cture.
--
*Rich Wales*
ri...@richw.org
--
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NE
OK, I just saw a reference to the *MultiISP.html* page. Hopefully that
will answer my question?
--
*Rich Wales*
ri...@richw.org
--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give your users amazing mobile
l use another public IP address.
How can I accomplish this sort of thing on a single gateway/firewall
machine using Shorewall?
--
*Rich Wales*
ri...@richw.org
--
Go from Idea to Many App Stores Faster with Intel(R) XDK
Give
> This won't work unless the default route on the VPN-connected server
> is via the VPN. See Shorewall FAQ 1f.
Thanks. Since I am unable / unwilling to change the default route on
the VPN-connected server, I'll have to go with the ugly masq hack --
which appears to work for me h
connect manually to the IMAP service I'm trying to DNAT to
("telnet 10.0.227.2 imap" on the virtual server), it connects just fine.
Any suggestions would be welcomed. Please let me know if more info is
needed or would help. Thanks.
Rich Wales
ri...@richw.org
dump.t
blem also affect Shorewall routes that are associated
with a non-"main" provider?
--
*Rich Wales*
ri...@richw.org
--
___
Shorewall-users mailing list
Shorewall-users@lists
w/r/t specifying routes that use "main" --
but at least I have a workaround for it.
Again, I'm running Shorewall 4.5.16.1 on an Ubuntu 13.0 system.
--
*Rich Wales*
ri...@richw.org
--
__
hosts and run 'ip neigh add ...'
> for each host. In my view, that is too ugly to consider; not from the
> programming effort involved, but because it could create a massive number of
> commands to be executed./
Understood. Thanks for the
ng the code around lines 84 and 96 in the
setup_one_proxy_arp() function in Proxyarp.pm. Could such a change perhaps be
made in a future release? Or am I overlooking some reason why this simply
won't work or is a really, really bad idea?
Again, I'm r
dding host routes for these destinations by running a shell script
when my firewall starts up -- but I'd prefer to accomplish this in Shorewall
if there is a way to do it.
I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
--
*Rich Wa
but I'll ask it in a separate thread
to reduce confusion.
--
*Rich Wales*
ri...@richw.org
--
___
Shorewall-users mailing list
Shorewall-users@lists.sourcef
I'm running Shorewall 4.5.16.1 on an Ubuntu 13.10 system.
Is it possible to specify a CIDR range in the proxyarp file? Or do I
really need to list each individual IP address separately?
--
*Rich Wales*
ri...@rich
r default route. It would still be nice if I could
somehow advertise the dom0 as the default gateway in my LAN, and
configure the dom0 in some way to pass outbound traffic to this or
that domU as appropriate, but I can live without that if necessary.
--
Rich Wales === Palo Alto, CA, USA
ot a warning:
Checking...
WARNING: Destination zone (int) ignored : /etc/shorewall/rules (line 38)
though the firewall appears to work OK despite this warning.
Does this sound like a Shorewall bug? Or does it sound like I'm doing
something wrong in my firewall definition?
--
Rich Wales
corresponding internal host or hosts).
Or maybe this all means that the multi-ISP method, for all its complex
strangeness, would still be simpler than using Xen and a bunch of domU's.
--
Rich Wales === Palo Al
time being, I'm not working on it and not worrying about it.
Thankfully, my current ISP doesn't care or mind if I use one MAC for
multiple static IP's. If and when this does become a problem for me,
I'll probably try experimenting with Xen (per Russel Riley's idea).
--
Rich Wales
rigid
policy like this.
In case it makes a difference, my current firewall is running Ubuntu 8.04
Server (kernel 2.6.24-19).
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.
, and I should just ignore it, and
maybe you'll want to change the compiler so the warning won't be issued
in situations like this?
Or is there some other explanation?
--
Rich Wales === Palo Alto, CA, USA
ays "Connection Tracking Match: Available". Does that mean connection
tracking is already happening by default on my system? Or do I need to
do something explicit in my Shorewall configuration to enable it?
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http:/
ng shorewall-perl 4.0.6 on a Debian Etch system.
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales
-
This SF.Net email is spons
hey start seeing browsing attempts time
out or get rejected that are currently working OK)? Or is the mere fact
that these packets aren't being properly tracked as part of established
connections going to mean that they are doomed already and that dropping
them can't do any further harm?
Tom Eastep wrote:
It's impossible to interpret a few log messages completely out of context.
Fair enough. See the attached status.txt.gz (output of "shorewall dump").
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.o
ork. The other example
presumably involves SMTP somehow.)
What might be causing these? Should I be worried? What system settings
or Shorewall options (if any) should I take a closer look at?
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.o
routing or bridging), though I haven't tried
it and suspect that since it seems to use iptables, it's probably not
compatible with Shorewall anyway.
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.ric
out to the Internet).
Hopefully this tidbit of knowledge can be mentioned in some FAQ's and
how-to's, so other people won't need to suffer the way I did (and
perhaps just give up like I almost did).
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTEC
I try to create a domU, vif-route logs
a cryptic network setup error, and my "xm create" command exits without
having accomplished a thing.
Any suggestions are welcome. I've described my problem on xen-users,
but so far at least, no one over there has come up with anything useful.
ill have
some insight as to what I'm doing wrong. (I tried imitating the "Xen My
Way-Routed" example in the Shorewall documentation, but for some reason
it simply won't work for me -- the domU stubbornly refuses to connect to
the network and flatly will not start up.)
--
R
work interface
(171.66.155.243) is currently unconnected while I develop/test.
Any suggestions as to how I can get SNAT working would be gratefully
appreciated. Thanks.
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.org =
It appears that my earlier problem with getting DNAT to work on the
new Xen system I'm putting together may have been due to my not fully
appreciating the implications of enabling OPTIMIZE in shorewall.conf.
I turned off OPTIMIZE, and my problem went away.
--
Rich Wales === Palo
wall
4.0.6. I've tried both shorewall-perl (4.0.6-3) and shorewall-shell.
I'll post more details of my configuration if necessary, though I'm
hoping that my question will turn out to be elementary enough not to
require too much detail.
--
Rich Wales === Palo Alto, CA, USA
g specific time ranges, but I need to limit other
forms of access too (e.g., IM chatting).
--
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.org === http://en.wikipedia.org/wiki/User:Richwales
"The difference between theory and practice is
My earlier problem (firewall not able to communicate with any Internet
host) appears, as predicted, to have been because of a stale ARP cache
problem. It's working OK now. Thanks again for the suggestions.
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
ll into the new firewall -- though, hopefully
understandably, I'd only want to do that as a last resort.
Do any other possibilities come to your mind, in case it turns out
not to be a question of a stale ARP cache?
Rich Wales === Palo Alto, CA, USA === [EMA
et, but nothing is coming back (e.g., no TCP
connections are being set up, and UDP services like NTP and DNS are not
receiving any replies to queries).
When I reconnected my current firewall, everything starting working again
just fine.
Any ideas?
Rich Wales === Palo Alto, CA, USA
"iftab" was precisely what I needed to learn about and use.
Thanks to everyone who replied.
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.org === http://en.wikipedia.org/wiki/User
have no idea if Shorewall's save/restore would still work in such an
environment.
Has anyone successfully implemented this?
Rich Wales === Palo Alto, CA, USA === [EMAIL PROTECTED]
http://www.richw.org ===
36 matches
Mail list logo
