Il 16/09/22 16:59, Tim Taylor ha scritto:
[...]
I am trying to get port 443 to NAT to a server in my DMZ.
I can telnet to 443 from inside, I can telnet to 443 from the
firewall, but I get this when trying to telnet to 443
PhxFw1 kernel: SW:net-fw:DROP: IN=bond-ext.5 OUT=
On Fri, Sep 16, 2022 at 02:59:50PM +, Tim Taylor wrote:
> I do not know if this is the correct place, but I am looking for assistance.
> If this is not the right place, or if there is a better place, I would
> appreciate any assistance.
> I am very new to Shorewall, and inherited it from a
I do not know if this is the correct place, but I am looking for assistance.
If this is not the right place, or if there is a better place, I would
appreciate any assistance.
I am very new to Shorewall, and inherited it from a previous employee.
I am trying to get port 443 to NAT to a server in
Ruth Ivimey-Cook wrote:
>
> Simon, many thanks for your extended reply! FWIW, the Link is 10GbE while the
> Lan is 1GbE.
>
> I had got as far as option 1, (which creates a host route to the other side),
> and another host route to the other ip of the other side.
Actually, if you look there
Simon, many thanks for your extended reply! FWIW, the Link is 10GbE
while the Lan is 1GbE.
I had got as far as option 1, (which creates a host route to the other
side), and another host route to the other ip of the other side.
So in netplan-speak:
enp5s0f0: // PTP link
addresses:
Ruth Ivimey-Cook wrote:
> I want to link two hosts on the same net with a dedicated (fast) link, while
> both have access to other computers on the same net via another interface. I
> have got the routing sorted, but I keep having to delete automatically-added
> network routes (/24 etc) when
On Mon, 13 Sep 2021 15:17:16 +0100
Ruth Ivimey-Cook wrote:
> This isn't a shorewall problem, but I'm hoping for a pointer to help
> :-)
>
> I want to link two hosts on the same net with a dedicated (fast)
> link, while both have access to other computers on the same net via
> another interface.
This isn't a shorewall problem, but I'm hoping for a pointer to help :-)
I want to link two hosts on the same net with a dedicated (fast) link,
while both have access to other computers on the same net via another
interface. I have got the routing sorted, but I keep having to delete
On 5/3/2020 11:16 AM, Nicola Ferrari (#554252) wrote:
Hi list...
I've been using shorewall for several years..
Thank you for your great job.
Now i'm testing a new machine, with ubuntu, in a "two-interface" config.
Everything is working fine..
I'm only getting
WARNING: "You are using the
Hi list...
I've been using shorewall for several years..
Thank you for your great job.
Now i'm testing a new machine, with ubuntu, in a "two-interface" config.
Everything is working fine..
I'm only getting
WARNING: "You are using the deprecated Reject default action. Please see
WARNING:
I have a two-interface shorewall setup.
I also have a dhcp server which gives a small range of ip address to
unknown host, and allow them on the network. The rest are all fixed
addresses assigned according to macs.
I want to isolate ( not being able to see the other users) and put certain
On 01/30/2016 12:22 AM, Iam7of9 Iam7of9 wrote:
> I have a two-interface shorewall setup.
> I also have a dhcp server which gives a small range of ip address to
> unknown host, and allow them on the network. The rest are all fixed
> addresses assigned according to macs.
> I want to isolate ( not
Hi!
On 26/03/2015 18:54, Hill, John wrote:
I set up an SSH auto blacklist as the docs explained.
Using a miodified stock rule in the ?new section
AutoBL(SSH,-,-,-,REJECT,warn)net$FW tcp22,
Also in the ?new section
I have a dnat rule for port
I think I see my dumb mistake:
The event adds the SSH ACCEPT for the src ip?
I don't need a macro in the rules file for the dst of the event.
If I am correct, I would still need a macro for loc?
--John Hill
--
Dive into
On Tuesday 08 April 2014 08.59:04 Tom Eastep wrote:
On 4/7/2014 3:38 AM, Bruno Friedmann wrote:
M, I will never find a small enough hole to hide myself in it!!!
My feeling of missing something evident confirmed, a big thanks Tom.
After fixing the failure, I've tried the
On 4/7/2014 3:38 AM, Bruno Friedmann wrote:
M, I will never find a small enough hole to hide myself in it!!!
My feeling of missing something evident confirmed, a big thanks Tom.
After fixing the failure, I've tried the configuration. But I'm a bit puzzle
by the log I get
I'm seeing
On Friday 04 April 2014 08.44:39 Tom Eastep wrote:
On 4/3/2014 6:00 AM, Bruno Friedmann wrote:
Dear shorewall users, I'm at a point I need a bit of help on the following
configuration
A main host directly connected to internet with one physical interface eth0
use a bridge
I've
On 4/3/2014 6:00 AM, Bruno Friedmann wrote:
Dear shorewall users, I'm at a point I need a bit of help on the following
configuration
A main host directly connected to internet with one physical interface eth0
use a bridge
I've setup libvirtd/qemu-kvm on it with one vhost using br0/vnet0
Dear shorewall users, I'm at a point I need a bit of help on the following
configuration
A main host directly connected to internet with one physical interface eth0 use
a bridge
I've setup libvirtd/qemu-kvm on it with one vhost using br0/vnet0
The vm has also a public ipv4 address (see k*
Tom,
Thank you for you reply. Please accept my apologies for the email format.
Here is my config now, i have MARK_IN_FORWARD_CHAIN=No
LAN=eth0
WAN=eth2
so traffic now goes to the default class which is good however seems
like my marking isn't working because as shown in tcrules, i've mark
On 11/12/2013 7:47 AM, JC Putter wrote:
Tom,
Thank you for you reply. Please accept my apologies for the email format.
Here is my config now, i have MARK_IN_FORWARD_CHAIN=No
LAN=eth0
WAN=eth2
so traffic now goes to the default class which is good however seems
like my marking
attached the shorewall dump.
MARK_IN_FORWARD_CHAIN=No
many thanks
On Tue, Nov 12, 2013 at 6:07 PM, Tom Eastep teas...@shorewall.net wrote:
On 11/12/2013 7:47 AM, JC Putter wrote:
Tom,
Thank you for you reply. Please accept my apologies for the email format.
Here is my config now,
On 11/12/2013 8:24 AM, JC Putter wrote:
attached the shorewall dump.
MARK_IN_FORWARD_CHAIN=No
As I explained in the last email, it is *never* going to work with
MARK_IN_FORWARD_CHAIN=No and FORWARD_CLEAR_MARK=Yes. You must change the
setting of one or the other or you must do your marking
Tom,
Thank you very much! got it working, after re-reading shorewall.conf man
FORWARD_CLEAR_MARK was not set (which if i understand the man
correctly it defaults to YES?) after changing it to No, it seems to
work now!
On Tue, Nov 12, 2013 at 7:10 PM, Tom Eastep teas...@shorewall.net wrote:
On
Tom or anyone
Last question.
i have a tcrule to limit ftp as well now and i am using the ftp helper
however i am not seeing any hits on the rule.
any ideas why? 80 and 443 work 100% now..
see attached
On Tue, Nov 12, 2013 at 7:58 PM, JC Putter jcput...@gmail.com wrote:
Tom,
Thank you very
thanks answered my on question by just using the ftp helper no src or
dst port. now ftp traffic gets marked.
On Wed, Nov 13, 2013 at 1:19 AM, JC Putter jcput...@gmail.com wrote:
Tom or anyone
Last question.
i have a tcrule to limit ftp as well now and i am using the ftp helper
however i
Hi,
anyone that can maybe assist?
Thanks
On Sun, Nov 10, 2013 at 9:39 AM, JC Putter jcput...@gmail.com wrote:
Hi,
i am using shorewall 4.5.21.3 on CentOS 6.4. i have a two interface
firewall, one wan and the another lan.
the firewall is doing masquerading for the lan, i am trying to
On 11/11/2013 4:57 AM, JC Putter wrote:
Hi,
anyone that can maybe assist?
Thanks
On Sun, Nov 10, 2013 at 9:39 AM, JC Putter jcput...@gmail.com
mailto:jcput...@gmail.com wrote:
Hi,
i am using shorewall 4.5.21.3 on CentOS 6.4. i have a two interface
firewall, one wan
Hi,
i am using shorewall 4.5.21.3 on CentOS 6.4. i have a two interface
firewall, one wan and the another lan.
the firewall is doing masquerading for the lan, i am trying to setup some
QoS policies however finding it difficult to work.
Also i need some advise and better explanation, according
Hi
I have two different subnets in two separate geographical locations. Each
subnet needs to be able to connect to each other and route traffic vice versa.
On subnet A (10.5.100.0/24), I have a shorewall firewall with a static IP
breaking out onto the internet. On subnet B (10.5.101.0/24), I
On Wed, Sep 25, 2013 at 03:26:34PM +, Myron Ramdhani wrote:
Hi
I have two different subnets in two separate geographical locations. Each
subnet needs to be able to connect to each other and route traffic vice versa.
On subnet A (10.5.100.0/24), I have a shorewall firewall with a static
Hi to everyone!
I'm stuck with this problem. I have a notebook who connects to a dvr and have a
software client configured to work with no-ip.
When the client is outside the LAN he can connect but when he is on the LAN
(get dhcp ip and work inside shorewall network) he never can connect. Even
On 05/18/2012 09:53 AM, emilianovazq...@gmail.com wrote:
Hi to everyone!
I'm stuck with this problem. I have a notebook who connects to a dvr
and have a software client configured to work with no-ip.
When the client is outside the LAN he can connect but when he is on
the LAN (get dhcp ip
On Fri, May 18, 2012 at 2:10 PM, Tom Eastep teas...@shorewall.net wrote:
On 05/18/2012 09:53 AM, emilianovazq...@gmail.com wrote:
Hi to everyone!
I'm stuck with this problem. I have a notebook who connects to a dvr
and have a software client configured to work with no-ip.
When the
How to put the following rules in shorewall?
iptables -I INPUT -d 172.25.5.192/28 -j ACCEPT
iptables -I OUTPUT -d 172.25.5.192/28 -j ACCEPT
iptables -I FORWARD -d 172.25.5.192/28 -j ACCEPT
iptables -I INPUT -s 172.25.5.192/28 -j ACCEPT
iptables -I OUTPUT -s 172.25.5.192/28 -j ACCEPT
On 12/1/10 10:55 AM, Orlandinei Vujanski wrote:
How to put the following rules in shorewall?
iptables -I INPUT -d 172.25.5.192/28 http://172.25.5.192/28 -j ACCEPT
iptables -I OUTPUT -d 172.25.5.192/28 http://172.25.5.192/28 -j ACCEPT
iptables -I FORWARD -d 172.25.5.192/28
Do not want to remove Shorewall Tom, I want to pass these commands iptables
shorewall, how?
2010/12/1 Tom Eastep teas...@shorewall.net
On 12/1/10 10:55 AM, Orlandinei Vujanski wrote:
How to put the following rules in shorewall?
iptables -I INPUT -d 172.25.5.192/28
On 12/01/2010 11:35 AM, Orlandinei Vujanski wrote:
Do not want to remove Shorewall Tom, I want to pass these commands iptables
shorewall, how?
Please read what I wrote. You cannot pass those commands to Shorewall and
without knowing how you have configured your firewall, I can't tell you
On 12/01/2010 11:45 AM, Tom Eastep wrote:
On 12/01/2010 11:35 AM, Orlandinei Vujanski wrote:
Do not want to remove Shorewall Tom, I want to pass these commands iptables
shorewall, how?
Please read what I wrote. You cannot pass those commands to Shorewall and
without knowing how you have
On 9/16/10 10:22 PM, Lito Kusnadi wrote:
The lsm I got v0.53 compiled as rpm using centos, i can see lsm triggers
the script (/etc/lsm/script) when a link is down. When the link
recovers, lsm doesn't trigger the script.
Even the formula in lsm readme file says it can detect the link is up
On 9/15/10 10:01 PM, Lito Kusnadi wrote:
Hi Tom,
thank you for your reply. sorry for the text wrapping as I'm using web mail.
I have attached the gz format of shorewall dump.
To clarify the objective:
I want to redirect traffic from dmz (eth2) to use AC3 (eth1) link and
redirect traffic
wrote:
From: Tom Eastep teas...@shorewall.net
Subject: Re: [Shorewall-users] help for newbie on shorewall multiple isp
To: shorewall-users@lists.sourceforge.net
Received: Thursday, 16 September, 2010, 2:32 PM
On 9/15/10 10:01 PM, Lito Kusnadi wrote:
Hi Tom,
thank you for your reply. sorry
On 9/16/10 6:45 PM, Lito Kusnadi wrote:
Thanks Tom, I got it working.
Question about link failover, just thinking if the requirement scope
can be expanded :)
Currently, I am telling shorewall to redirect dmz and loc traffic
inside route_rules. And you mentioned that if I am using
.
--- On Fri, 17/9/10, Tom Eastep teas...@shorewall.net wrote:
From: Tom Eastep teas...@shorewall.net
Subject: Re: [Shorewall-users] help for newbie on shorewall multiple isp
To: shorewall-users@lists.sourceforge.net
Received: Friday, 17 September, 2010, 3:00 AM
On 9/16/10 6:45 PM, Lito Kusnadi
On 9/16/10 7:59 PM, Lito Kusnadi wrote:
I tried to use lsm, seems there's issue with the restore when the failed
link is up. Then I got this warning when trying to check shorewall:
WARNING: Interface eth1 is not usable -- Provider AC3 (2) not Added
I am trying to revert everything back to a
On 9/16/10 8:06 PM, Tom Eastep wrote:
On 9/16/10 7:59 PM, Lito Kusnadi wrote:
I tried to use lsm, seems there's issue with the restore when the failed
link is up. Then I got this warning when trying to check shorewall:
WARNING: Interface eth1 is not usable -- Provider AC3 (2) not Added
I am
-users] help for newbie on shorewall multiple isp
To: shorewall-users@lists.sourceforge.net
Received: Friday, 17 September, 2010, 4:19 AM
On 9/16/10 8:06 PM, Tom Eastep wrote:
On 9/16/10 7:59 PM, Lito Kusnadi wrote:
I tried to use lsm, seems there's issue with the restore when the failed
link is up
I have been using shorewall for a number of years, but I haven't really tried
to use packet marking or multiple isp before.
I have a project to build firewall system with 2 isp links. The target is to
set shorewall with 2 isp link, with vrrp for failover to another shorewall box.
However, I
On 9/15/10 5:47 PM, Lito Kusnadi wrote:
I have been using shorewall for a number of years, but I haven't
really tried to use packet marking or multiple isp before.
I have a project to build firewall system with 2 isp links. The
target is to set shorewall with 2 isp link, with vrrp for
Eastep teas...@shorewall.net
Subject: Re: [Shorewall-users] help for newbie on shorewall multiple isp
To: shorewall-users@lists.sourceforge.net
Received: Thursday, 16 September, 2010, 2:26 AM
On 9/15/10 5:47 PM, Lito Kusnadi
wrote:
I have been using shorewall for a number of years, but
I
Hi,
It's my first time writing on the list, for one question:
If isn't the correct site, please tell me and ignore message.
I have multiple shorewall configured across my networks, but i have one
problem with one of them:
First, include an schema:
| |
On 9/14/10 8:05 AM, David López Zajara (Er_Maqui) wrote:
Hi,
It's my first time writing on the list, for one question:
If isn't the correct site, please tell me and ignore message.
I have multiple shorewall configured across my networks, but i have one
problem with one of them:
First,
Well,
My actual running configuration are these:
zones:
PPTPipv4
interfaces:
PPTPppp+
policy:
PPTPall ACCEPT
The hosts file are empty. I doesn't change the ip addresses because these
lines are from shorewall manual, i've tried with them. But on the moment of
Ok, setting the routeback parameter on interfaces are working fine.
My running (and OK) configuration now are:
interfaces:
PPTPppp+- routeback
Thanks for all.
http://maqui.darkbolt.net/
Linux registered user ~#363219
PGP keys avaiables at KeyServ. ID: 0x4233E9F2
On 09/14/2010 09:31 AM, David López Zajara (Er_Maqui) wrote:
Well,
My actual running configuration are these:
zones:
PPTPipv4
interfaces:
PPTPppp+
You need to add the 'routeback' option on this entry. That will eliminate
this problem:
Sep 14 18:28:07 FORWARD:REJECT:IN=ppp0
On 9/6/10 3:16 PM, Ricardo Kleemann wrote:
Hi,
I'm trying to setup accounting, but I want to get it down to a
particular IP behind the firewall.
As an example, I could have a simple smtp accounting rule like this:
smtp:COUNT - eth0eth1tcp 25
Hi,
I'm trying to setup accounting, but I want to get it down to a
particular IP behind the firewall.
As an example, I could have a simple smtp accounting rule like this:
smtp:COUNT - eth0
eth1 tcp 25
smtp:COUNT - eth1
eth0 tcp
On 9/6/10 3:16 PM, Ricardo Kleemann wrote:
Hi,
I'm trying to setup accounting, but I want to get it down to a
particular IP behind the firewall.
As an example, I could have a simple smtp accounting rule like this:
smtp:COUNT - eth0eth1tcp 25
How do in Shorewall?
iptables -t nat -A PREROUTING-d 200.200.10.10 -p tcp - dport 2181 -j DNAT -
to 10.101.71: 2180
iptables -A FORWARD -d 10.101.7.1 -p tcp -dport 2180 - syn -j ACCEPT
Thanks
--
On 04/27/2010 09:34 AM, Orlandinei Vujanski wrote:
How do in Shorewall?
iptables -t nat -A PREROUTING-d 200.200.10.10 -p tcp - dport 2181 -j
DNAT - to 10.101.71: 2180
iptables -A FORWARD -d 10.101.7.1 -p tcp -dport 2180 - syn -j ACCEPT
/etc/shorewall/rules:
DNAT net
Thanks Tom
But my internal equipment only responds on port 2180, how do they respond to
this request?
2010/4/27 Tom Eastep teas...@shorewall.net
On 04/27/2010 09:34 AM, Orlandinei Vujanski wrote:
How do in Shorewall?
iptables -t nat -A PREROUTING-d 200.200.10.10 -p tcp - dport 2181
: Orlandinei Vujanski [mailto:orlandi...@gmail.com]
Gesendet: Dienstag, 27. April 2010 22:59
An: Shorewall Users; teas...@shorewall.net
Betreff: Re: [Shorewall-users] Help - Please
Thanks Tom
But my internal equipment only responds on port 2180, how do they respond to
this request?
2010/4
On 04/27/2010 01:58 PM, Orlandinei Vujanski wrote:
Thanks Tom
But my internal equipment only responds on port 2180, how do they
respond to this request?
The rules file entry that I gave you generates the same DNAT transformation
as your iptables nat table rule. The ACCEPT iptables rule
Stephen Brown wrote:
I didn't even add a static route. I've a similar setup (Netgear
DM111P) and the only thing I've had to do is add a rule to allow the
traffic to that IP address (otherwise it gets blocked by all the
RFC1918 rules). The modem knows that to reach my public IP it has to
I wrote:
They could probably be narrowed down to :
# RFC1918
ACCEPT net:192.168.x.1 $FW udp 67-68
HTTP(ACCEPT)loc net:192.168.x.1
Telnet(ACCEPT) loc net:192.168.x.1
Ping(ACCEPT)loc net:192.168.x.1
Stephen Brown wrote:
I didn't even add a static route. I've a similar setup (Netgear
DM111P) and the only thing I've had to do is add a rule to allow the
traffic to that IP address (otherwise it gets blocked by all the
RFC1918 rules). The modem knows that to reach my public IP it has to
send
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm using 4.4.0, so that would make RFC1918_STRICT deprecated?
I'm just a little confused now on the network settings for the port that
is attached to the DSL modem, it's on eth0.
I currently have this setup in /etc/network/interfaces (I'm running
Stephen Brown wrote:
I'm using 4.4.0, so that would make RFC1918_STRICT deprecated?
I'm just a little confused now on the network settings for the port that
is attached to the DSL modem, it's on eth0.
I currently have this setup in /etc/network/interfaces (I'm running
Debian 5.0 Lenny):
Tom Eastep wrote:
Stephen Brown wrote:
I'm using 4.4.0, so that would make RFC1918_STRICT deprecated?
I'm just a little confused now on the network settings for the port that
is attached to the DSL modem, it's on eth0.
I currently have this setup in /etc/network/interfaces (I'm running
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I didn't even add a static route. I've a similar setup (Netgear
DM111P) and the only thing I've had to do is add a rule to allow the
traffic to that IP address (otherwise it gets blocked by all the
RFC1918 rules). The modem knows that to reach my
I'm running Shorewall 4.4.0 on a two NIC system. eth0 is facing the
internet on a DSL circuit, and eth1 is facing my local LAN.
I setup a virtual interface on eth0:0 as 192.168.2.2 to be able to
access the modem configuration, the modem's address is 192.168.2.1 I'm
able to get to it ok, but I
Stephen Brown wrote:
I'm running Shorewall 4.4.0 on a two NIC system. eth0 is facing the
internet on a DSL circuit, and eth1 is facing my local LAN.
I setup a virtual interface on eth0:0 as 192.168.2.2 to be able to
access the modem configuration, the modem's address is 192.168.2.1 I'm
I can't, hence the reason I setup an aliased interface. My LAN is setup
for 192.168.1.x and the modem is 192.168.2.1, I can't think of any other
way to do it unless I create a static route maybe?
Open to suggestions :)
Thanks,
Stephen
On 12/13/09 8:01 PM, Roberto C. Sanchez wrote:
Stephen
Stephen Brown wrote:
I can't, hence the reason I setup an aliased interface. My LAN is setup
for 192.168.1.x and the modem is 192.168.2.1, I can't think of any other
way to do it unless I create a static route maybe?
Open to suggestions :)
That's what I've done when I had a DSL modem
!!!
Thanks and best regards!
2009-07-19
muiz
发件人: Tom Eastep
发送时间: 2009-07-18 21:51:35
收件人: muiz
抄送: Shorewall Users
主题: Re: [Shorewall-users] Help: internet access and mac problem
muiz wrote:
Dear Tom,
Thanks very much for your help!
I try to ping those IP address, and get
Hi!
Thanks for your really useful reply Ljubomir!
The situation is that I can't try these settings out as I will have an
exact weekend (out of office hours) to try out those and I have to
finish that task in time. So I'm just studying the cases now.
I've learnt that RV082 routers can't
Hello!
I have a network configured the following way:
The VPN1 and VPN2 is able to communicate,
LAN1 and LAN2 can reach the internet.
How should I configure shorewall to enable the communication between
LAN1 and LAN2? I'd need LAN2 to reach all hosts in LAN1 (and LAN1 to
reach LAN2).
Körtvélyesi Péter wrote:
Hello!
I have a network configured the following way:
The VPN1 and VPN2 is able to communicate, LAN1 and LAN2 can reach the
internet.
How should I configure shorewall to enable the communication between
LAN1 and LAN2? I'd need LAN2 to reach all hosts in
Phibee Network Operation Center wrote:
no answer ? he don't have a personn that use TC in shorewall on this
mailing list ?
Yes, but I personally haven't had the time to sit down and collate the
information you're asking for. I run a setup at work where we shape inbound and
outbound traffic
Simon Hobson wrote:
Phibee Network Operation Center wrote:
no answer ? he don't have a personn that use TC in shorewall on this
mailing list ?
Yes, but I personally haven't had the time to sit down and collate the
information you're asking for. I run a setup at work where we shape
Hi
no answer ? he don't have a personn that use TC in shorewall on this
mailing list ?
;=)
Phibee Network Operation Center a écrit :
Hi
anyone can help me to create a TC Rules on my shorewall 3.2.X ?
Shorewall are on my linux gateway (eth0: Net and Eth1:Lan)
I have a link:
eth0
On Mon, 24 Nov 2008 00:52:39 +0100, Manuel Gomez [EMAIL PROTECTED] wrote:
Hi, i would like to use shorewall commands with sudo, but i don't know
how change /etc/sudoers/ for allow it.
What could i change?
Thank you very much, I appreciate your help.
An idea would be to use a frontend like
On Mon, Nov 24, 2008 at 05:47:19PM +0100, Jerome Blion wrote:
On Mon, 24 Nov 2008 00:52:39 +0100, Manuel Gomez [EMAIL PROTECTED] wrote:
Hi, i would like to use shorewall commands with sudo, but i don't know
how change /etc/sudoers/ for allow it.
What could i change?
Thank you very
Hi, i would like to use shorewall commands with sudo, but i don't know
how change /etc/sudoers/ for allow it.
What could i change?
Thank you very much, I appreciate your help.
-
This SF.Net email is sponsored by the Moblin
Hi,
I'm using Shorewall 4.2.1 in a multiple ISP scenario, currently with
2 DSL lines attached as ppp0 and ppp1. I've followed the guide to set
it up and it works, however some questions remain. Please see
http://raq550.dyndns.org/~christian/dump.txt.gz
for configuration details.
(1) How
Christian Aust wrote:
Hi,
I'm using Shorewall 4.2.1 in a multiple ISP scenario, currently with
2 DSL lines attached as ppp0 and ppp1. I've followed the guide to set
it up and it works, however some questions remain. Please see
http://raq550.dyndns.org/~christian/dump.txt.gz
for
Tom Eastep wrote:
Christian Aust wrote:
Hi,
I'm using Shorewall 4.2.1 in a multiple ISP scenario, currently with
2 DSL lines attached as ppp0 and ppp1. I've followed the guide to set
it up and it works, however some questions remain. Please see
Tom Eastep wrote:
(1) How is traffic split between the two lines? Based on what?
Weighted round-robin where the 'weight' is the number following
'balance=' (default 1).
Note also that once a connection is assigned to a line, all traffic
associated with that connection goes over that line.
Hi, i have installed shorewall today and set the default config. But when i
set the policies and i have tried to run Shorewall, doesn't work (in other
words, there isn't connection to internet. Somebody could tell me how
configure the policies?
Thank you.
On Thu, Oct 16, 2008 at 10:53:02PM +0200, Carlos Carrero Gutierrez wrote:
Hi, i have installed shorewall today and set the default config. But when i
set the policies and i have tried to run Shorewall, doesn't work (in other
words, there isn't connection to internet. Somebody could tell me how
Carlos Carrero Gutierrez wrote:
Hi, i have installed shorewall today and set the default config. But
when i set the policies and i have tried to run Shorewall, doesn't work
(in other words, there isn't connection to internet. Somebody could tell
me how configure the policies?
mess-mate wrote:
Martin Leben wrote:
1.a) Install the web and mail software on the 1st machine and move the
associated data from the 2nd machine and get rid of the 2nd machine.
... OR:
1.b) Install shorewall and a second network card in the 2nd machine and get
rid
of the 1st machine.
Martin Leben wrote:
mess-mate wrote:
Hi,
I've a setup as follows (runs marvelous) :
modem (ppp0)
1st machine = proxy/router/shorewall (eth0, eth1, eth2)
2d machine = dmz http-server/lan mail-server (eth0)
switch -lan machines
to save energie and noise i'd like to get all
Hi,
I've a setup as follows (runs marvelous) :
modem (ppp0)
1st machine = proxy/router/shorewall (eth0, eth1, eth2)
2d machine = dmz http-server/lan mail-server (eth0)
switch -lan machines
to save energie and noise i'd like to get all in 1 machine with
shorewall as forewall.
Could
mess-mate wrote:
Hi,
I've a setup as follows (runs marvelous) :
modem (ppp0)
1st machine = proxy/router/shorewall (eth0, eth1, eth2)
2d machine = dmz http-server/lan mail-server (eth0)
switch -lan machines
to save energie and noise i'd like to get all in 1 machine with
Hi,
I'm setting up shorewall (v. 3.4.8) and have established some IPs in the
nat file.
For testing purposes only, I have my main eth0 interface for shorewall
(the net interface) in network 192.168.0. The dmz interface is eth2 in
network 192.168.1.
Here's a snippet of ip addr output:
3: eth0:
Ricardo Kleemann wrote:
Hi,
I'm setting up shorewall (v. 3.4.8) and have established some IPs in the
nat file.
For testing purposes only, I have my main eth0 interface for shorewall
(the net interface) in network 192.168.0. The dmz interface is eth2 in
network 192.168.1.
Here's a snippet of
On Thu, 2008-09-18 at 17:59 -0700, Tom Eastep wrote:
Ricardo Kleemann wrote:
Hi,
I'm setting up shorewall (v. 3.4.8) and have established some IPs in the
nat file.
For testing purposes only, I have my main eth0 interface for shorewall
(the net interface) in network 192.168.0. The
Ricardo Kleemann wrote:
On Thu, 2008-09-18 at 17:59 -0700, Tom Eastep wrote:
Ricardo Kleemann wrote:
I know packets are not being dropped so it's not shorewall that's
blocking. I guess something's just not getting routed properly? If I can
go net - fw and fw - dmz, why is the net - dmz
On Thu, 2008-09-18 at 18:07 -0700, Tom Eastep wrote:
Ricardo Kleemann wrote:
On Thu, 2008-09-18 at 17:59 -0700, Tom Eastep wrote:
Ricardo Kleemann wrote:
I know packets are not being dropped so it's not shorewall that's
blocking. I guess something's just not getting routed properly? If I
1 - 100 of 125 matches
Mail list logo
