Displaying 17 results from an estimated 17 matches for "detectnets".
2007 Sep 21
1
Warning: Support for the 'detectnets' interface option to be removed from Shorewall-perl
The ''detectnets'' interface option has always been a rather silly feature.
For incoming packets, it duplicates the function of the ''routefilter''
option. It provides no value on output since it enforces the same thing that
the routing table does. In other words, if you set ''routef...
2004 Dec 06
1
recomended internal(wired) "interfaces" options??
Hi:
According to http://www.shorewall.net/Documentation.htm#Interfaces
there is  one recommendation for internal interface but wireless
Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs
a recommendation for wired internal interface?(100 win32 clients)
I  use tcpflags,detectnets
thanks
2009 Mar 04
1
MultiWAN & Vlans
...ect tcpflags,dhcp,routefilter,nosmurfs 
#WAN 
wan0 eth0 detect tcpflags,routefilter,nosmurfs 
wan1 eth1 detect tcpflags,routefilter,nosmurfs 
wan2 eth2 detect tcpflags,routefilter,nosmurfs 
wan3 eth3 detect tcpflags,routefilter,nosmurfs 
dmz eth8 detect 
# LOCAL 
loc eth9 detect tcpflags,nosmurfs,detectnets 
# VLAN 
v10 vlan10 detect tcpflags,nosmurfs,detectnets 
v20 vlan20 detect tcpflags,nosmurfs,detectnets 
v30 vlan30 detect tcpflags,nosmurfs,detectnets 
v100 vlan100 detect tcpflags,nosmurfs,detectnets 
masq: 
eth9 10.10.0.0/24 
eth9 10.20.0.0/24 
eth9 10.30.0.0/24 
eth9 10.100.0.0/24 
ppp0 vlan...
2012 Dec 29
10
How could I open Port 1701 for VPN l2tp/ipsec
...pptp - but unsure -> in future should be 
l2tp/ipsec
vpn2 ipsec <--- new entry
l2tp ipv4 <--- new entry
#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE
/etc/shorewall/interfaces
net ppp0 detect tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians
loc eth0 detect tcpflags,detectnets,nosmurfs
dmz eth2 detect tcpflags,detectnets,nosmurfs
ovpn tun0 detect tcpflags,detectnets,nosmurfs
wlan eth3 detect tcpflags,dhcp,detectnets,nosmurfs
vpn1 ppp1 detect tcpflags,detectnets,nosmurfs
vmn eth4 detect tcpflags,detectnets,nosmurfs
l2tp ppp2 -
/etc/shorewall/policy
...
# Policies für l2t...
2006 Dec 19
7
routing problem
hi,
     Please see the following text diagram:
   
  10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet
  I have some problem after added a static route 
  in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is:
   
  10.0.15.0/24 via 192.168.0.5
   
  in 192.168.0.0/24 computers cannot ping or
2006 Aug 01
34
Clients can't through to internet
...osts:
#ZONE HOST(S)     OPTIONS
loc1    eth0:10.0.15.0/24
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE
  
interface:
#ZONE INTERFACE BROADCAST OPTIONS
net     eth1            detect          tcpflags,routefilter,nosmurfs,norfc1918
loc     eth0            detect          tcpflags,detectnets,nosmurfs
vpn     tun0
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
  
masq:
#ZONE INTERFACE BROADCAST OPTIONS
net     eth1            detect          tcpflags,routefilter,nosmurfs,norfc1918
loc     eth0            detect          tcpflags,detectnets,nosmurfs
vpn     tun0
#LAST LI...
2013 Jun 10
0
Shorewall 4.5.18 Beta 2
...hey are not accessible from hosts on
    other interfaces nor can traffic from an unmanaged interface be
    forwarded to hosts on other interfaces.
    The following interface options are mutually-exclusive with
    ''unmanaged'':
    - blacklist
    - bridge
    - destonly
    - detectnets
    - dhcp
    - maclist
    - nets
    - norfc1918
    - nosmurfs
    - optional
    - routeback
    - rpfilter
    - sfilter
    - tcpflags
    - upnp
    - upnpclient
    Unmanaged interfaces may not be associated with a zone in either
    the interfaces or hosts files.
    The ''lo...
2006 May 16
1
Traffic Routing/Shaping Problem
...er,nosmurfs,logmartians,blacklist
vpn     eth1            detect
tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist
dmzo    eth2            detect
tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist
vpnre   tun0            detect
lan     eth3            detect          tcpflags,detectnets,nosmurfs
dmz     eth4
And with the following zones:
fw      firewall
net     ipv4	# adsl0 to the internet
lan     ipv4	# our lan 10.161.101.0
dmz     ipv4	# internal dmz 10.10.10.0
dmzo    ipv4	# adsl2 to the internet
vpn     ipv4	# adsl1 to the internet to support vpn
vpnre   ipv4	# tunnel inter...
2008 Mar 26
8
Hub/Spoke OpenVPN can't communicate from Client A to Client B - FORWARD:REJECT:IN=tun0 OUT=tun0
Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go:
 
clienta ->  vpn -> shorewall/router -> vpn ->
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
...ww.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall : 
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
   WARNING: Support for the detectnets interface option has been removed from Shorewall-perl : /etc/shorewall/interfaces (line 11)
Determining Hosts in Zones...
Preprocessing Action Files...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Co...
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
...ww.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall : 
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
   WARNING: Support for the detectnets interface option has been removed from Shorewall-perl : /etc/shorewall/interfaces (line 11)
Determining Hosts in Zones...
Preprocessing Action Files...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Compiling /etc/shorewall/policy...
Co...
2008 Jan 17
16
Local network rejecting traffic
Hello!
 
I have this situation / interfaces:
Dsl0 - internet interface
Eth0 - local network
 
I have linux box with shorewall 2.2. And on the local network I also have a
hardware router. I have connected WAN port with settings of my linux box and
then created one more local network behind hardware router. It works fine.
I then wanted to use VPN function of this hardware router, so i created
2006 Aug 23
5
OpenVPN and multiple ISPs
...yone can cast any light on this, or even suggest a troubleshooting
approach, I''d be very grateful.
interfaces:
net     eth0  detect          tcpflags,routefilter,nosmurfs,logmartians
net     eth1  detect          tcpflags,routefilter,nosmurfs,logmartians
loc	eth2  detect          tcpflags,detectnets,nosmurfs
loc	ppp+
vpn	tun0
masq:
eth0			eth2		192.168.2.1
eth1			eth2		192.168.3.1
policy:
loc		net		ACCEPT
$FW		net		ACCEPT
$FW		loc		ACCEPT
$FW		vpn		ACCEPT
vpn		$FW		ACCEPT
vpn		loc		ACCEPT
loc		vpn		ACCEPT
net		all		DROP		info
net		net		DROP
all		all		REJECT		info
providers:
ISP1  1  1  main...
2006 Apr 04
14
Problem with masquerading and bridges
...the same
configuration (Internal interface: lan0, external: ppp0).
/etc/shorewall/interfaces:
#ZONE   INTERFACE       BROADCAST       OPTIONS
net     ppp0            -              
tcpflags,norfc1918,routefilter,nosmurfs,logmartians
loc     lan0            192.168.1.255  
routeback,dhcp,tcpflags,detectnets,nosmurfs
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
/etc/shorewall/policy:
#SOURCE         DEST            POLICY          LOG LEVEL       LIMIT:BURST
loc             net             ACCEPT
$FW             net             ACCEPT
net             all             DROP...
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
...39;' x# = xINCLUDE '']''
+ echo ''# packets are dropped.''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# ''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# detectnets   - Automatically taylors the zone named''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# in the ZONE column to include only those''
+ read first rest
+ ''['' x# = xINCLUDE '']''
+ echo ''# hos...
2007 Aug 15
28
traffic shaping
I try use setup traffic shaping with Shorewall-4.0.2 and have fault.
When i start Shorewall with tc-files configured i get follow messages:
...
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
    ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 
50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid 
:1" Failed
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed 
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled