(I'm re-posting without using HTML - apologies for doing that)
Hello,
I have a very basic 3 interface setup - no packet marking, load
balancing, etc (this might need to change though). My three interface
setup is like so:
net/eth0 ISP
loc/eth1 LAN
vpn0/tun0 OpenVPN client tunnel on eth0
I'm
Hello,
I have a very basic 3 interface setup - no packet marking,
load balancing, etc (this might need to change though). My
three interface setup is like so:
net/eth0 ISP
loc/eth1 LAN
vpn0/tun0 OpenVPN client tunn
On 11/26/2015 5:52 AM, TN Patriot wrote:
>Just want to give a Happy Thanksgiving wish to Tom Eastep and all the
> Shorewall
>team. They work hard at a demanding and oftentimes unthankful job, making a
>program for us that works well, is free and open-source.
>
>Y'all take care, sta
noarch directory. It does not have SW5 packages
yet, only 4.6.13. I am not sure how quickly those are updated.
Mike
--
Michael A. Coan
Woodlawn Foundation, Inc.
56 Harrison Street, Suite 401
New
stripped my config down to the
bare minimum to eliminate errors but I just can't get her to budge. Thank
you!!!
-Mike Walker
--
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of
Original Message
> From: "Lee Brown"
> Sent: Monday, April 13, 2015 8:28 AM
> To: land...@mail.lanlinecomputers.com, "Shorewall Users"
> Subject: Re: [Shorewall-users] Problem with H323 Helpers
>
> On Sun, Apr 12,
shorewall. Trouble is this module cause VoIP jitter and
eventually disconnects phone calls used by a pbx system where the firewall
lives and has to been removed. Soon I think I am getting a pbx that uses
sip and will be good to go.
Thank you for the help,
-Mike
--
Tried upgrade to shorewall 4.6.8.1, still no joy. Weird. Was thinking I
could add
rmmod nf_conntrack_h323 to /etc/shorewall/started. Then I got this!
Processing /etc/shorewall/started ...
rmmod: ERROR: Module nf_conntrack_n323 is not currently loaded
done.
---
> a) Edit /etc/shorewall/conntrack and comment out the H323 part:
>
> # ?if __CT_TARGET && __H323_HELPER
> # CT:helper:RAS all - udp 1719
> # CT:helper:Q.931 all - tcp 1720
> # ?endif
>
> 2) shorewall restart
>
> 3) rmmod nf_nat_h323
> rmmod nf_conntrack_n323
>
> 4) shorewall restart -c
>
Original Message
> From: "Mike Lander"
> Sent: Sunday, April 12, 2015 5:24 PM
> To: "Shorewall Users"
> Subject: Re: [Shorewall-users] Problem with H323 Helpers
>
> Original Message
> > From: "Tom
Original Message
> From: "Tom Eastep"
> Sent: Sunday, April 12, 2015 5:00 PM
> To: shorewall-users@lists.sourceforge.net
> Subject: Re: [Shorewall-users] Problem with H323 Helpers
>
> On 4/12/2015 3:31 PM, Mike Lander wrote:
&
Hello to the list and Tom,
Building a new firewall with suse13.2.
linux-vme6:~ # shorewall version
4.6.3.4.
Using the H323 helpers has caused me headache's in the past. Heard it was
poorly maintained somewhere.
I have tried what I did in the past to remove it but it comes back li
On 08/01/2014 11:02 AM, Tom Eastep wrote:
> On 8/1/2014 7:02 AM, Mike Coan wrote:
>> List members
>>
>> Currently using Shorewall 4.5.11 on opensuse 12.3
>>
>> Building a new firewall using opensuse 13.1. After installing opensuse
>> 13.1 I notice that t
imple.
Should I define the interfaces in the params file (e.g. $INT_IF and
$EXT_IF) to make it easier to handle changes like this in the future?
Mike
--
Michael A. Coan
Woodlawn Foundation, Inc.
56 Harrison Street, Suite 401
New Rochelle, NY 10801-6560
Tel: 914-632-3778
Fax: 914-632
Ok.
Sorry, it was a dumb question :(.
Thanks a lot Tom.
Mike
---
Le 23/05/14 17:40, Tom Eastep a écrit :
On 5/23/2014 6:30 AM, Mike Baroukh wrote:
Hi.
I'm using shorewall 4.4.11 (debian 6) on a host
port 80 -j SNAT --to-source
xxx
Thanks for any help !
--
Mike
--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 30
On 5/7/2014 7:41 AM, Tom Eastep wrote:
On 5/7/2014 6:48 AM, Mike Andrewjeski wrote:
On 5/6/2014 8:10 PM, Tom Eastep wrote:
What are the contents of /usr/share/shorewall/configpath?
Thanks,
-Tom
Here you go Tom:
CONFIG_PATH=${CONFDIR}:${SHAREDIR}/shorewall
That is incorrect. It should be
On 5/6/2014 8:10 PM, Tom Eastep wrote:
On 5/6/2014 8:04 PM, Mike Andrewjeski wrote:
On 5/6/2014 6:53 PM, Tom Eastep wrote:
On 5/6/2014 4:42 PM, Tom Eastep wrote:
On 5/6/2014 4:08 PM, Tom Eastep wrote:
On 5/6/2014 7:51 AM, Mike Andrewjeski wrote:
On 5/6/2014 7:34 AM, Roberto C. Sánchez wrote
On 5/6/2014 6:53 PM, Tom Eastep wrote:
On 5/6/2014 4:42 PM, Tom Eastep wrote:
On 5/6/2014 4:08 PM, Tom Eastep wrote:
On 5/6/2014 7:51 AM, Mike Andrewjeski wrote:
On 5/6/2014 7:34 AM, Roberto C. Sánchez wrote:
On Tue, May 06, 2014 at 07:16:14AM -0700, Mike Andrewjeski wrote:
Oh, Sorry
On 5/6/2014 7:34 AM, Roberto C. Sánchez wrote:
On Tue, May 06, 2014 at 07:16:14AM -0700, Mike Andrewjeski wrote:
Oh, Sorry Tom, after running shorewall check, in desperation I copied
the /var/lib/shorewall/zones to /etc/shorewall/zones to see if it would
help. I have a back up
On 5/5/2014 8:18 PM, Tom Eastep wrote:
On 5/5/2014 4:41 PM, Mike Andrewjeski wrote:
Thanks Roberto, sorry for this amount of trouble...
attached.
Your /etc/shorewall/zones file is totally invalid:
teastep@gateway:~/shorewall/support/Mike/shorewall$ cat zones
fw firewall
loc ipv4 eth3
On 5/5/2014 4:55 PM, Tom Eastep wrote:
On 5/5/2014 4:41 PM, Mike Andrewjeski wrote:
Thanks Roberto, sorry for this amount of trouble...
The contents of these files would also be helpful.\:
/sbin/shorewall
/usr/share/shorewall/shorewallrc
Thanks,
-Tom
thanks Tom,
/sbin
On 5/5/2014 3:59 PM, Roberto C. Sánchez wrote:
On Mon, May 05, 2014 at 03:44:48PM -0700, Mike Andrewjeski wrote:
On Mon, May 05, 2014 at 02:31:34PM -0700, Mike Andrewjeski wrote:
What is the output of 'shorewall dump' (run as root, of course).
attached as shore-dump.gz (hope
>On Mon, May 05, 2014 at 02:31:34PM -0700, Mike Andrewjeski wrote:
>> Hi List,
>>
>> Thanks in advance for reading this, any help is gratefully appreciated.
>>
>> odd problem, after upgrading to debian wheezy (Shorewall-4.5.5.3) from
>> debian squ
Hi List,
Thanks in advance for reading this, any help is gratefully appreciated.
odd problem, after upgrading to debian wheezy (Shorewall-4.5.5.3) from
debian squeeze and (Shorewall-4.4.11.6-3+squeeze1)
when doing a start,restart or refresh I see the error: ERROR: Startup
is disabled.
shore
443 before it
switched to 192.168.13.121 > 74.125.226.11.443
Two lines of that and then back to 192.168.13.121 > 173.194.43.51.443
I hope this helps. I know I have to add some routes, but not sure where.
Mike
--
Michael A. Coan
Woodlawn Foundation
56 Harrison Street, Suite 401
New Roch
ocs did add the possibility of adding a bridge and
then assigning ath0.1 to that bridge.
Sorry for the long question that partly involves DD-WRT. i have spent
hours fiddling with this and this list is the most knowledgeable and
responsive I have ever followed.
Mike
--
Michael A. Coan
Woodlawn Foundat
My bad had a half finished entry in tcrules...Sorry
Mike
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT manager
> On 05/18/2012 02:08 PM, Mike Lander wrote:
> > Tom,
> > I have one last question about this, I noticed that in your config. You
use
> > the default gateway of your ISP's.
> > Many times I have had various isp's fail. I ping the default gateway as
a
$FW
I am pretty sure that squid will work when the firewall is in failover
state
if tcpouting is empty?
Mike
--
Live Security Virtual Conference
Exclusive live event will cover all the ways today&#
esort last night.
(4.2.2.2) (They always answer pings.)
Since I now know that lsm did not have the correct routes > inferface, this
has been my trouble.
Mike
--
Live Security Virtual Conference
Exclusive live event will
> On 05/18/2012 01:02 PM, Mike Lander wrote:
> >>>
> >>> Yes I knew not good to go, (still scratching head)
> >>> lsm 0.130-1
> >>> lsm.conf
> >>> #
> >>> # (C) 2009 Mika Ilmaranta
> >>> #
> >>> #
/shorewall-lite
STATEDIR=/etc/shorewall-lite
else
VARDIR=/var/lib/shorewall
STATEDIR=/etc/shorewall
fi
[ -f ${STATEDIR}/vardir ] && . ${STATEDIR}/vardir
cat < ${VARDIR}/${DEVICE}.status # Uncomment this line if you are
running Shorewall
; >ttl=0
> > # assume initial up state at lsm startup (1 = up, 0 = down, 2 =
unknown
> > (default))
> > # status=1
> > }
> >
> > #
> > # Some example connections are found in lsm.conf.sa
> No it's not good -- it is just working now until the next failure.
> Please forward your lsm.conf file and the output of 'shorewall show
> routing' with both providers up.
>
> -Tom
Yes I knew not good to go, (still scratching head)
lsm 0.130-1
lsm.conf
#
# (C) 2009 Mika Ilmaranta
#
# Licens
bytes
> > ^C
> > 0 packets captured
> > 13 packets received by filter
> > 0 packets dropped by kernel
> > Gate:~ #
> >
> >
> >
> > ---- Original Message
> > > From: "Tom Eastep"
> > > Sent: Friday, May
Original Message
> > From: "Tom Eastep"
> > Sent: Friday, May 18, 2012 11:32 AM
> > To: shorewall-users@lists.sourceforge.net
> > Subject: Re: [Shorewall-users] Lsm Failover
> >
> > On 5/18/12 10:53 AM, Mike Lander wrote:
> > > Hi Tom
t;
> On 5/18/12 10:53 AM, Mike Lander wrote:
> > Hi Tom,
> >
> > Seem to have an issue with my config.
> > If a failover occurs, the firewall detects it and does its job to
'disable'
> > device.
> > Lsm cannot succesfully ping a outside Ip on
Hi Tom,
Seem to have an issue with my config.
If a failover occurs, the firewall detects it and does its job to 'disable'
device.
Lsm cannot succesfully ping a outside Ip on failover on the device that
comes back up.
Here eth0 is up. Yet shorewall eth0 status = 1
eth0 Link encap:Ethernet
> > On 5/14/12 8:10 PM, Mike Lander wrote:
> > > Sounds like I am doing exactly what John is implementing. Using
4.5.3.
> So I
> > > thought I would try these patches.
> > > But I get this when running patch
> > >
> > > Gate:~ # patch /u
Original Message
> From: "Tom Eastep"
> Sent: Monday, May 14, 2012 8:39 PM
> To: shorewall-users@lists.sourceforge.net
> Subject: Re: [Shorewall-users] Multi isp lsm question
>
> On 5/14/12 8:10 PM, Mike Lander wrote:
> > Sounds li
/share/shorewall/Shorewall/Providers.rej
Gate:~ # patch /usr/share/shorewall/Shorewall/Providers < STATUS.patch
(Stripping trailing CRs from patch.)
patching file /usr/share/shorewall/Shorewall/Providers
Hunk #1 FAILED at 881.
1
Hello
I would like to setup shorewall for some ports only (i.e allow to surf the
net http and https and access ftp only and nothing else )
I've used the one interface firewall example with a policy file :
#SOURCE DESTPOLICY LOG LEVEL LIMIT:BURST
$FW
> point there were errors in /var/log/messages "martian source 192.168.69.21
> from 94.76.249.84, on dev ppp0" which happens to be the IP of the VPN server.
>
> I have also attached the shorewall dump, i know i am doing something wrong
> and would appreciate some h
scope link
default via 205.134.193.137 dev eth0 src 205.134.193.138
Gate:~ # ^C
Gate:~ #
Mike
--
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how Inte
Hello,
I have not been the list for some time. Is this list still ok for shorewall
support?
Mike
--
Achieve unprecedented app performance and reliability
What every C/C++ and Fortran developer should know.
Learn how
making sure
at least one module dir exists first. the perl code seems to lack
this simple check.
using shorewall-4.4.15.1, but current git tree seems to be unchanged.
-mike
--
Special Offer-- Download ArcSight Logger for
On Sat, Oct 9, 2010 at 8:02 PM, Christ Schlacta wrote:
> sounds pretty simple, your policy file should only have
> allalldrop
> and your rules should have something like
> ACCEPTsrcdesttcp8080
>
> replace src and dest with the appropriate src and dest, or use 0.0.0.0/0to
Hello
I've setup a stand alone interface shorewall setup
now I need to share network with a vmware virtual machine on nat settings
i know I'm askin stupid question, next step ?
two interface shorewall setup I guess
--
Th
Hello
I've installed a default standalone interface setup of shorewall ,
how do I test proof the firewall is efficient and "bullet proof " against
tools like hping and alike
thanks
--
Nokia and AT&T present the 2010 Calli
On Sat, Oct 9, 2010 at 8:02 PM, Christ Schlacta wrote:
> sounds pretty simple, your policy file should only have
> allalldrop
> and your rules should have something like
> ACCEPTsrcdesttcp8080
>
> replace src and dest with the appropriate src and dest, or use 0.0.0.0/0to
Hello
I'm a newbie shorewall user , trying to setup shorewall on an untrusted
lan network where I only connect to proxy server 8080 port and a website at
port 8080
and drop any other ip on the lan
how to do that with shorewall ?
thanks taking time to reply
---
Simple question, how do I use "owner UID match" as part of my rules or
macros? I see the location in rules for this information but the
format is not documented.
I'm currently running firehol and trying to map my configuration to
shorewall, I don't have shorewall installed(no version installed) o
> > Mike Lander wrote:
> > >
> > >> I have a two Isp's setup that send mail to another two Isp firewall.
> > >> For Ilustration I will call the firewall with the mail server in its dmz
> > >> using proxy arp,
> > >>
> Mike Lander wrote:
> >
> >> I have a two Isp's setup that send mail to another two Isp firewall.
> >> For Ilustration I will call the firewall with the mail server in its dmz
> >> using proxy arp,
> >> (Firewall A). I will call the depen
r the mail server is in Firewall A Dmz.
>
> In tcrules with eth1 local on Firewall B
>
> tun4 eth1: tcp 25
> I know the above wont work, What Will?
>
>
> Thanks
> Mike
>
I just thought of this instead of mangle tables maybe just add this route?
ro
all B
tun4 eth1: tcp 25
I know the above wont work, What Will?
Thanks
Mike
--
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this
-Original Message-
From: Tom Eastep [mailto:teas...@shorewall.net]
Sent: Wednesday, June 24, 2009 2:01 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] Packet Marking
Mike Lander wrote:
>
> Mike Lander wrote:
>> Tom,
>> Would it be simple to convert this
Mike Lander wrote:
> Tom,
> Would it be simple to convert this to mark the packet based on tos
> value And convert it to the dscp ef class in tos field and put in the
> /etc/Shorewall/started Or etc/rc.d. I know the syntax is not correct
> but this is just to get The id
downstream or userspace qos.
Any ideas? Also I noticed in Shorewall when I entered
Then I could also enter this in tcclasses
tos=0xb8/0xfc instead of tos=0x14/0xfc?
I this possible? Can Iptables be manipulated this way?
Thanks
Mike
Sub()
if
iptables -A INPUT -p tcp -m tos --tos 0x14
sbin/iptables -A
Mike Lander wrote>> Mike Lander wrote:
>>
>>> Yes here is a snif of the firewall that sends a tos 14 to the 1c
>>> firewall I am on the 10.143.99.241 at this dump looking at the local
>>> interface eth2
>>>
>>> Chehalis:~ # tcpdump -nev
Mike Lander wrote:
>> Mike Lander wrote:
>>
>>> Yes here is a snif of the firewall that sends a tos 14 to the 1c
>>> firewall I am on the 10.143.99.241 at this dump looking at the local
>>> interface eth2
>>>
>>> Chehalis:~ # tcpdump -nev
>
> Mike Lander wrote:
> >> Mike Lander wrote:
> >>
> >>> Yes here is a snif of the firewall that sends a tos 14 to the 1c
> >>> firewall I am on the 10.143.99.241 at this dump looking at the local
> >>> interface eth2
> >&
>
> Mike Lander wrote:
>
> >
> > Yes here is a snif of the firewall that sends a tos 14 to the 1c
> > firewall I am on the 10.143.99.241 at this dump looking at the local
> > interface eth2
> >
> > Chehalis:~ # tcpdump -nevvi eth2 host 10.19.227
>
> Mike Lander wrote:
>
> >
> > Yes here is a snif of the firewall that sends a tos 14 to the 1c
> > firewall I am on the 10.143.99.241 at this dump looking at the local
> > interface eth2
> >
> > Chehalis:~ # tcpdump -nevvi eth2 host 10.19.227
> Mike Lander wrote:
>
> >
> > Does this look better?
>
> It did what I expected
>
> -Tom
The fwmark classifiers are now lower than the u32. Also I put a persistant
ping through the tunnel which went to the expected class2.
And behold hit count went u
> Mike Lander wrote:
>
> >>>
> >>> In the meantime, see if the attached patch corrects your problem.
> >>>
> >>> patch /usr/share/shorewall-perl/Shorewall/Tc.pm < tcpriority.diff
> >>>
> >> Also in 4.4, the priority
Original Message
> From: Tom Eastep
> Sent: Saturday, June 20, 2009 4:45 PM
> To: Shorewall Users
> Subject: Re: [Shorewall-users] Traffic Shaping
>
> Tom Eastep wrote:
> > Mike Lander wrote:
> >> Think I found the trouble, I was wonderin
interface.
Mike
--
Are you an open source citizen? Join us for the Open Source Bridge conference!
Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250.
Need another reason to go? 24-hour hacker lounge
> Mike Lander wrote:
>
> > I read the man pages, so fc=1100 So This and's the tos byte,
> > which mask the ecn bits? 14 010100 and fc 1100 =010100 or
> > really to to 0101?
>
> 0x14 & 0xfc = 0x14 = 00010100
>
> > Here is show filters
> Mike Lander wrote:
> > Having a little trouble grasping the tos byte in these phone systems I am
> > working with.
> >First I will explain what I think this works like. Tos and dscp are
> > different in that dscp was implemented in favor of the old tos.
>
s have wide
ranges (in the thousands) using udp and would take quite a few tcrules entries.
IPKTS Unicast, IPKTS Multicast are part of the mix.
question1: Is there a way to do this with tos or packet/connection marking more
efficently.
Q2: Am I way off track here with trying to use tos?
Ca
> Mike Lander wrote:
>
> > JoY!
>
> Cool.
>
> >
> > ping from my vista workstation to firewall 2 which has no lan
> > except its internal interface. There is no way to ping without it working.
> >
> > Pinging 10.194.79.177 with 32 bytes o
>
> Mike Lander wrote:
>
> >
> > Ok I configed both of these boxes this way. this
> > is the fist box as you can see br0 is 10.194.79.191/24
> > the other box the same with exception br0 10.194.79.177/24
> > Then at the command line
> >
>
3
inet6 addr: fe80::9444:e4ff:feea:4ae3/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:20 overruns:0 carrier:0
collisions:0 txqueuelen:0
Mike -- You seem to be one of the folks who mistakenly believes that
every interface needs a default gateway. That is simply not true. You
only need multiple default routes when you have multiple links to the
internet.
Tom
No I was not thinking I needed two routes. Its just that this script
> >
> > Mike Lander wrote:
> >
> > > not sure how to config shorewall or if I have this bridge right but
> > > now there seems to be several ways to config shorewall here
> > > which shorewall docs should I look at with suse 11.1 and shorewall 4.2.
>
> Mike Lander wrote:
>
> > not sure how to config shorewall or if I have this bridge right but
> > now there seems to be several ways to config shorewall here
> > which shorewall docs should I look at with suse 11.1 and shorewall 4.2.9?
>
> Hi Mike,
>
feel like have got this right with so
little shorewall config here?
Thank you
Mike
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-f
Original Message
> From: "Mike Lander"
> Sent: Thursday, June 11, 2009 10:38 PM
> To: shorewall-users@lists.sourceforge.net
> Subject: [Shorewall-users] Openvpn Bridge
>
> Ok started a new thread with appropriate topic
> also reconfigged this ma
Ok started a new thread with appropriate topic
also reconfigged this mail client to be more
friendly to the list..
I think I have my bridge part good. this is /etc/init.d/bridge start
#!/bin/bash
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged
tap="tap0"
# Def
. . . . . .
done
Shutting down OpenVPN
Think I am close???
Thanks
Mike
--
I should add this to avoid confusion. I will be changing all IP;s
in netB to the new 10.10.85.0/24 network. However netA
Is hard to change its nodes to the new network,
netB needs to look as if the Hp printer is still coming
from its old ip 10.3.85.140 while its real ip is 10.10.85.140
Mike
RFACE INTERNAL ALL INTERFACES LOCAL
10.3.85.194 tun0 10.10.85.140.no no
Mike
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option
route host 10.10.11.1.tun0 Do I need this or does
the snat dnat take of of going trough the tunnel?
nobind
persist-key
persist-tun
certificate stuff
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
comp-lzo
verb 4
Thank you
Mike
Note one other question:
think the open vpn configs below.
Thanks
Mike
-
client
dev tun
proto udp
remote 66.224.100.190 1194
ifconfig 172.16.1.2 172.16.1.1
;route 10.3.85.0 255.255.255.0
route add -host 10.3.85..20 tun0 --this is server side lan ip
resolv-retry infinite
Hi Tom,
Last week you sent me a patch for my issue where I had lowercase rules in
my /var/log/syslog file, like so:
May 23 13:01:10 rockenfield kernel: [4400612.216917]
Shorewall:loc2net:reject:IN=eth1...
The patch worked great. However, I just got an update from Debian's apt-get
and it put it b
I did a quick search in the archives and I didn't find anything about this. I
apologize if this is a duplicate topic.
It seems that the "reject", "accept", "drop", etc, keywords in the rule
filtering have changed from uppercase to lowercase. I noticed this a few
Shorewall releases ago but I s
--- Original Message
From: Aaron Axelsen <[EMAIL PROTECTED]>
Sent: Saturday, September 06, 2008, at 09:15PM PDT (GMT -0700)
AA> I have been searching online, and there are bug reports in debian with
AA> the amd64 build of the 2.6.2* kernels - has anyone else successfully
AA> used shorewall on a de
this to work with Shorewall, I added that 'iptables' line to
/etc/shorewall/start. Is there a better way to add an iptables policy rule to
Shorewall's config files to allow packets from two IPsec routable subnets to
pass?
Mike Rosile
International I.T. Director
Interzone Enterta
I am running Debian testing (lenny) and my "apt-get dist-upgrade" upgraded to
Shorewall v4.0.12 the other day. On the same day it upgraded the kernel to
2.6.25-2. iptables is 1.4.0 and I don't believe that was changed. I'm not
sure if the change I'm seeing is Shorewall or the kernel.
What I'
Mike wrote:
> I have a multi-Isp setup with two Nics for net zone and one nic for
> loc for poptop to route on ISP one in this config I have used
> route_rules to ensure packets go out the correct net ISP,
I would use the "listenip" parameter in pptpd.conf to specify whi
Mike wrote:
> I have a multi-Isp setup with two Nics for net zone and one nic for
> loc for poptop to route on ISP one in this config I have used
> route_rules to ensure packets go out the correct net ISP,
I would use the "listenip" parameter in pptpd.conf to specify whi
Mike wrote:
>Is it sufficient to use route_rules for this to work as follows,
> because I am having trouble with it.
Mike,
"I am having trouble with it" will get you sympathy but no help. What
problem _exactly_ are you having?
>
> #
> # Shorewall version 4 -
opefull to resolve the T-bird issue soon.
Btw I answered your last mail Tom from T-bird did you get that?
Thanks
Mike
-
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just
Old rule with squid as transparent proxy:
>> REDIRECTloc3128tcp80
>>
>
> Glad you got it to go, the above appeared before the new dan's rule,
> correct? First rule match wins in the rules file.
>
Yes, it did.
>> This needed to be changed as follows, in order to redirect dan
3128tcp8080
Then, I needed to redirect requests on port 80 --> dansguardian:
REDIRECTloc8080tcp80
Everything seems hunky-dory now.
--Mike
-
This SF.net email is spons
Jerry Vonau wrote:
> Mike Purnell wrote:
>
>> Eduardo Ferreira wrote:
>>
>>> Mike Purnell wrote on 07/03/2008 16:35:11:
>>>
>>> I want to add a rule(s) (presumably a
>>>
>>>> REDIRECT) so that web page requests au
Eduardo Ferreira wrote:
>
> Mike Purnell wrote on 07/03/2008 16:35:11:
>
> I want to add a rule(s) (presumably a
> > REDIRECT) so that web page requests automatically are forced through
> > dansguardian --> squid --> web
> >
>
> REDIRECTloc
) so that web page requests automatically are forced through
dansguardian --> squid --> web
I've tried a number of rules, but they either end up going nowhere, or
to the webserver on the machine.
Mike
-
This S
1 - 100 of 185 matches
Mail list logo
