subject:"Re\: \[Shorewall\-users\] mangle and network mask"

Re: [Shorewall-users] mangle and network mask

2017-09-30 Thread Vieri Di Paola via Shorewall-users



From: Tom Eastep 
>
> I just released 5.1.7.2 which correctly handles your rule.


I've seen the release notice.
Once again, thank you very much, Tom.

Vieri

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-30 Thread Tom Eastep

On 09/29/2017 01:57 PM, Tom Eastep wrote:
> On 09/29/2017 01:54 PM, Vieri Di Paola via Shorewall-users wrote:
>>
>> 
>> From: Tom Eastep 
>>>
>>> It is the *next to the last* rule that is causing the problem.
>>
>>
>> OK, so my problem is that I wrote the following in my mangle file:
>>
>> MARK(1-3):P  0.0.0.0/0   0.0.0.0/0   tcp,udp 53
>>
>> and it translated to:
>>
>> Chain tcpre
>>
>> [...]
>> 7784 6738K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0 
>>statistic mode nth every 3 MARK xset 0x1/0xff
>> 7783 6764K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0 
>>statistic mode nth every 3 packet 1 MARK xset 0x2/0xff
>> 7783 6623K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0 
>>statistic mode nth every 3 packet 2 MARK xset 0x3/0xff
>>
>> I erroneously thought that I could "balance" DNS traffic among the first 3 
>> providers.
>>
>> It can't be done here, right?
> 
> It appears that the entry is not being translated correctly, as it is
> missing the protocols and port. So take it out for now.

I just released 5.1.7.2 which correctly handles your rule.

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-30 Thread Vieri Di Paola via Shorewall-users




From: Bill Shirley 

> Two observations

Thanks for that, Bill.

I allow DNS queries only from dedicated DNS servers on the LAN.
I don't REDIRECT. Any client misbehaving DNS-wise won't be able to lookup IP 
addresses.

Point 2 taken.

Thanks again,

Vieri

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Bill Shirley


Two observations:
1) there are some PC viruses that change the DNS server addresses on the PC
    so that they can intercept a lookup and return their own reply. So, when you
    go to www.my-bank.com you actually are pointed to a malicious server.
    In my rules, I redirect all DNS queries to my own server that is running on 
the
    firewall:
?SECTION NEW
# =
# == Local Restrictions ===
# =
?COMMENT domain
REDIRECT    lan        domain        tcp,udp    domain     # use this server 
for DNS
REDIRECT    dmz        domain        tcp,udp    domain     # use this server 
for DNS
    This way I can insure no query is hijacked.  I implemented these rules when 
we
    found a PC that was getting its lease info (address, gateway, DNS servers, 
etc)
    from our own DHCP, but was using two unknown DNS servers.

2) With multiple ISPs, it is best to do the DNS lookup thru the same provider 
that the
    actual traffic will go.  Many content delivery networks (CDN) will have 
multiple
    servers and the DNS query response will return an answer with the least 
hops.
    I know predicting the actual ISP for traffic may be a difficult task, but 
your efforts
    here would be better that random.

HTH,
Bill

On 9/29/2017 4:54 PM, Vieri Di Paola via Shorewall-users wrote:


From: Tom Eastep 

It is the *next to the last* rule that is causing the problem.


OK, so my problem is that I wrote the following in my mangle file:

MARK(1-3):P 0.0.0.0/0   0.0.0.0/0   tcp,udp 53

and it translated to:

Chain tcpre

[...]
7784 6738K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0
statistic mode nth every 3 MARK xset 0x1/0xff
7783 6764K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0
statistic mode nth every 3 packet 1 MARK xset 0x2/0xff
7783 6623K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0
statistic mode nth every 3 packet 2 MARK xset 0x3/0xff

I erroneously thought that I could "balance" DNS traffic among the first 3 
providers.

It can't be done here, right?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users



--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Tom Eastep

On 09/29/2017 01:54 PM, Vieri Di Paola via Shorewall-users wrote:
> 
> 
> From: Tom Eastep 
>>
>> It is the *next to the last* rule that is causing the problem.
> 
> 
> OK, so my problem is that I wrote the following in my mangle file:
> 
> MARK(1-3):P   0.0.0.0/0   0.0.0.0/0   tcp,udp 53
> 
> and it translated to:
> 
> Chain tcpre
> 
> [...]
> 7784 6738K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0  
>   statistic mode nth every 3 MARK xset 0x1/0xff
> 7783 6764K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0  
>   statistic mode nth every 3 packet 1 MARK xset 0x2/0xff
> 7783 6623K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0  
>   statistic mode nth every 3 packet 2 MARK xset 0x3/0xff
> 
> I erroneously thought that I could "balance" DNS traffic among the first 3 
> providers.
> 
> It can't be done here, right?

It appears that the entry is not being translated correctly, as it is
missing the protocols and port. So take it out for now.

-Tom
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
> 


-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Vieri Di Paola via Shorewall-users



From: Tom Eastep 
>
> It is the *next to the last* rule that is causing the problem.


OK, so my problem is that I wrote the following in my mangle file:

MARK(1-3):P 0.0.0.0/0   0.0.0.0/0   tcp,udp 53

and it translated to:

Chain tcpre

[...]
7784 6738K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0
statistic mode nth every 3 MARK xset 0x1/0xff
7783 6764K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0
statistic mode nth every 3 packet 1 MARK xset 0x2/0xff
7783 6623K MARK   all  --  *  *   0.0.0.0/00.0.0.0/0
statistic mode nth every 3 packet 2 MARK xset 0x3/0xff

I erroneously thought that I could "balance" DNS traffic among the first 3 
providers.

It can't be done here, right?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Norman Henderson

Hi Vieri, Here are all of my files (I think) relevant to routing, with any
real addresses changed:

providers:

#NAME   NUMBER  MARKDUPLICATE   INTERFACE   GATEWAY OPTIONS COPY

uni01   1   -   -   usb0192.168.1.1 fallback=50
uni02   2   -   -   usb1192.168.0.1 fallback=50
tvc01   3   -   -   vlan5   111.222.333.444
track,balance=1,persistent
aot01   4   -   -   ppp0-
track,balance=1,persistent
cem50tun5   -   -   tun110.20.0.145
fallback=150,persistent
cem50   6   -   -   vlan4   10.1.15.1   fallback=100
cem09   7   -   -   tun310.20.0.129 track
:qcem0509tvc  8   -   -   tun610.20.0.149 loose
cem0509uni  9   -   -   tun710.20.0.153 loose

mangle:

#ACTION SOURCE  DESTPROTO   DESTSOURCE
 USERTESTLENGTH  TOS CONNBYTES   HELPER  PROBABILITY
DSCP
#   PORT(S) PORT(S)

MARK(25)10.0.69.2   -   tcp smtp
MARK(25)-   10.0.69.2   tcp smtp
MARK(25)fwall   77.88.99.0/29  tcp smtp
MARK(53)-   -   udp 53
MARK(53)fwall   -   udp 53
MARK(16)10.0.69.20  -   udp
sip,iax,1068,1:12000
MARK(16)-   10.0.69.20  udp
sip,iax,1068,1:12000
MARK(16)10.1.0.0/24 10.20.0.129 udp sip,iax,1:12000
MARK(16)10.20.0.129 10.1.0.0/24 udp sip,iax,1:12000
MARK(16)10.1.0.0/24 77.88.99.82 udp sip,iax,1:12000
MARK(16)77.88.99.82 10.1.0.0/24 udp sip,iax,1:12000
MARK(16)fwall   -   udp sip,iax,1:12000
MARK(16)-   fwall   udp sip,iax,1:12000
MARK(80)10.0.69.2   -   tcp http,https
MARK(80)10.0.69.2   -   udp http,https
MARK(80)10.0.69.20  -   tcp http,https
MARK(80)10.0.69.20  -   udp http,https
MARK(200)   10.1.10.248 -   udp openvpn,5000,5001
MARK(200)   fwall   77.88.99.0/29  udp openvpn,5000,5001
MARK(200)   fwall   222.111.444.0/29udp openvpn,5000,5001
TOS(16) -   -   udp iax
TOS(16) -   -   udp -   iax
TOS(16) -   -   udp sip
TOS(16) -   -   udp -   sip
TOS(16) 10.0.69.20  -   udp -   -   -   16
TOS(16) -   10.0.69.20  udp -   -   -   16
DSCP(EF)-   -   udp iax
DSCP(EF)-   -   udp -   iax
DSCP(EF)-   -   udp sip
DSCP(EF)-   -   udp -   sip
DSCP(EF)10.0.69.20  -   udp -   -   -   16
DSCP(EF)-   10.0.69.20  udp -   -   -   16

rtrules:

#SOURCE DESTPROVIDERPRIORITYMARK
-   10.20.200.0/25  cem09   1000
-   10.20.200.0/24  main1001
-   10.20.0.0/23main1002
-   10.0.68.0/22cem50   1012
-   10.1.8.0/21 cem50   1014
-   192.168.0.0/16  cem50   1018
-   192.168.33.0/24 cem50   1019
   -   10.0.68.0/22cem01maf1022
-   10.1.10.0/24cem01maf1024
10.1.10.40   -   tvc01   1201
10.1.10.65   -   tvc01   1202
10.1.13.93   -   tvc01   1203
10.1.15.20   -   tvc01   1204
10.1.15.21   -   tvc01   1205
10.1.10.40   -   aot01   1211
10.1.10.65   -   aot01   1212
10.1.13.93   -   aot01   1213
10.1.15.20   -   aot01   1214
10.1.15.21   -   aot01   1215

10.1.10.248 -   aot01   1263200
10.1.10.248 -   tvc01   1264200
$FW -   uni01   1271200
$FW -   uni02   1272200
$FW -   aot01   1273200
$FW -   tvc01   1274200

#NH#20170228# Following rule is not catching "all" traffic in a TCP
connection. Therefore...
10.0.69.2   -   cem09   128025
#NH#20170228# for now, directing all 10.0.69.2 packets via tun3.
10.0.69.2   -   cem09   1281

10.0.0.0/8  -   cem09   129016


10.1.0.0/24 -   uni01   21005
10.1.0.0/24 -   uni02   21006

10.1.8.0/21 -   aot01   21901
10.1.8.0/21 -   tvc01   21902
10.1.8.0/21 -   uni01   21903

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Tom Eastep

On 09/29/2017 07:35 AM, Vieri Di Paola via Shorewall-users wrote:
> 
> 
> From: Tom Eastep 
>>
>> Remember that MARK is not a terminating target -- so the *last* MARK
> 
>> rule to match the packet is the one that assigns the mark.
> 
> I was aware of that when I wrote the rules.
> 
> My providers file is:
> 
> ISP1  1   1   -   $IF_ISP1$IF_ISP1_GW 
> track,balance=3,persistent
> ISP2  2   2   -   $IF_ISP2$IF_ISP2_GW 
> track,balance=2,persistent
> ISP3  3   3   -   $IF_ISP3$IF_ISP3_GW 
> track,balance=1,persistent
> ISP4  4   4   -   $IF_ISP4$IF_ISP4_GW 
> track,balance=1,persistent
> 
> 
> ...and the *last* line of my mangle file is:
> 
> MARK(3):P -   193.104.0.136

It is the *next to the last* rule that is causing the problem.

> 
> 
>> Your> statistical MARK rules are overwriting your intended mark values most 
>> of
> 
>> the time. 
> 
> 
> If by "statistical" you mean the marks produced by "balance" in the providers 
> file then am I mistaken to think that the last mangle rule defined overwrites 
> previous marks?
> 
>> You need to populate the TEST column of your route marking> rules to stop 
>> this unintended overwriting of previously assigned marks.
> 
> 
> The TEST column in the mangle file?
> Not quite sure which value to use for a MARK rule on the last line of that 
> file.

Again, it isn't the last rule that is the issue.

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Vieri Di Paola via Shorewall-users



From: Norman Henderson 
>
> MARK(25)10.0.69.2   -   tcp smtp
> MARK(25)-   10.0.69.2   tcp smtp

>

> 10.0.69.2   -   cem09   128025

Could you please share the relevant part of your providers file?

> rtrules 10.0.69.2 - cem09 1281

In my specific example I could very well use policy based routing in rtrules 
without marks.
However, there are other cases where I require to use MARK.

Vieri

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Vieri Di Paola via Shorewall-users



From: Tom Eastep 
>
> Remember that MARK is not a terminating target -- so the *last* MARK

> rule to match the packet is the one that assigns the mark.

I was aware of that when I wrote the rules.

My providers file is:

ISP11   1   -   $IF_ISP1$IF_ISP1_GW 
track,balance=3,persistent
ISP22   2   -   $IF_ISP2$IF_ISP2_GW 
track,balance=2,persistent
ISP33   3   -   $IF_ISP3$IF_ISP3_GW 
track,balance=1,persistent
ISP44   4   -   $IF_ISP4$IF_ISP4_GW 
track,balance=1,persistent


...and the *last* line of my mangle file is:

MARK(3):P   -   193.104.0.136


> Your> statistical MARK rules are overwriting your intended mark values most of

> the time. 


If by "statistical" you mean the marks produced by "balance" in the providers 
file then am I mistaken to think that the last mangle rule defined overwrites 
previous marks?

> You need to populate the TEST column of your route marking> rules to stop 
> this unintended overwriting of previously assigned marks.


The TEST column in the mangle file?
Not quite sure which value to use for a MARK rule on the last line of that file.

Vieri

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-29 Thread Tom Eastep

On 09/27/2017 06:00 AM, Vieri Di Paola via Shorewall-users wrote:
> Hi again,
> 
> It seems that I'm getting mixed results. According to the dump I'm posting in 
> the link below, shouldn't a host accessing 193.104.0.136 on port 443 go out 
> provider marked as 3?
> 
> The dump was taken while trying to open https site at 193.104.0.136 from 
> 10.215.144.48.
> 
> https://drive.google.com/open?id=0B-tpkY1LkI67X0FzWnRMSFRYd1E
> 
> I had mixed results. Sometimes traffic is going out provider 3, and at times 
> it's going out another provider.
> 
> So my previous posts are probably "wrong" in that the netmask has nothing to 
> do with the issue I'm seeing.
> 
> Even if I balance traffic in the providers file, I require traffic to 
> 193.104.0.136 to *always* go out provider 3.
> 

Remember that MARK is not a terminating target -- so the *last* MARK
rule to match the packet is the one that assigns the mark. Your
statistical MARK rules are overwriting your intended mark values most of
the time. You need to populate the TEST column of your route marking
rules to stop this unintended overwriting of previously assigned marks.

-Tom
-- 
Tom Eastep\   Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
  \___



signature.asc
Description: OpenPGP digital signature
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-28 Thread Norman Henderson

Interesting - I may have a similar issue with the following (partial)
mangle file - there is other content in the file but nothing related to
this address:
MARK(25)10.0.69.2   -   tcp smtp
MARK(25)-   10.0.69.2   tcp smtp
MARK(80)10.0.69.2   -   tcp http,https
MARK(80)10.0.69.2   -   udp http,https

Either the mark (25) is not being consistently applied, or the rtrules
entry that depends on it isn't always respecting the mark:
10.0.69.2   -   cem09   128025
The result is that the tcp connection gets sent part on one provider and
part on another which of course doesn't work. When I noticed it I didn't
have time to diagnose properly so I found a bypass (rtrules 10.0.69.2 -
cem09 1281) that doesn't depend on the mark but that isn't a good solution.

If I get time I will do another dump, but maybe your case will lead to a
solution before that :)

- Norm


On Wed, Sep 27, 2017 at 2:00 PM, Vieri Di Paola via Shorewall-users <
shorewall-users@lists.sourceforge.net> wrote:

> Hi again,
>
> It seems that I'm getting mixed results. According to the dump I'm posting
> in the link below, shouldn't a host accessing 193.104.0.136 on port 443 go
> out provider marked as 3?
>
> The dump was taken while trying to open https site at 193.104.0.136 from
> 10.215.144.48.
>
> https://drive.google.com/open?id=0B-tpkY1LkI67X0FzWnRMSFRYd1E
>
> I had mixed results. Sometimes traffic is going out provider 3, and at
> times it's going out another provider.
>
> So my previous posts are probably "wrong" in that the netmask has nothing
> to do with the issue I'm seeing.
>
> Even if I balance traffic in the providers file, I require traffic to
> 193.104.0.136 to *always* go out provider 3.
>
> Regards,
>
> Vieri
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> ___
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-27 Thread Vieri Di Paola via Shorewall-users

Hi again,

It seems that I'm getting mixed results. According to the dump I'm posting in 
the link below, shouldn't a host accessing 193.104.0.136 on port 443 go out 
provider marked as 3?

The dump was taken while trying to open https site at 193.104.0.136 from 
10.215.144.48.

https://drive.google.com/open?id=0B-tpkY1LkI67X0FzWnRMSFRYd1E

I had mixed results. Sometimes traffic is going out provider 3, and at times 
it's going out another provider.

So my previous posts are probably "wrong" in that the netmask has nothing to do 
with the issue I'm seeing.

Even if I balance traffic in the providers file, I require traffic to 
193.104.0.136 to *always* go out provider 3.

Regards,

Vieri

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-27 Thread Vieri Di Paola via Shorewall-users

Sorry for the noise, but it doesn't seem to be related to what I put in 
mangle's PROTO column.

When I use this address in SOURCE (192.168.210.0/23) traffic is not sent out 
provider 4.

Using either 192.168.210.0/24,192.168.211.0/24 or 192.168.210.1-192.168.211.254 
does send traffic out provider 4.

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

2017-09-27 Thread Vieri Di Paola via Shorewall-users

Actually, it's not a netmask issue.

After another test, I noticed that this fails (better yet, it doesn't do what I 
want):

MARK(4):P 192.168.210.0/23,192.168.212.0/24 0.0.0.0/0 all

whereas this other is what I want:

MARK(4):P   192.168.210.0/23,192.168.212.0/24   0.0.0.0/0

What's the difference?

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

Re: [Shorewall-users] mangle and network mask

15 matches

Site Navigation

Mail list logo

Footer information