From: Tom Eastep
>
> I just released 5.1.7.2 which correctly handles your rule.
I've seen the release notice.
Once again, thank you very much, Tom.
Vieri
--
On 09/29/2017 01:57 PM, Tom Eastep wrote:
> On 09/29/2017 01:54 PM, Vieri Di Paola via Shorewall-users wrote:
>>
>>
>> From: Tom Eastep
>>>
>>> It is the *next to the last* rule that is causing the problem.
>>
>>
>> OK, so my problem is that
From: Bill Shirley
> Two observations
Thanks for that, Bill.
I allow DNS queries only from dedicated DNS servers on the LAN.
I don't REDIRECT. Any client misbehaving DNS-wise won't be able to lookup IP
addresses.
Point
Two observations:
1) there are some PC viruses that change the DNS server addresses on the PC
so that they can intercept a lookup and return their own reply. So, when you
go to www.my-bank.com you actually are pointed to a malicious server.
In my rules, I redirect all DNS queries to
On 09/29/2017 01:54 PM, Vieri Di Paola via Shorewall-users wrote:
>
>
> From: Tom Eastep
>>
>> It is the *next to the last* rule that is causing the problem.
>
>
> OK, so my problem is that I wrote the following in my mangle file:
>
>
From: Tom Eastep
>
> It is the *next to the last* rule that is causing the problem.
OK, so my problem is that I wrote the following in my mangle file:
MARK(1-3):P 0.0.0.0/0 0.0.0.0/0 tcp,udp 53
and it translated
Hi Vieri, Here are all of my files (I think) relevant to routing, with any
real addresses changed:
providers:
#NAME NUMBER MARKDUPLICATE INTERFACE GATEWAY OPTIONS COPY
uni01 1 - - usb0192.168.1.1 fallback=50
uni02 2 -
On 09/29/2017 07:35 AM, Vieri Di Paola via Shorewall-users wrote:
>
>
> From: Tom Eastep
>>
>> Remember that MARK is not a terminating target -- so the *last* MARK
>
>> rule to match the packet is the one that assigns the mark.
>
> I was
From: Norman Henderson
>
> MARK(25)10.0.69.2 - tcp smtp
> MARK(25)- 10.0.69.2 tcp smtp
>
> 10.0.69.2 - cem09 128025
Could you please share the
From: Tom Eastep
>
> Remember that MARK is not a terminating target -- so the *last* MARK
> rule to match the packet is the one that assigns the mark.
I was aware of that when I wrote the rules.
My providers file is:
ISP11 1
On 09/27/2017 06:00 AM, Vieri Di Paola via Shorewall-users wrote:
> Hi again,
>
> It seems that I'm getting mixed results. According to the dump I'm posting in
> the link below, shouldn't a host accessing 193.104.0.136 on port 443 go out
> provider marked as 3?
>
> The dump was taken while
Interesting - I may have a similar issue with the following (partial)
mangle file - there is other content in the file but nothing related to
this address:
MARK(25)10.0.69.2 - tcp smtp
MARK(25)- 10.0.69.2 tcp smtp
MARK(80)
Hi again,
It seems that I'm getting mixed results. According to the dump I'm posting in
the link below, shouldn't a host accessing 193.104.0.136 on port 443 go out
provider marked as 3?
The dump was taken while trying to open https site at 193.104.0.136 from
10.215.144.48.
Sorry for the noise, but it doesn't seem to be related to what I put in
mangle's PROTO column.
When I use this address in SOURCE (192.168.210.0/23) traffic is not sent out
provider 4.
Using either 192.168.210.0/24,192.168.211.0/24 or 192.168.210.1-192.168.211.254
does send traffic out
Actually, it's not a netmask issue.
After another test, I noticed that this fails (better yet, it doesn't do what I
want):
MARK(4):P 192.168.210.0/23,192.168.212.0/24 0.0.0.0/0 all
whereas this other is what I want:
MARK(4):P 192.168.210.0/23,192.168.212.0/24 0.0.0.0/0
What's the
15 matches
Mail list logo