eth1gw2.yy.yy.yytrack > - > > net eth0tcpflags,nosmurfs,rpfilter,sour

Re: [Shorewall-users] providers and balance

2017-05-12 Thread Simon Hobson
Vieri Di Paola wrote: > Another issue I would like to solve or mitigate has to do with client hosts > that access http-authenticated web sites through a load-balancing gateway > such as in the above example. > A simple example is when a LAN host logs into a forum via HTTP while going > out ISP

Re: [Shorewall-users] (no subject)

2017-05-12 Thread Simon Hobson
Will Lowe wrote: > Can someone help me understand this particular log message? It is from a > Ricoh Printer on my main net to a computer on an adjacent net which is also > under my control.. Neither the printer nor this computer should be > communicating with each other for any reason. The com

Re: [Shorewall-users] Shorewall rejects NTP requests

2017-05-12 Thread Sven Kobow
Hi Roberto, here is the output: [BEGIN] Shorewall 5.0.4 Dump at firewall.local - Do 11. Mai 21:15:07 CEST 2017 Shorewall is running State:Started (Mi 10. Mai 22:51:44 CEST 2017) from /etc/shorewall/ (/var/lib/shorewall/firewall compiled by Shorewall version 5.0.4) Counters reset Mi 10. Mai 22:5

[Shorewall-users] providers and balance

2017-05-12 Thread Vieri Di Paola
Hi, I have 4 Internet providers and I would like all outgoing connections (from LAN to WAN) to be load-balanced on only 2 of the links (ISP1 and ISP2). The other 2 links are for special cases (some policy-based outgoing connections only and some inbound accesses). I have this in my providers fi

[Shorewall-users] Q: 2 Links (providers) Behaviour

2017-05-12 Thread andreil1
Hi, I have 2 links and this config: LTC11 0x1 - eth0gw1.xx.xx.xx track,balance=1 - BTC22 0x2 - eth1gw2.yy.yy.yytrack - net eth0tcpflags,nosmurfs,rpfilter,sourceroute=0 net eth1