search for: adminguru

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

The basic functionality of Shorewall 2.2.2 works fine with the soon-to-be-released SuSE 9.3 (I have an early copy). I''ll be trying it over the weekend with more complex configurations involving IPSEC and OpenVPN. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

There was a lengthy power failure here in Shoreline this morning and my firewall did not come back up when power was restored. The firewall is now up and service to the server has been restored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hi Folks, I just want to announce that I''ll be on vacation and *totally offline* :-) from 4th to 19th of June. If somebody is surprised how it is possible for me to stay away from computers and the Internet for such a long time, this is the answer: http://www.adminguru.org/gallery/Olympos1/108_0837_IMG 8-) So I hope Jerry and maybe somebody else will take over/increase the support during this time. BTW, Jerry: Do you use any IM? Would be nice to be faster in contact with you to coordinate the shorewall-users support better in the future. The last ProxyARP th...

Hello, You will find in attachment the layout of my current physical configuration. For now, the Cable ISP is not used. Since it is a dynamic ISP, my mailserver is rejected and my domain name registers on blacklists like ORDB and al. I want it to be used as a default gateway except for my mail server that would be seen as coming from my "honest" ADSL ISP. Here is

Hello, I am not able to open the webmin web interface on my server. Shorewall is blocking it. How to allow it on the server. Thanks Varun

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

hi all, my linux internet gateway has one fixed public ip and there are several servers on the local net. how to config shorewall such that it can forward a port on the external int. to another port on to a server in local net. Simply speaking, external port http 8000 forward to internal port http 80 I used the DNAT to specify the source port as 8000 and dest port to 80 but it

Hi List, I am new at this and trying to set up shorewall. I was using mnf-en to do it but it was using an old version of shorewall (shorewall-2.0.8-2mdk) and didn''t have the features I wanted. So I''ve installed shorewall-2.4.0-1mdk. Other bits of interest: iproute2-2.6.10-1mdk iptables-1.2.9-8mdk I''m trying to get the providers feature working. show capabilities:

It is with regret that I announce that Shorewall development and support is officially ended. Sean''s post has finally driven it home to me that in the long term, trying to support a project like Shorewall is impossible for a person of my personality and age. Sean -- please believe that this isn''t about you or your post -- your post was just the proverbial straw on this old

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20041014/45aef157/attachment-0001.bin

Hi Tom, hi list. I have an issue in in RC1. The Setup works flawlessly with 3.x and with the shelll compiler of RC1, but with the same setup and the perl compiler my IPSEC traffic gets dropped in net2all chain. Attached is a dump, compiled with perl, including some dropped traffic, e.g. SRC=192.168.66.10 DST=192.168.1.2 Did I overlook something in migration process? Alex

Hi all, has anyone seen such a behaviour?: I delegated successfully my NIC to a domU, but access to it from domU is not possible. Device appears, but access to it via ''ifconfig ethX up'' doesn''t work. Ends up in dmesg output like: tg3: tg3_reset_hw timed out for eth1, firmware will not restart magic=00000000 Delegating my USB controllers e.g. works flawlessly. Full