search for: allowrel

...the mailing list and found these 2 threads 1. http://lists.shorewall.net/pipermail/shorewall-users/2003-February/005291.html 2. http://lists.shorewall.net/pipermail/shorewall-users/2002-December/003879.html -------------------- In the 1st link, Tom mentioned "FTP tracking/NAT" and "ALLOWRELATED". I checked what modules are being loaded and found these: ip_conntrack_irc 4400 1 [ip_nat_irc] ip_conntrack_ftp 5424 2 [ip_nat_ftp] ip_conntrack 29920 5 [ipt_MASQUERADE ipt_state ip_nat_irc ip_nat_ftp iptable_nat ip_conntrack_irc ip_conntrack_ftp] In rega...

How do I allow traceroute to reach my server? Pings work fine but traceroute stops at the last hop before my server. If I shut off the firewall it reaches it fine. PING danicar.net (24.222.246.120): 56 data bytes 64 bytes from 24.222.246.120: icmp_seq=0 ttl=237 time=104.0 ms 64 bytes from 24.222.246.120: icmp_seq=1 ttl=237 time=74.9 ms 64 bytes from 24.222.246.120: icmp_seq=2 ttl=237 time=90.6

...ace options. 4. The ''routestopped'' option in the /etc/shorewall/interfaces and /etc/shorewall/hosts files is no longer supported and will generate an error at startup if specified. 5. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer accepted. 6. The ALLOWRELATED variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes. 7. The ''multi'' interface option is no longer supported. Shorewall will generate rules for sending packets back out the same interface that they...

...options. 4. The ''routestopped'' option in the /etc/shorewall/interfaces and /etc/shorewall/hosts files is no longer supported and will generate an error at startup if specified. 5. The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer accepted. 6. The ALLOWRELATED variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes. 7. The ''multi'' interface option is no longer supported. Shorewall will generate rules for sending packets back out the same interface that t...

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

I am running version 3.0.7 of Shorewall on a Debian Sarge system, but when I start Shorewall I get this: /usr/share/shorewall/firewall: line 204: 4: command not found I looked there and found this: # Run ip and if an error occurs, stop the firewall and quit # run_ip() { if ! ip $@ ; then if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"ip

...erface options. 4) The ''routestopped'' option in the /etc/shorewall/interfaces and /etc/shorewall/hosts files is no longer supported and will generate an error at startup if specified. 5) The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer accepted. 6) The ALLOWRELATED variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes. 7) The ''multi'' interface option is no longer supported. Shorewall will generate rules for sending packets back out the same interface that they arri...

...my_mutex_off; exit 2'' 1 2 3 4 5 6 9 + command=start + ''['' 1 -ne 1 '']'' + do_initialize + export LC_ALL=C + LC_ALL=C + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + terminator=startup_error + version= + FW= + SUBSYSLOCK= + STATEDIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + LOGUNCLEAN= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + NAT_BEFORE_RULES= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_D...

...erface options. 5) The ''routestopped'' option in the /etc/shorewall/interfaces and /etc/shorewall/hosts files is no longer supported and will generate an error at startup if specified. 6) The Shorewall 1.2 syntax for DNAT and REDIRECT rules is no longer accepted. 7) The ALLOWRELATED variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with ALLOWRELATED=Yes. 8) The ''multi'' interface option is no longer supported. Shorewall will generate rules for sending packets back out the same interface that they arri...

This is a bug-fix roleup together with changes to the way ICMP is handled= =2E 1) The ''icmp.def'' file is now empty! The rules in that file were required in ipchains firewalls but are not required in Shorewall. Users who have ALLOWRELATED=3DNo in shorewall.conf should see the Upgrade Issues. 2) A ''FORWARDPING'' option has been added to shorewall.conf. The effect of setting this variable to Yes is the same as the effect of adding an ACCEPT rule for ICMP echo-request in /etc/shorewall/icmpdef. Users wh...

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

...loc $FW tcp ssh ACCEPT net $FW tcp ssh,auth ACCEPT $FW net udp ntp #[/etc/shorewall/shorewall.conf]-------------------------------------------- --- FW=fw SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall ALLOWRELATED="yes" MODULESDIR="" LOGRATE="1/minute" LOGBURST="5" LOGUNCLEAN=info LOGFILE="/var/log/messages" NAT_ENABLED="Yes" MANGLE_ENABLED="Yes" IP_FORWARDING="On" ADD_IP_ALIASES="Yes" ADD_SNAT_ALIASES="No&quot...

...loc $FW tcp ssh ACCEPT net $FW tcp ssh,auth ACCEPT $FW net udp ntp #[/etc/shorewall/shorewall.conf]-------------------------------------------- --- FW=fw SUBSYSLOCK=/var/lock/subsys/shorewall STATEDIR=/var/lib/shorewall ALLOWRELATED="yes" MODULESDIR="" LOGRATE="1/minute" LOGBURST="5" LOGUNCLEAN=info LOGFILE="/var/log/messages" NAT_ENABLED="Yes" MANGLE_ENABLED="Yes" IP_FORWARDING="On" ADD_IP_ALIASES="Yes" ADD_SNAT_ALIASES="No&quot...

Hi, Thanks for your reply . I am attaching the files needed by you herewith. The NAT device is called Pronto gateway which has two interfaces , namely eth0 and eth1. ''eth0'' has an ip address of 203.124.152.66 and eth1 has an ip address of 192.168.1.3 . All the client PCs are in 192.168.1.0 network [behind the NAT, the Pronto gateway] and use 192.168.1.3 as the default

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

...start + case "$COMMAND" in + ''['' 1 -ne 1 '']'' + do_initialize + export LC_ALL=C + LC_ALL=C + umask 177 + PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + terminator=startup_error + version= + IPTABLES= + FW= + SUBSYSLOCK= + STATEDIR= + ALLOWRELATED=Yes + LOGRATE= + LOGBURST= + LOGPARMS= + LOGLIMIT= + ADD_IP_ALIASES= + ADD_SNAT_ALIASES= + TC_ENABLED= + BLACKLIST_DISPOSITION= + BLACKLIST_LOGLEVEL= + CLAMPMSS= + ROUTE_FILTER= + LOG_MARTIANS= + DETECT_DNAT_IPADDRS= + MUTEX_TIMEOUT= + NEWNOTSYN= + LOGNEWNOTSYN= + FORWARDPING= + MACLIST_DISPOSI...

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled