search for: all2al

...you can help me with this. i post my log so that you can maby see where the problem is.(i have filtert some ip addresses) /sbin/shorewall show log Shorewall-2.4.0-RC2 Log at St-router - za jun 11 18:35:07 CEST 2005 Counters reset Sat Jun 11 16:00:06 CEST 2005 Jun 11 18:32:47 localhost Shorewall:all2all:REJECT:IN= OUT=eth1 SRC=192.168.X.X DST=192.168.X.X LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=1078 DF PROTO=UDP SPT=67 DPT=68 LEN=308 Jun 11 18:32:57 localhost Shorewall:net2all:DROP:IN=eth0 OUT= SRC=218.25.230.245 DST=84.41.X.X LEN=404 TOS=0x00 PREC=0x00 TTL=109 ID=50929 PROTO=UDP SPT=4288 DPT=1434 LE...

...lo scope link default via 218.101.48.1 dev eth1 [root@HatMannz root]# output of shorewall show log ____________________________ [root@HatMannz root]# shorewall show log Shorewall-2.0.9 Log at HatMannz - Mon Oct 11 23:30:04 NZDT 2004 Counters reset Mon Oct 11 15:27:49 NZDT 2004 Oct 11 23:27:12 all2all:REJECT:IN= OUT=eth0 SRC=192.168.0.1 DST=192.168.0.52 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67 DPT=68 LEN=308 Oct 11 23:27:35 all2all:REJECT:IN= OUT=eth0 SRC=192.168.0.1 DST=192.168.0.100 LEN=328 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=67 DPT=68 LEN=308 Oct 11 23:27:38 all...

Hallo, i have a problem to configure shorewall to enable scanning over the network with sane. The scanner is located at the firewall hosts local interface. Why do i get a "all2all" message and not "loc2loc" Aug 25 14:55:26 router saned[26946]: saned from sane-backends 1.0.11 ready Aug 25 14:55:26 router saned[26946]: check_host: access by remote host: 192.168.0.250 Aug 25 14:55:26 router saned[26946]: init: access by root@192.168.0.250 accepted Aug 25 1...

Hi everybody! I''m very happy with shorewall, seems to safe my computer well, a little bit to well. But i''m sure it''s a mistake of mine: I can''t get edonkey working! They say that edonkey needs the following ports enabled: 4665 udp in / out 3665,4665,7665,8665 udp out 4661,4662,4666 tcp in thats what i wrote in the rules file: ACCEPT fw net

I have defined a Home zone and placed it before the Net zone. Defined a host 192.168.174.242 as a trusted host. Now if I ping from 242 to my fw it works just fine (also tweaked the norfc1918 file). Thing I do not understand is why if I try pinging or FTPing from FW to 242 I hit the all2all reject rule ! I tried reading the rules and from the INPUT chain I see a eth0_in chain which in turn refers to the home2fw chain accepting all protocols with source 242 ... What am I doing wrong ? No hurry for the reply ... please rest a little, it''s Xmas :) Bob PS Here are segment...

Problem: "Firewall" machine cannot get DNS but is allowing DNS through internally. Something changed with the configuration but we''re not sure what. Here is the pertinent info: Shorewall Status Entries Oct 5 09:24:50 all2all:REJECT:IN= OUT=eth2 SRC=192.168.7.55 DST=65.175.131.201 LEN=55 TOS=0x00 PREC=0x00 TTL=64 ID=50982 DF PROTO=UDP SPT=32973 DPT=53 LEN=35 Oct 5 09:24:50 all2all:REJECT:IN= OUT=eth2 SRC=192.168.7.55 DST=65.175.128.181 LEN=55 TOS=0x00 PREC=0x00 TTL=64 ID=50982 DF PROTO=UDP SPT=32973 DPT=53 LEN=35 Oc...

Hi, I am getting occasional rejected packets like so: Jul 31 09:52:03 firewall kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.10.91 DST=132.147.22.6 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=55364 DF PROTO=TCP SPT=1147 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 Jul 31 09:52:46 firewall kernel: Shorewall:all2all:REJECT:IN=eth2 OUT=eth0 SRC=192.168.10.26 DST=10.9.100.30 LEN=48 TOS=0x00 PREC=0x0...

...creating a zone would allow for this to be done cleanly via a line in the policy file. I defined this special subnet as the "sys" zone. To test I''m sending traffic from "sys" to "pubsh". The pkt goes through chain eth1_fwd then goes to dmz2pubsh then goes to all2all where it is rejected by the default all2all reject policy. If the traffic fell out the bottom of dmz2pubsh and returned to eth1_fwd it would be caught by sys2all and be allowed. Is there some reordering I can do to achieve such a result? Hosts: ------ sys eth1:111.111.111.0/24 Zones: ------...

...0 dropped:0 overruns:0 frame:0 TX packets:146963 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:26630540 (25.3 Mb) TX bytes:58594911 (55.8 Mb) Interrupt:12 Base address:0x9400 shorewall drop all: Jan 11 18:36:51 fw Shorewall:all2all:DROP:IN=eth0 OUT= MAC=00:04:76:a2:7f:b1:00:04:76:51:cf:5c:08:00 SRC=193.205.140.9 DST=193.205.140.106 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=59272 DF PROTO=TCP SPT=4294 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0 Jan 11 18:36:54 fw Shorewall:all2all:DROP:IN=eth0 OUT= MAC=00:04:76:a2:7f:b1:00:04:76:...

...29 netmask 255.255.0.0 broadcast 10.1.255.255 (or ip a a 10.1.0.29/16 dev eth0 label eth0:0) The other machine has one NIC with 10.1.0.62/16. When shorewall is disabled I can ping and connect between those two fine, however when shorewall is on every connection or ping is REJECTEed in the "all2all". (please see detailed output below) What I was trying to do is have two zones on eth0 - "modem" and "loc" depending on the subnet (modem is for the tunnel and "loc" is, well, the local zone.) I have read the aliased-interfaces HOWTO, checked the "hosts&q...

My logs show thats: A internal client search my proxy (192.168.0.3) Oct 12 12:40:33 massayo kernel: Shorewall:all2all:REJECT:IN=3Deth1 OUT=3D MAC=3D00:e0:7d:82:0f:fe:00:04:75:99:28:63:08:00 SRC=3D192.168.0.215 DST=3D192.168.0.3 LEN=3D63 TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D25902 PROTO=3DUDP SPT=3D3028 DPT=3D53 LEN=3D43 Why OUT is empty? From: Server (DMZ) Oct 12 12:40:34 massayo kernel: Shorewall:all2all:REJEC...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

...udp -- * eth3 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 32 2688 ACCEPT ah -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 all2all ah -- * eth0 0.0.0.0/0 0.0.0.0/0 58 5768 all2all ah -- * eth1 0.0.0.0/0 0.0.0.0/0 1 40 fw2dmz ah -- * eth2 0.0.0.0/0 0.0.0.0/0 0 0 all2all ah -- * eth3 0.0.0.0...

...lead on this one, since Tom is taking a rest: " I am hosting all servers by myself. I have five static IP addreses with a DSL line. My DSL router from the ISP provider is configured as bridge, so no traffic is filtered. I checked the logs and getting: Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=66.58.99.86 DST=216.35.73.164 LEN=68 TOS=0x00 PREC=0xC0 TTL=255 ID=1508 PROTO=ICMP TYPE=3 CODE=1 [SRC=216.35.73.164 DST=66.58.99.84 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=55762 DF PROTO=TCP SPT=51131 DPT=25 WINDOW=8760 RES=0x00 RST URGP=0 ] Jan 5 23:23:21 gw1 kernel: Shorewa...

...* 0.0.0.0/0 0.0.0.0/0 2 340 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' 2 340 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain all2all (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0...

I''ve got a linux router pushing 600-1000 pppoe connections through it. I''m getting a screen error "Neighbor Table Overflow" after this box has been up for between 1 week and 1 month. When this is happening, routing slows to a crawl if at all. Then dies. I''ve added: # Added to stop "neighbor table overflow" messages in the kernel

In the same test environment that I mentioned in my previous message I set up a caching DNS server. When I ran named I noticed in the message log a whole string of log messages saying that the DNS requests to the root servers had been rejected by the default all2all policy. Presumably this is the policy all all REJECT info that is at the end of the default policy file. I have put in the DNS accept entries in the 2 card quick start guide. ACCEPT loc fw tcp 53 ACCEPT loc fw udp 53 ACCEPT fw net tcp 53 ACCEPT fw net udp 53 Does this mean that the DNS enqu...

If I''m using eth1 as my lan zone on my router box, it needs a static ip... what do I set the gateway option to in /etc/network/interfaces since this computer is actually the gateway for the rest of the lan? Itself? My "net" NIC''s address? Something else? My lan isn''t getting internet access using the default Shorewall config file (edited per