Hi Jorn
Am 30.12.2016 um 08:52 schrieb j...@jorneriksen.com:
Have you posted on the Bering uClibc mailing list? There seems to be a
problem with module loading in the latest release of Bering.
Not yet - however I do know how to load modules but I'm not a kernel wiz,
so a pointer to a module nam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/30/2016 09:01 AM, Tom Eastep wrote:
> On 12/30/2016 08:54 AM, Tom Eastep wrote:
>> On 12/29/2016 11:52 PM, j...@jorneriksen.com wrote:
Have you posted on the Bering uClibc mailing list? There
seems to be a problem with module loading
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/30/2016 08:54 AM, Tom Eastep wrote:
> On 12/29/2016 11:52 PM, j...@jorneriksen.com wrote:
>>> Have you posted on the Bering uClibc mailing list? There seems
>>> to be a problem with module loading in the latest release of
>>> Bering.
>> Not ye
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/29/2016 11:52 PM, j...@jorneriksen.com wrote:
>> Have you posted on the Bering uClibc mailing list? There seems to
>> be a problem with module loading in the latest release of
>> Bering.
> Not yet - however I do know how to load modules but I'm
> Have you posted on the Bering uClibc mailing list? There seems to be a
> problem with module loading in the latest release of Bering.
Not yet - however I do know how to load modules but I'm not a kernel wiz,
so a pointer to a module name would be appreciated. I've checked the
obvious "nat" named
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/29/2016 08:18 AM, Jørn Eriksen wrote:
> Hello there,
>
> Got Leaf Bering uClibc with Shorewall 5.0.12.1
>
> Compile go OK however when Shorewall do iptables restore I get the
> following message iptables-restore: line 41 failed ERROR:
> ipta
Hello there,
Got Leaf Bering uClibc with Shorewall 5.0.12.1
Compile go OK however when Shorewall do iptables restore I get the
following message
iptables-restore: line 41 failed
ERROR: iptables-restore Failed. Input is in
/var/lib/.iptables-restore-input
shorewall restart debug give this:
hi,
found it, typo in the config :/
wbr,tja...
- Ursprüngliche Mail -
Von: "Thomas Jagoditsch"
An: "shorewall-users"
Gesendet: Mittwoch, 28. September 2016 02:53:02
Betreff: [Shorewall-users] DNAT Problem
hi,
ive got a strange problem on my hand with DNAT.
hi,
ive got a strange problem on my hand with DNAT.
i have some servers running at hetzner in germany, they are pretty all set up
the same way.
the physical machine runs libvirt/kvm and there are some vms on a routed but
otherwise unconnected bridge which in turn are reachable via DNAT as their
And your bet was right Tom.
After further examination I found out that TCP 25 was unfortunatelly
blocked by both ISPs I was performing tests from.
Only the third one that I tried today (a free shell account) gave a
right result.
DNAT works perfectly.
Thanks!
W dniu 2011-03-17 23:53, Tom Eastep
On 3/17/11 3:45 PM, Always GNU wrote:
>
> What's goin on?
>
I suggest that you follow the DNAT troubleshooting tips in FAQs 1a and
1b and find out. My bet is that port 25 is being blocked before it gets
to the Shorewall box.
-Tom
--
Tom Eastep\ When I die, I want to go like my Grandfa
Hi All,
I use rather old Shorewall 3.2.6 and I know it's no longer supported.
I haven't been updating the software because it works as intended until now.
The problem is a simple DNAT rule. I actually have around 8 DNAT rules
and they all work just fine.
Here is what I want to achieve. I have a
Terry Gilsenan wrote:
> Hi,
>
> Change the rule to this..:
>
> DNAT:info cmtcloc:192.168.0.158:23 tcp 8011
>
> Or change the telnet service on the target machine to listen on port 8011
> rather than port 23
>
> ... and another thing to be careful of is that there must be a
connection from the target of the DNAT rule.
Regards,
T
___
From: João Alberto Kuchnier [joao.kuchn...@dataprom.com]
Sent: Thursday, 18 March 2010 7:04 AM
To: shorewall-users@lists.sourceforge.net
Subject: [Shorewall-users] DNAT Problem
Hi everyone!
I'm having tim
Hi everyone!
I'm having time out problems when using a DNAT rule.
Rule:
DNAT:info cmtcloc:192.168.0.158 tcp 8011
Log:
Mar 17 17:50:17 gw kernel: [1583997.524924]
Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60
TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROT
uting, it could be located there
> as well.
>
>
> Cheers
> Mike
>
> -Ursprüngliche Nachricht-
> Von: sangprabv [mailto:sangpr...@gmail.com]
> Gesendet: Samstag, 6. Februar 2010 12:57
> An: Shorewall Users
> Betreff: Re: [Shorewall-users] DNAT Problem
>
.
Cheers
Mike
-Ursprüngliche Nachricht-
Von: sangprabv [mailto:sangpr...@gmail.com]
Gesendet: Samstag, 6. Februar 2010 12:57
An: Shorewall Users
Betreff: Re: [Shorewall-users] DNAT Problem
Yes sure I did it, I think there is something else causing this problem. I
will look over it and
net:5.4.3.2
>>
>> Your client routing should be kept.
>>
>>> route add 9.8.7.6. gw 192.168.8.1
>>> route add 5.4.3.2 gw 192.168.8.1
>>
>> You don’t need your outlined nat entry, you don’t need your outlined rules
>> entry. Take mine.
>>
>>
>>
>
: [Shorewall-users] DNAT Problem
I have tried your suggestion but now if I do tcpdump, the connection from
192.168.8.37 to 5.4.3.2:55000 is read from 192.168.8.1 (the firewall IP)
sangprabv
sangpr...@gmail.com
On Feb 6, 2010, at 5:03 PM, Michael Weickel - iQom Business Services GmbH
wrote
ry. Take mine.
>
>
>
> -Ursprüngliche Nachricht-
> Von: sangprabv [mailto:sangpr...@gmail.com]
> Gesendet: Samstag, 6. Februar 2010 10:49
> An: Shorewall Users
> Betreff: Re: [Shorewall-users] DNAT Problem
>
> net:.5.4.3.2 just an illustratio
:49
An: Shorewall Users
Betreff: Re: [Shorewall-users] DNAT Problem
net:.5.4.3.2 just an illustration, it's not the real IP and it's just a
typo.
If I disable the nat entry in nat file 192.168.8.35 can not telnet to
9.8.7.6:11008
sangprabv
sangpr...@gmail.com
On Feb 6, 2010, at 3:18 PM,
> -Ursprüngliche Nachricht-
> Von: sangprabv [mailto:sangpr...@gmail.com]
> Gesendet: Samstag, 6. Februar 2010 02:11
> An: Shorewall Users
> Betreff: Re: [Shorewall-users] DNAT Problem
>
> 9.8.7.6 is my partner A IP
> 5.4.3.2 is my partner B IP
>
> 192.168.
t-
Von: sangprabv [mailto:sangpr...@gmail.com]
Gesendet: Samstag, 6. Februar 2010 02:11
An: Shorewall Users
Betreff: Re: [Shorewall-users] DNAT Problem
9.8.7.6 is my partner A IP
5.4.3.2 is my partner B IP
192.168.8.35 is my local server P IP behind firewall
192.168.8.37 is my local server P
55000 on ip 5.4.3.2 are send to 9.8.7.6
>
>
> -Ursprüngliche Nachricht-
> Von: sangprabv [mailto:sangpr...@gmail.com]
> Gesendet: Freitag, 5. Februar 2010 19:14
> An: Shorewall Users
> Betreff: Re: [Shorewall-users] DNAT Problem
>
> I think I found the reason why connecti
Betreff: Re: [Shorewall-users] DNAT Problem
I think I found the reason why connection is always failed. I tried to
tcpdump and found that telnet to 5.4.3.2 is using 9.8.7.6. I don't know why
this happen?
sangprabv
sangpr...@gmail.com
On Feb 6, 2010, at 12:48 AM, Michael Weickel - iQom Bus
n: Shorewall Users
> Betreff: Re: [Shorewall-users] DNAT Problem
>
> I use Ubuntu and I don't think mask is mandatory because if it is mandatory
> then why telnet to 9.8.7.6 always success and not with 5.4.3.2. It makes me
> crazy :(
>
>
>
> sangprabv
> sangpr...@gm
: [Shorewall-users] DNAT Problem
I use Ubuntu and I don't think mask is mandatory because if it is mandatory
then why telnet to 9.8.7.6 always success and not with 5.4.3.2. It makes me
crazy :(
sangprabv
sangpr...@gmail.com
On Feb 5, 2010, at 11:35 PM, Michael Weickel - iQom Business Services
üngliche Nachricht-
> Von: sangprabv [mailto:sangpr...@gmail.com]
> Gesendet: Freitag, 5. Februar 2010 17:23
> An: Shorewall Users
> Betreff: Re: [Shorewall-users] DNAT Problem
>
> Thanks for the reply, I have this setting in
> /etc/shorewall/masq:
> e
ff: Re: [Shorewall-users] DNAT Problem
Thanks for the reply, I have this setting in
/etc/shorewall/masq:
eth0eth1
eth0 is the public IP, while eth1 is the private network
I have tried your solution but it doesn't work as well.
sangprabv
sangpr...@gmail.com
On Feb 5, 2010, at 3:51 PM, Mich
ase I suggest to doublecheck your masq file whether you only masq
> 192.168.8.35 or the whole network e.g. 192.168.8.0/24?
>
>
> Cheers
> Mike
>
> -Ursprüngliche Nachricht-
> Von: sangprabv [mailto:sangpr...@gmail.com]
> Gesendet: Freitag, 5. Februar 2010 09:2
?
Cheers
Mike
-Ursprüngliche Nachricht-
Von: sangprabv [mailto:sangpr...@gmail.com]
Gesendet: Freitag, 5. Februar 2010 09:28
An: Shorewall Users
Betreff: [Shorewall-users] DNAT Problem
Hi,
I have a client behind shorewall which has 2 IP:
192.168.8.35 is the real IP and 192.168.8.37 is the
Hi,
I have a client behind shorewall which has 2 IP:
192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP.
I have added DNAT rules into shorewall:
DNATnet loc:192.168.8.35tcp
11008 - 1.2.3.4
DNATnet
Hi all:
We have a 4 interface firewall, 3 interfaces with public IP`s and 1
conected to our LAN, with a private IP. In the public IP we have
diferent services (ftp, web, ..). In the LAN we have the real servers.
Traffic to 62.15.227.88 redirected to 192.168.13.1
Traffic to 62.15.227.20 redirect
On Thu, Apr 24, 2008 at 11:51:44PM -0400, Mark Rutherford wrote:
> Greetings all,
>
> I switched our firewall from a script I maintained to Shorewall.
> (Version is 3.2.6 - was what was available the easy way with Debian)
> Everything is fine except for traffic to one site that is behind the
> fi
Doh!
Missed it must have had a senior moment.
I apologize.
I got the squid example from one of the FAQs and it worked great.
The real answer to this (at least for me) was to have this outside of
the firewall sitting by it's lonesome but someone else wanted it this way.
I can take the horse to
Mark Rutherford wrote:
>The site is running a product called Moveit and it uses SSL, so
>there would be a nag screen when the certificates are installed
>if we access it by it's internal IP - which I am trying to avoid.
As Tom says, it's in the FAQs.
But, if you set up split DNS then you can wo
Mark Rutherford wrote:
From outside of the network I can access the site running on
70.61.215.101 that DNATs to 10.1.1.3
From inside of the network it does forward the traffic to
70.61.215.101, but it does not further relay that to 10.1.1.3
I can have the locally running Apache service listen
Greetings all,
I switched our firewall from a script I maintained to Shorewall.
(Version is 3.2.6 - was what was available the easy way with Debian)
Everything is fine except for traffic to one site that is behind the
firewall, and not from the outside.
The firewall has 5 addresses, 3 occupy w
Mark wrote:
> That was it! Thank you for your help Jerry.
>
That problem was exacerbated by a Shorewall bug which will be fixed in
3.4.4. When HIGH_ROUTE_MARKS=Yes, TC_EXPERT=Yes is also being
effectively set.
-Tom
--
Tom Eastep\ Nothing is foolproof to a sufficiently talented fool
Shoreline
That was it! Thank you for your help Jerry.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jerry
Vonau
Sent: Friday, June 15, 2007 4:00 PM
To: Shorewall Users
Subject: Re: [Shorewall-users] DNAT problem with MultiISP
Mark wrote:
> Greetings,
>
&g
Mark wrote:
> Greetings,
>
> I have a Shorewall configuration with 2 WAN subnets bound to eth0 and eth1
> and 2 LAN interfaces bound to eth2 and eth3. We have a web/e-mail server on
> eth3 in the 192.168.30.0/24 subnet at 192.168.30.10. I have 2 rules to DNAT
> TCP traffic on ports 80 and 110 arri
Greetings,
I have a Shorewall configuration with 2 WAN subnets bound to eth0 and eth1
and 2 LAN interfaces bound to eth2 and eth3. We have a web/e-mail server on
eth3 in the 192.168.30.0/24 subnet at 192.168.30.10. I have 2 rules to DNAT
TCP traffic on ports 80 and 110 arriving on specific IP's
(e
That could do. I hope.
Could you be a little more specific, though?
in my "interfaces":
#ZONE INTERFACE BROADCAST OPTIONS
fw firewall
net eth0detect routeback
and "rules"
#ACTION SOURCE DESTPROTO DESTSOURCE
ORIGINAL
Hi Andrea,
not totally sure on this, but it should work:
On 5/23/07, Andrea Fastame <[EMAIL PROTECTED]> wrote:
<...cut...>
> Still, the tunnel works fine (i can ping a remote host 10.11.100.24
> successfullty). I manually had to setup a route to route all packets to
> the 10.100.11.24 trhough the
Hi.
I have a Debian Etch (4.0) server with Shorewall 3.2.6 / iptables 1.3.6.
/etc/network/interfaces:
iface eth0 inet static
address 10.0.100.5
netmask 255.255.255.0
gateway 10.0.100.1
dns-nameservers 151.99.125.2
auto eth0
iface eth0:1 inet static
address
45 matches
Mail list logo
