search for: dmz2net

...89 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6000 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 31 2719 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0...

...wnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 11 1181 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 1 40 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0...

...h that priciple in mind, resetting the counters at intervals of 1 or 2 hours, I''m thinking of writing a perl data collection script that would parse the output of iptables and store data into an sql database with a timestamp and reset the counters for the in and out chains of the firewall (dmz2net loc2net net2loc net2dmz for example) After that, it''s just a question of querying collected data from the sql database using built-in stat functions. I''m assuming that the byte counters are correct, is there something I''m missing? This would be a great add-on to shorewa...

...ll2fw (5 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT udp -- * * 0.0.0.0/0 !192.168.0.0/22 mu...

...* 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:26 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 1 78 dmz2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 202K 215M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 10 635 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02...

.../0 udp dpt:53 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 81,10000 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dropBcast (2 reference...

...* 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:26 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 1 78 dmz2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 202K 215M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 10 635 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02...

net dmz:192.168.0.1 tcp 80 I forgot to mention that this should be put to rules file, sorry. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. Februar 2010 17:37 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] Suddenly DMZ can''t access to internet No. For

Hi My situation: I have two pc''s with public ip''s (192.159.56.206(webserver) and 84.196.123.65(mail-gateway)) in the dmz. The firewall (84.196.123.66) is configures with proxyarp, so nothing is changed on the pc''s from when they were not behind the firewall (i.e. they don''t have the firewall as gateway (and they each have different gateways, only 84.196.123.65

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

...0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 21 1384 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dro...

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

...destination 2818 676K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 AllowPing all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 all2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 780 108K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 38 2286 AllowPing all -- * * 0.0.0.0/0 0.0.0.0/0 38...

...CCEPT tcp -- * * 192.168.2.1 192.168.1.1 state NEW tcp dpt:22 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp spt:20 0 0 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 140 14286 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0...

...ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmz2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer