Hello all,
I've been spending the last few days setting up a Shorewall-based firewall
for our new
data center - this takes the place of a CheckPoint firewall that was nothing
but headache
after headache after network outage after headache.
Anyway, everything is going very well. Still tweaking the traffic shaping to
get it to where
we need, and there will likely be a question or 40 about that later, but for
now just two
questions:
Any time we make changes to the firewall configurations and issue a
shorewall
safe-restart command, all of our phone calls (we are using an Asterisk
server behind our
firewall) get dropped. I suspect that this is because the DNAT rules are
getting wiped by
Shorewall just before it puts them back in; not normally a problem for
stateful TCP
connections, but UDP datagrams apparently get lost. (This is all speculation
- I lack the
networking knowledge to verify the "why".) Is there a way we can prevent
this from
happening? It would be nice to be able to make changes to the configuration
without
automatically terminating every in-progress phone call.
The second question should be a really simple answer: When creating
accounting rules,
are these strictly first-matched like in the general rules file, or can
multiple accounting
rules be used to capture the same streams? Specifically, I want separate
accounting
chains for web, SVN, VOIP, etc. traffic, but I also want a single chain to
capture all
traffic and give us overall totals; is this possible?
Thanks in advance for any help you can provide.
-Travis
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
