Hi All,
I have had a read over the archive and there are some posts regarding
syslog-ng but I haven't been able to find the solution with dmesg logging.
My firewall is a Leaf Bering-uClibc 4.0 OS.
I would like to just stop shorewall/netfilter/whatever from logging to
dmesg.
firewall# dmesg
pages
Hi!
I've read http://www.shorewall.net/Documentation.htm#Nested
and http://www.shorewall.net/Multiple_Zones.html#id2459430
but it is not clean to me.
I have one interface (eth0) which is connected do the world.
It means request can come from any address on this interface.
So - I cannot use parall
Hi!
It's more "how iptables works" question than pure Shorewall one.
In fact I will describe two variants.
***
Let's assume:
1) network for interchange traffic with my ISP: 80.10.10.0/30,
80.10.10.1: my gateway on his network, 80.10.10.2: my router's
interface;
2)
Hi!
Is it possible to create SNAT using /etc/shorewall/masq without
pointing any outgoing interface? Please refer to below configuration.
eth0 IP: 30.0.0.1/30; default gateway: 30.0.0.2/30 via eth0; my ISP;
eth1 IP: 80.10.20.1/24; "the rest" of my public IP pool;
eth2 IP: 10.0.2.1/24; private net
Hi guys,
I have a very simple setup
ADSL Mode (bridge mode) -- eth0-shorewall masq-eth1 -- internal lan
Using PPPOE on a leaf bering-uclibc machine
All seems to work I can surf the web from my machines on the lan no issues
at all, but I can't get my simple DNAT rule to work.
I just want to pass
July 2007 12:43 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] DNAT (port foward not working, I know I've
missed something simple)
Here are some more observations.
Tom Eastep wrote:
> Adam Niedzwiedzki wrote:
< old configuration worked>
>> So I setup a new machine, n
something simple)
Hello Adam,
Adam Niedzwiedzki wrote:
> Thank you so much for your response ,always love the tongue in cheek on=
es,
> and of course my firewall is still in tact, no flames ;)
Glad to hear it ;-)
> All is working now (and I can admit all I did was reboot everything, se=
les to MASQ this IP via eth2 where my real servers for
load balancing sit. I only have a sub set of servers that require balancing,
the rest are connected via eth1.
Has anyone done a setup in this config? Anyones thoughts on if it will even
work, be
scope link src 202.45.103.86
202.45.102.0/25 dev eth1 proto kernel scope link src 202.45.102.1
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.1
default via 202.45.103.85 dev eth0 proto zebra equalize
Cheers
Adam
---
essage-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nathan
Gibbs
Sent: Wednesday, 9 January 2008 9:37 AM
To: Shorewall Users
Subject: Re: [Shorewall-users] Shorewall and LVS-NAT (via fwmark) nat'd
machines can't access the outside world directly
* Tom Eastep wrote:
&g
(via fwmark) nat'd
machines can't access the outside world directly
Adam Niedzwiedzki wrote:
> Hi guys,
>
> Ok I went to masq the LVS interface and realised I "think" I have an
issue..
>
> This machine IS my router AS well as my firewall and my load balancer...
Thank you Tom,
That has cleared everything up for me.
I was "tying" the IP's to there specific interfaces, and getting bogged down
in details. or as the classic phrase goes "Step back and look at the
bigger picture" which you clearly illustrated for me.
Thank y
Hi guys,
This is my setup
Leaf router/firewall
Shorewall 3.4.5
Netcomm NB5 ADSL modem -> eth0 -- BOX -- eth1 -- internal lan.
I'm using PPPOE for my connection, adsl modem is in bridge mode.
I have set the NB5 with 192.168.1.1 and set it's default gateway as
192.168.1.2
I gather I have to setup
ched file for /sbin/shorewall dump > /tmp/status.txt
I really do hope I can receive some extra help with this
If there is anything else I can submit to help trouble shoot with me,
please let me know.
-Adam
-
This
.
-Adam
Adam D wrote:
> I have been working really hard configuring and researching very
> extensively, trying to figure why we are getting
> "Shorewall:FORWARD:DROP" packets. IPSEC works just fine without the
> iptable rules created by our shorewall configs but when st
ISP1000
10.1.0.9/32-VPN1001
Can you help me figuring out what's wrong ?
Thanks in advance,
Best regards, Adam.
--
Check out the vibrant tech community on one of the world's
Hey,
Can you make sure you have set IP_FORWARDING=Yes in shorewall.conf ?
Adam
On March 16, 2017 6:23:22 AM GMT+01:00, Ryan Joiner wrote:
>On 3/15/2017 10:02 PM, Simon Matter wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA256
>>>
>>> On
Hello,
Thanks for the answer. You mean switch 1000 and 1001 only right ? Does the file
lines order also matters ?
Regards, Adam.
On March 15, 2017 11:23:17 PM GMT+01:00, Tom Eastep
wrote:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>On 03/15/2017 02:56 PM, Adam Cécile wro
Yay! First answer on the list, first issue fixed :-)
It's a kernel setting, Linux doesn't permit by default.
Adam.
Le 16 mars 2017 17:52:29 GMT+01:00, Ryan Joiner a écrit :
>On 3/16/2017 2:09 AM, Adam Cécile wrote:
>> Hey,
>>
>> Can you make sure yo
2017 10:10 AM, Adam Cécile wrote:
> Hello,
>
> Thanks for the answer. You mean switch 1000 and 1001 only right ? Does the
> file lines order also matters ?
>
> Regards, Adam.
>
> On March 15, 2017 11:23:17 PM GMT+01:00, Tom Eastep
> wrote:
>> -BEGIN PGP SIGNED
I added a route with "lo" as source and it seems to fix the issue.
Is that correct?
Thanks
Le 16 mars 2017 21:03:45 GMT+01:00, Tom Eastep a écrit :
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>On 03/16/2017 12:21 PM, Adam Cécile wrote:
>> Hello,
>>
SELinux shit? What distro are you running?
Adam.
Le 15 mai 2017 19:16:06 GMT+02:00, Tom Eastep a écrit :
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>On 05/15/2017 09:21 AM, Zenny wrote:
>> Thanks Tom for your input.
>>
>> But I have the ports alrea
sent throught eth1.
Thanks a lot in advance,
Regards, Adam.
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/sla
Thanks,
Adam.
On 07/27/2017 05:10 PM, Tom Eastep wrote:
On 07/26/2017 11:34 PM, Adam Cécile wrote:
Hello,
I made a quick setup using PBR to migrate a server from an old network
to a new one.
Here is the provider file:
#NAME NUMBER MARKDUPLICATE INTERFACE GATEWAY
OPTIONS
On 07/27/2017 06:39 PM, Tom Eastep wrote:
On 07/27/2017 09:13 AM, Tom Eastep wrote:
On 07/27/2017 08:51 AM, Adam Cécile wrote:
Hi,
Here we go:
0: from all lookup local
999:from all lookup main
1: from all fwmark 0x1/0xff lookup 1
10001: from all fwmark 0x2/0xff lookup 2
2
On 07/27/2017 08:51 PM, Tom Eastep wrote:
On 07/27/2017 10:12 AM, Adam Cécile wrote:
On 07/27/2017 06:39 PM, Tom Eastep wrote:
From the routing rules you posted above, the 'main' table is traversed
before BPR is used, and the 'main' table will route packets to
192.1
acked.
Is there anything wrong killing the main table and doing PBR only ?
Le 27 juillet 2017 21:12:32 GMT+02:00, Tom Eastep a
écrit :
>On 07/27/2017 11:57 AM, Adam Cécile wrote:
>> On 07/27/2017 08:51 PM, Tom Eastep wrote:
>>> On 07/27/2017 10:12 AM, Adam Cécile wrote:
>
MT+02:00, Tom Eastep a
écrit :
>On 07/27/2017 11:57 AM, Adam Cécile wrote:
>> On 07/27/2017 08:51 PM, Tom Eastep wrote:
>>> On 07/27/2017 10:12 AM, Adam Cécile wrote:
>>>> On 07/27/2017 06:39 PM, Tom Eastep wrote:
>>>>>> From the routing rules y
écrit :
>On 07/27/2017 12:38 PM, Adam Cecile wrote:
>> No NAT anywhere (actually there s one in the central firewall to make
>> packet coming from 192.168.195 to 10.13 looking like coming from
>10.13
>> so shorewall machine answer back through eth0, but thats a workaround
>&
:57 PM, Adam Cecile wrote:
>> Eth1 will be killed. It has been added to provide an access through
>the
>> old address logging every client so they can be fixed to use the
>proper
>> address.
>>
>> No it was not. 10.13.70.138 <http://10.13.70.138> was reacha
30 matches
Mail list logo
