Ubuntu Networking :: Shorewall Implemented In Scripts With IP Aliases
Aug 17, 2010
let me show you my config and tell me if its ok
Its pretty simple:
eth2 -> 192.168.1.0
eth2:0 ->192.168.50.0
eth1 and eth0 are the net interfaces, 1 router each to provide wan failover (not implemented here)
Hosts:
loc1 eth2:192.168.1.0/24
loc50 eth2:192.168.50.0/24
Interfaces
net6 eth0 detect
net7 eth1 detect
- eth2 192.168.1.255,192.168.50.255
Masq
eth0 eth2
eth1 eth2
eth2 eth2
Policy
all all ACCEPT info
Rules
SECTION NEW
REJECT loc50 loc1 all
Zones
fw firewall
net6 ipv4
net7 ipv4
loc1 ipv4
loc50 ipv4
Problems / Doubs:
1) Is the hosts file required?
2) I guess I need doing masq from local to each external, and also from local to local even if they share the same interface, hence the eth2 eth2 in the masq file...
3) So is shorewall well implemented in these scripts to handle aliases?
View 2 Replies
ADVERTISEMENT
Apr 1, 2009
I am able to send a mail message to myself from a server without any problem...
But after I have updated /etc/aliases and added the line for all of root's mail to be routed to me....
Added:
root: myemail@company.com
and ran newaliases to implement it....
If I send a mail message to root, it does not get routed to my email...
View 3 Replies
View Related
Apr 5, 2010
I always use Shorewall on my Ubuntu Servers and it works great, one things I have never been able to get right is the TOS.Let say for example I would like:
HTTP traffic (80, but all traffic get routed to 3128 [Squid]) to get highest priority
SMTP (25) second highest
POP (110) third highest
The rest forth
How would I get that right?
View 1 Replies
View Related
Mar 24, 2011
I've got a Ubuntu Server Linux router that I've got 2 internet connections hooked to. One of them is DSL and the other is cable.
What I'd like to do is have everything go through the DSL connection EXCEPT for one desktop, I'd like that system to go through cable for everything.
Here's a diagram of how I've got things set up.
[URL]
I don't have any more expansion slots on the mainboard of my server for another NIC, also I do a lot of file transferring between a laptop and the desktop I want on the cable connection so I don't want that slowing down the rest of my network.
I've got both providers set up in the providers file and I've got everything going through the DSL connection right now. So far everything I've tried has stopped the desktop from connecting out at all.
View 2 Replies
View Related
Nov 15, 2010
I can print very well over a USB cable, however I'm having trouble printing over the Internet (F13). The errors that I get are:
job-printer-state-message Unable to get printer status (Not Implemented!)
job-printer-state-reasons [u'none']
Printer status usually shows up as OK until I actually start to print and then I end up with an error message and nothing prints. This seems to show up with any type of printer connected to the internet.
View 1 Replies
View Related
May 10, 2011
First I will give some background. We have a currently working network that the Previous network Admin assigned an internal IP scheme of 200.1.1.0/24. I have no idea why he would have done such a thing, but it is my job to fix it (and keep our systems up and running). We have a Fedora 10 box on the 200 network that is acting as a router and a firewall (shorewall to be exact).
I added another NIC card (thank you again to all the great people on this forum for helping me get that working) and it is eth2. Assigned it a 10.100.1.A/24 (This is just a variable for the real IP). The other end of the cable that I plugged into that NIC connects to a Cisco Layer 3 switch. I assigned the port that connects to the other end of the cable the IP address of 10.100.1.B/24
Ok, I added the static route of ˜ip route add 10.100.1.0/24 via 10.100.1.A dev eth2' I added loc2 (which is my eth2 adapter) to the /etc/shorewall/zones file. I set eth2 on loc2 in the /etc/shorewall/interfaces file. loc2 eth2 detect I set the lines in the /etc/shorewall/policies file loc loc2 ACCEPT info loc2 loc ACCEPT info I can ping the cisco switch from the linux server itself. From a PC on the original network I can ping the new NIC card in the linux server, but cannot ping the cisco switch, so I figure it has to be either the route or shorewall.
View 13 Replies
View Related
Jun 18, 2010
My system is F13 (upgraded from F11) with all of the latest patches available. I haven't gone through and combined all of the rpmnew configuration files, but none of them seem to address networking.I'm trying to get subinterfaces (secondary IP addresses) to work in Fedora 13. So far, I have been able to configure them on the command line, but not to get them to persist on booting.My base address for the NIC is: A.B.C.254. It is statically assigned.
View 5 Replies
View Related
Nov 10, 2010
Not really a linux specific thing I have gooled the heck out of it and tried nslookup -a and a few other options nothing gets me what I need. The question is I have a machine with several aliases in dns. How do I do a nslookup and display all the aliases for a system.
I am trying to see if something it aliased correctly but i cannot list all the names a system is know by.
I am sure its something simple I am missing with a switch.
View 2 Replies
View Related
Feb 17, 2011
share the implemented "c" program for scanning the available wireless network.
View 2 Replies
View Related
Jul 13, 2009
I have a webserver setup, where i need the server to have multiple eht:0 aliases in order to do some SSL-vhosting and other stuff.
The servers eh0 is set up in /etc/network/interfaces (its an Ubuntu)
And i have added the eth aliases with : ifconfig eth0:1 123.231.213.123 up command.
This works great, i can use the additional IP�s for the SSL-vhosts, and all is good.
My problem now is that while the server itself has 1 IP, (and approx 20 IP on alias interfaces) it uses random (i think) IPs when it is to connect to other servers. E.g the main problem is that if a Vhost on the server sends out an email, the server uses a wrong IP in the headers. Thus making it seem like the email is coming from another IP than then on the Vhost it�s currently residing.
Currently, when the server connects to its smarthost in order to deliver emails, It connects from the IP that is bound to the eth0:0 interface, and not the IP bound to eth0 which is desired.
The question now is how do I sort out the IP�s so that all connections the server makes as a client, will use the first (Eth0) IP ?
And all the extra IP-adresses will only be used as "server addresses" not to make client requests.
View 2 Replies
View Related
Jan 15, 2011
I have a Windows 7 professional x64 pc that intermittently fails to resolve host aliases. The nameserver is a Fedora 11 system running bind 9.6.2-p2. Its cannonical name is trixter.intranet.org, and it serves several web sites, each with a different host alias: hg.intranet.org, svn.intranet.org, bugzilla.intranet.org, etc.
Occasionally, the Windows pc will be unable to find any of the aliased hosts, even when it can find the canonical name. The aliases will be un-resolvable for a period of several minutes, and then, with no intervention, they can be found again. Trixter can always resolve the aliases to itself.
Even stranger, when I use Cygwin from the problematic Windows 7 PC, it CAN resolve the hosts. I can ping hg.intranet.org from a Cygwin shell, but not from a cmd.exe window. Administrator privileges make no difference.
View 1 Replies
View Related
Apr 17, 2010
Ubunto is new to me when I try to play a movie I get the message, "no URI handler implemented for dvd".
View 1 Replies
View Related
Nov 4, 2010
I am trying to understand how the tee command implemented.I need to use tee command in high speed logging application. where stdout and stderr has to be redirected to a file. here i am concerned about the performance. Is tee redirect the data character by character or by buffer?
View 1 Replies
View Related
Aug 5, 2010
I tried defining CLOCK_MONOTONIC_RAW in the include file. The timer does not run correctly.I am looking for a timer that I can count on to get a time delta.In my /usr/include/bits/time.h I have CLOCK_PROCESS_CPUTIME_ID and CLOCK_THREAD_CPUTIME_ID defined. I assume they are not based on the realtime clock (not changed when time is updated. All I really need is a way to determine delta time when running. mili-seconds would be great, 1/100th second is preferred, and 1/10th would be acceptable.
___( Original Post )___________________
"A tick, a tick, my kingdom for a tick."
Please have patience and read on. This is a rather convoluted situation.The company currently does (since 1994) a loop cycle based task execution process. They tasked me to run a particular task at a particular interval. This is where I found the loop process and how much time delta time there can be.I want to implement a time based version. Nothing really drastic, just call the task when the timer says so. I know how I want to do it, they just keep throwing roadblocks in the way.The latest one is "what if someone changes the time ?". I looked on the web and my research seems to indicate that if I use clock_gettime(CLOCK_REALTIME,&ts) that indeed delta time can be messed up if something tinkers with the time.
The other option is to use CLOCK_MONOTONIC_RAW instead of CLOCK_REALTIME. It is indicated that this can not be changed and would be good for this type of application. The problem is I don't know if it is implemented in the version the company distributes, Red Hat Linux Release 7.2 (Enigma). Anyone know anything about this?Again, the company distributes it's product that runs on Red Hat 7.2. They have many units in the field. I read on the web that 1) There is no tick and 2) Red Hat 6 has the CLOCK_MONOTONIC_RAW implemented. Well, I looked at /usr/include/bits/time.h and found CLOCK_REALTIME but not CLOCK_MONOTONIC_RAW.
View 1 Replies
View Related
Mar 9, 2010
How to find whether raid is implemented or not ,without asking Linux Admin.
View 4 Replies
View Related
Apr 17, 2009
From time to time, new characters are added to the unicode standard.For instance, in 2008 a capital sharp s (upper case form of German eszett)was added at position 0x1e9e.What actions need to be taken in order to make the new character part of the various fonts we use on our desktops?
View 1 Replies
View Related
May 11, 2010
Any time I try and restart the Shorewall it takes forever. Sometimes I have to reboot the File Server as its faster.In the shorewall-init.log it seems to stick on the loading modules and goes no further. Anyone come accross this before.I have Ubunut 8.04LTS - everything seemed to be working OK until I installed NFS, NIS, AUTOFS - but I can't be 100% sure.
View 1 Replies
View Related
Aug 22, 2011
I'm curious how file association management is implemented in Linux. Where is the related information stored? How do I modify it (I'm interested in non-KDE-based ways; I know there's a system configuration page for that in KDE)?
View 2 Replies
View Related
Jan 3, 2011
I got Shorewall firewall all Set-up perfect but I'm stuck at 1 last bit. The aim is to let on 2 clients max onto my server. I have the policy setup in webmin as.
Uploaded with ImageShack.us
More than 2 clients can get onto the server. The aim is to have it as a ddos protection allowing 100 clients on and a max burst of 10 clients at a time.
View 3 Replies
View Related
Apr 17, 2011
I posted a previous topic on bridging, and that didn't seem to work, so I went with Shorewall and I'm trying to setup NAT, but I'm struggling very badly. I have the interfaces configured where eth1 is my Local LAN (loc) network, and eth0 connects to my ISP (net). But my problem is that I have no clue how to forward traffic from eth1 to eth0, without using ProxyARP, which routes all traffic to eth1, and doesn't allow traffic out on itself. I've looked at the NAT tutorials, and they don't make sense to me, because I have two interfaces that I want to be able to talk to each other and the internet at the same time. Is there anyone who's good with Shorewall?
View 3 Replies
View Related
Aug 27, 2010
I have searched the web for this answer and i can't find it. I'm using Shorewall for my company firewall and all is working well. But i need to tweak down a few problems that i have. Employees have internet connection over a proxy server (http and https traffic), but some do need to connect to other ports not through proxy but directly. I want to add a exception to the rules. For example i want to allow that a local ip can connect to a predefined ip on the net to a specific port. All my attempts have failed.
View 3 Replies
View Related
Mar 25, 2010
Can RAID be implemented on a single hard disk ? If yes, plz give a link for it.
View 2 Replies
View Related
May 10, 2010
A more comprehensive phrased question since I lost access to the other one.I would ask that the other one be deleted, not this one, as it should not have been migrated in the first place.There are currently two NTFS drivers available for Linux.
The NTFS driver included in the kernel, and the userspace NTFS-3G driver that makes use of FUSE.By all accounts, NTFS-3G works perfectly.My question then, is if the NTFS filesystem has been successfully reverse engineered, why have the kernel NTFS team not implemented the changes in their driver? At the moment it is still marked as experimental, and there is a good chance it will destroy your data.
View 2 Replies
View Related
Mar 3, 2011
The server I'm running runs Debian Etch, Squid and Shorewall. Every 24 hours the server gets a new internet IP so I need to use dyndns to keep the dns pointing to the correct PC.
I have a webserver that is running behind the debian server and am having trouble with it. When I enter the web address, it gets a timeout.
View 3 Replies
View Related
Aug 6, 2010
- I have setup an application in my local subnet 10.1.0.0/16 which broadcast udp packet.
- My application broadcast from machine with 10.1.2.240 and also broadcast from multicast address 225.1.2.3 using port 3035 (it's the correct multicast address right ?)
- I have develop small application to receive the udp packet from the multicast address. It's running OK.
Problems/question :
How can i setup my firewall (using shorewall) so that user from internet can receive the udp packet from multicast ?
Is it possible to listen udp broadcast address behind the firewall (without setting up vpn connection) ?
View 3 Replies
View Related
Sep 9, 2010
How to get logwatch working with shorewall logs. I tried fwlogwatch but could not get that working.
View 1 Replies
View Related
Aug 17, 2010
I am now at my 6th version of my opensuse build and I can't get it to start the graphical login.I am trying my build out on a VirtualBox using the live cd.This is what happens during installation :It will install properly. No error messages at all. I get the (graphical) options screen to select language and screen resolution settings, so far so good.I select the default (top) installation for my opensuse and hit enter.Then I will get the verbose progress and when it's finished, the verbose will ask me for my user name and password.Then I enter those correctly and the verbose will tell me to enjoy.I am then left with a blinking cursor, and don't know what to do next.
This is not what should have happened since in my build I had selected Configuration > Startup > Default runlevel > 5: Graphical loginI can find no reason for this failure since on my Windows system I have tried out several other Linux systems in the same way and never experienced this problem before.During the assembling of my packages I have payed close attention to select all packages required for a graphical login.An other problem is that although I selected the default language for my build to be Dutch, the default language during setup is still English.I hope there is someone who would be kind enough to be prepared to help me out, I am so eager to start trying out my self made OS.
View 1 Replies
View Related
Jun 10, 2011
I installed ubuntu server and got it set up, and im trying to install shorewall as a firewall, but whenever i do sudo apt-get install shorewall i get a package not found error.
View 5 Replies
View Related
Dec 12, 2009
I have just set up shorewall on my router running Arch Linux. The external network is on eth0 and the internal network on eth1.I have set it up for masquerading and that works fine and I can open ports to the firewall. But I'm having trouble with port forwarding to my internal machines.The problem I have is that when port 22350 is forwarded to 192.168.1.3 on my local network, checking the port with nmap from a remote computer gives me:
Code:
PORT STATE SERVICE
22350/tcp closed unknown
[code]....
View 2 Replies
View Related
May 4, 2011
I want to learn about setting up Shorewall, but the website refers to several versions. How do I ascertain which version of Shorewall is on my system?
View 1 Replies
View Related
