WAN external interface 192.0.0.0 network
|
WAN internal interface 192.0.3.0 network
|
192.0.3.0 LAN
|
wireless router 192.0.3.1
|
DSL modem 192.0.3.2
The problem I am having is that some traffic from the 192.0.3.0 LAN seems to be "leaking" onto the 192.0.0.0 WAN. I noticed this when I installed a NAS on the network. I mapped a drive on a pc to a NAS share. When the backup program starts running, the frame WAN (192.0.0.0) starts dropping packets and the ping times go ridiculous high. When I stop the backup, the WAN traffic and ping times normalize again...
I have a static route in the DSL modem that points 192.0.3.0 to 192.0.0.0 because I need SOME traffic to go over the WAN (a windows shared printer). The rest of the time the frame WAN is only used for some serial printers that our Unix server talks to over the WAN (192.0.0.0).
I have a VPN in place now, so I do not need the 192.0.3.0 traffic to go over the WAN at all now. However, when I remove the static route from the DSL modem my serial printers stop receiving jobs from our Unix server on the other side of the WAN??? Why do my serial printers need the 192.0.3.0 network to talk? Aren't they separate from the LAN? They don't even have network cards for christ sake.
Hi All
Would someone help me to find the detailed report on memory leak.
any commands to get detailed report for OS level and applications
As we are using REDHAT LINUX 5.9
Thanks
Murali Muppa (2 Replies)
I have a local network on dev eth0
Server has static IP of 10.0.0.1
Gateway is 10.0.0.1
and Dns is 10.0.0.1
I am using this network for imaging 500 plus computer...
Now, Issue that I am having is that I need to update packages and I dont want to change the configuration on eth0 because I... (0 Replies)
Hi,
I would like to ask some networking solution regarding my work LAN and 3G usb network problem. I want to route my internet traffic to the 3G network and sometimes connect to some of my work network for ssh to configure some workstation or print something. Currently my problem is i can't... (0 Replies)
Hi,
We have a website running on a local centos 5.4 surfer, static IP.
The domain.com uses no-ip.com to take care of the DNS, it forwards all to my server.
My router receives the port 80 call, routes it to my server and the world can see domain.com perfectly fine.
However, we cannot see... (3 Replies)
I have installed WAMPSERVER 2.0 on my windows vista x64 system but still am having issues with getting the webserver to be seen outside my local network. It is working fine within my local network.
Been through several setup tutorials so far, no dice still.
For testing purposes I have... (1 Reply)
Hello. I am not sure where to post this and would appreciate any moderator help in moving this to the area where it is most applicable. Thank you.
I've posted these questions in a couple different forums, but have not received any answers about what I am doing wrong. I would appreciate any... (3 Replies)
I just need to know the important concepts. I tried searching on the internet for information about this but got bombarded with too many un-neccessary details I find confusing and helpless.
I just need to know WAN and LAN concerning how to monitor them and fix or (troubleshoot) basic problems (3 Replies)
SHOREWALL-EXCLUSION(5) [FIXME: manual] SHOREWALL-EXCLUSION(5)NAME
exclusion - Exclude a set of hosts from a definition in a shorewall configuration file.
SYNOPSIS
!address-or-range[,address-or-range]...
!zone-name[,zone-name]...
DESCRIPTION
The first form of exclusion is used when you wish to exclude one or more addresses from a definition. An exclaimation point is followed by
a comma-separated list of addresses. The addresses may be single host addresses (e.g., 192.168.1.4) or they may be network addresses in
CIDR format (e.g., 192.168.1.0/24). If your kernel and iptables include iprange support, you may also specify ranges of ip addresses of the
form lowaddress-highaddress
No embedded whitespace is allowed.
Exclusion can appear after a list of addresses and/or address ranges. In that case, the final list of address is formed by taking the first
list and then removing the addresses defined in the exclusion.
Beginning in Shorewall 4.4.13, the second form of exclusion is allowed after all and any in the SOURCE and DEST columns of
/etc/shorewall/rules. It allows you to omit arbitrary zones from the list generated by those key words.
Warning
If you omit a sub-zone and there is an explicit or explicit CONTINUE policy, a connection to/from that zone can still be matched by the
rule generated for a parent zone.
For example:
/etc/shorewall/zones:
#ZONE TYPE
z1 ip
z2:z1 ip
...
/etc/shorewall/policy:
#SOURCE DEST POLICY
z1 net CONTINUE
z2 net REJECT
/etc/shorewall/rules:
#ACTION SOURCE DEST PROTO DEST
# PORT(S)
ACCEPT all!z2 net tcp 22
In this case, SSH connections from z2 to net will be accepted by the generated z1 to net ACCEPT rule.
In most contexts, ipset names can be used as an address-or-range. Beginning with Shorewall 4.4.14, ipset lists enclosed in +[...] may also
be included (see shorewall-ipsets[1] (5)). The semantics of these lists when used in an exclusion are as follows:
o !+[set1,set2,...setN] produces a packet match if the packet does not match at least one of the sets. In other words, it is like NOT
match set1 OR NOT match set2 ... OR NOT match setN.
o +[!set1,!set2,...!setN] produces a packet match if the packet does not match any of the sets. In other words, it is like NOT match set1
AND NOT match set2 ... AND NOT match setN.
EXAMPLES
Example 1 - All IPv4 addresses except 192.168.3.4
!192.168.3.4
Example 2 - All IPv4 addresses except the network 192.168.1.0/24 and the host 10.2.3.4
!192.168.1.0/24,10.1.3.4
Example 3 - All IPv4 addresses except the range 192.168.1.3-192.168.1.12 and the network 10.0.0.0/8
!192.168.1.3-192.168.1.12,10.0.0.0/8
Example 4 - The network 192.168.1.0/24 except hosts 192.168.1.3 and 192.168.1.9
192.168.1.0/24!192.168.1.3,192.168.1.9
Example 5 - All parent zones except loc
any!loc
FILES
/etc/shorewall/hosts
/etc/shorewall/masq
/etc/shorewall/rules
/etc/shorewall/tcrules
SEE ALSO shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)NOTES
1. shorewall-ipsets
http://www.shorewall.net/manpages/shorewall-ipsets.html
[FIXME: source] 06/28/2012 SHOREWALL-EXCLUSION(5)