search for: demilli

Hi, I have a setup that consist of 2 firewalls connected over dialup and PPP. Each side of the ppp are protected by shorewall. One side of the PPP masquerades everything not addressed to the local network to its eth0 (the net). fw1 <---- ppp (dialup) -----> fw0 <----- NET When making an http request to a site on the Internet from the machine not directly connected to the net (fw1), the

Hello Shorewall users I have a firewall based on RedHat 8.0 and Shorewall. I have 2 interfaces, with 2 ip address on the loc interface, the connection to the internet runs through my company''s network with an ADSL/MPLS line. I need to configure my Shorewall with the possiblity to deny some users'' access to the ''net'' for some subnet. Ex. my son''s

This is a minor release of Shorewall. In this release: 1. A "shorewall try" command has been added. This command attempts to restart Shorewall using an alternate configuration and if that attempt fails, Shorewall is automatically started with the default configuration. This is useful for remote administration where a failed restart of Shorewall can leave you isolated from

Hi, I have a dynamic network (ospf) connecting different locations over frame relay (wan). Each location frame relay access device is actually a linux box running shorewall,zebra with a sangoma card. As a backup I have added to some locations a DSL line which serves as a gateway to the Internet but also over which I have created VPNs to connect those locations using OpenVPN as a backup.

I just added 802.1Q VLAN support to redhat initscripts. And after support was ready, I tried to restart shorewall. Well it blew into pieces. Seems like shorewall can''t handle device names like: eth0.3 very properly. That''s default naming of vlan devices. eth1 is master device and 3 is id of my test vlan. So when I added to interfaces line: home eth0.3 detect seems like

I have a Windows application that I would like to have running on Linux as it is my platform of choice. This application is a proprietary Visual Basic program. It's name is crisscross real-estate. Using the latest codeweavers-wine I was able to install it on a pre-install windows directory layout and the application is behaving very well except that in at one point in the program I get an

Tom, Thanks for your great contribution to the community. Not only should you be proud of your product (best iptables configuration I have seen so far) and of your in-depth networking/routing/firewalling knowledge but most of all of your helpful dedication and kindness to other people which you have shown repeatedly on this list. We are all here indebted to you. Good luck to you and your family

To all, I have a firewall with 3 NICS. eth0 connects to the Internet eth1 connects to a wired lan eth2 connects to a wireless lan In my rules, I would like to create a zone loc which encompassed eth1 and eth2 and create 2 sub-zones: lan for eth1 and wlan for eth2. Because I only want to open what I need on that firewall and because that firewall is also used for different services (I know

--=-97YF284NV6yShaPqFwb/ Content-Type: text/plain Content-Transfer-Encoding: 7bit I have to say Shorewall is the closest in my mind to a perfect iptables firewall generation script. Thanks Tom for a great product. 2 things that could make it even better in my mind: - instead of using service acronym (don''t know how to call it differently) for rules, it would be great to be able to

Hola and thanks for any help in advance I installed mandrake 9 a few days ago and wanted to set up some additional rules to shorewall, bu i failed :) What i want to do is basicly route any incomming udp and tcp packets on port 4665 to a workstation behind the router. router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0) connected to dsl modem and gets a dynamic ip

Does anyone have any information or recommendations for ADSL PCI Cards for Linux boxes? E.g. which ones are supported? How much are they? etc. Dirk -- Please Note: Some Quantum Physics Theories Suggest That When the Consumer Is Not Directly Observing This Product, It May Cease to Exist or Will Exist Only in a Vague and Undetermined State.

Tom, I was upgrading a remote firewall, when upon restart, shorewall found a rule with a wrong zone and decided to not continue and stop itself. The problem now, is I cannot access that firewall over ssh anymore. One suggestion would be to instead of "shorewall stop" to have a basic emergency rule with only ACCEPT:info all all tcp ssh rule instead with DROP all policy. Shorewall could

Although the parameterized samples have allowed people to get a firewall up and running quickly, they have unfortunately set the wrong level of expectation among those who have used them. I am therefore withdrawing support for the samples and I am recommending that they not be used in new Shorewall installations. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \