search for: detectnet

The ''detectnets'' interface option has always been a rather silly feature. For incoming packets, it duplicates the function of the ''routefilter'' option. It provides no value on output since it enforces the same thing that the routing table does. In other words, if you set ''route...

Hi: According to http://www.shorewall.net/Documentation.htm#Interfaces there is one recommendation for internal interface but wireless Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs a recommendation for wired internal interface?(100 win32 clients) I use tcpflags,detectnets thanks

...ect tcpflags,dhcp,routefilter,nosmurfs #WAN wan0 eth0 detect tcpflags,routefilter,nosmurfs wan1 eth1 detect tcpflags,routefilter,nosmurfs wan2 eth2 detect tcpflags,routefilter,nosmurfs wan3 eth3 detect tcpflags,routefilter,nosmurfs dmz eth8 detect # LOCAL loc eth9 detect tcpflags,nosmurfs,detectnets # VLAN v10 vlan10 detect tcpflags,nosmurfs,detectnets v20 vlan20 detect tcpflags,nosmurfs,detectnets v30 vlan30 detect tcpflags,nosmurfs,detectnets v100 vlan100 detect tcpflags,nosmurfs,detectnets masq: eth9 10.10.0.0/24 eth9 10.20.0.0/24 eth9 10.30.0.0/24 eth9 10.100.0.0/24 ppp0 vla...

...pptp - but unsure -> in future should be l2tp/ipsec vpn2 ipsec <--- new entry l2tp ipv4 <--- new entry #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE /etc/shorewall/interfaces net ppp0 detect tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians loc eth0 detect tcpflags,detectnets,nosmurfs dmz eth2 detect tcpflags,detectnets,nosmurfs ovpn tun0 detect tcpflags,detectnets,nosmurfs wlan eth3 detect tcpflags,dhcp,detectnets,nosmurfs vpn1 ppp1 detect tcpflags,detectnets,nosmurfs vmn eth4 detect tcpflags,detectnets,nosmurfs l2tp ppp2 - /etc/shorewall/policy ... # Policies für l2...

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

...osts: #ZONE HOST(S) OPTIONS loc1 eth0:10.0.15.0/24 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE interface: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect tcpflags,routefilter,nosmurfs,norfc1918 loc eth0 detect tcpflags,detectnets,nosmurfs vpn tun0 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE masq: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect tcpflags,routefilter,nosmurfs,norfc1918 loc eth0 detect tcpflags,detectnets,nosmurfs vpn tun0 #LAST L...

...hey are not accessible from hosts on other interfaces nor can traffic from an unmanaged interface be forwarded to hosts on other interfaces. The following interface options are mutually-exclusive with ''unmanaged'': - blacklist - bridge - destonly - detectnets - dhcp - maclist - nets - norfc1918 - nosmurfs - optional - routeback - rpfilter - sfilter - tcpflags - upnp - upnpclient Unmanaged interfaces may not be associated with a zone in either the interfaces or hosts files. The ''lo...

...er,nosmurfs,logmartians,blacklist vpn eth1 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist dmzo eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist vpnre tun0 detect lan eth3 detect tcpflags,detectnets,nosmurfs dmz eth4 And with the following zones: fw firewall net ipv4 # adsl0 to the internet lan ipv4 # our lan 10.161.101.0 dmz ipv4 # internal dmz 10.10.10.0 dmzo ipv4 # adsl2 to the internet vpn ipv4 # adsl1 to the internet to support vpn vpnre ipv4 # tunnel inte...

...-hq:~# cat /etc/shorewall/interfaces################################################################################ZONE INTERFACE BROADCAST OPTIONSlana eth0 detect tcpflags,nosmurfslanb eth1 detect tcpflags,nosmurfsdmz eth2 detectnet eth3 detect tcpflags,dhcp,routefilter,nosmurfs,logmartiansvpn tun0#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE router-hq:~# cat /etc/shorewall/zones################################################################################ZONE TYPE OPTIONS...

...ww.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface option has been removed from Shorewall-perl : /etc/shorewall/interfaces (line 11) Determining Hosts in Zones... Preprocessing Action Files... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /etc/shorewall/policy... C...

...ww.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface option has been removed from Shorewall-perl : /etc/shorewall/interfaces (line 11) Determining Hosts in Zones... Preprocessing Action Files... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Compiling /etc/shorewall/policy... C...

Hello! I have this situation / interfaces: Dsl0 - internet interface Eth0 - local network I have linux box with shorewall 2.2. And on the local network I also have a hardware router. I have connected WAN port with settings of my linux box and then created one more local network behind hardware router. It works fine. I then wanted to use VPN function of this hardware router, so i created

...yone can cast any light on this, or even suggest a troubleshooting approach, I''d be very grateful. interfaces: net eth0 detect tcpflags,routefilter,nosmurfs,logmartians net eth1 detect tcpflags,routefilter,nosmurfs,logmartians loc eth2 detect tcpflags,detectnets,nosmurfs loc ppp+ vpn tun0 masq: eth0 eth2 192.168.2.1 eth1 eth2 192.168.3.1 policy: loc net ACCEPT $FW net ACCEPT $FW loc ACCEPT $FW vpn ACCEPT vpn $FW ACCEPT vpn loc ACCEPT loc vpn ACCEPT net all DROP info net net DROP all all REJECT info providers: ISP1 1 1 mai...

...the same configuration (Internal interface: lan0, external: ppp0). /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - tcpflags,norfc1918,routefilter,nosmurfs,logmartians loc lan0 192.168.1.255 routeback,dhcp,tcpflags,detectnets,nosmurfs #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net ACCEPT $FW net ACCEPT net all DROP...

...39;' x# = xINCLUDE '']'' + echo ''# packets are dropped.'' + read first rest + ''['' x# = xINCLUDE '']'' + echo ''# '' + read first rest + ''['' x# = xINCLUDE '']'' + echo ''# detectnets - Automatically taylors the zone named'' + read first rest + ''['' x# = xINCLUDE '']'' + echo ''# in the ZONE column to include only those'' + read first rest + ''['' x# = xINCLUDE '']'' + echo ''# ho...

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled