search for: eth0_ip

...n my server, I told it not to install a firewall and I disabled SELinux. The server is a SuperMicro 5015P-TR. I set up my own /etc/init.d/firewall with these rules: #!/bin/sh # Firewall script # # Source function library . /etc/init.d/functions RETVAL=0 # Some definitions (Will need to change ETH0_IP to match your configuration) ETH0_IP=38.114.192.86 # See how we were called. case "$1" in start) echo -n "Starting firewall: " /sbin/modprobe ip_conntrack_ftp # Set the default policies to drop all packets /sbin/iptables -P INPUT DROP...

...OutsideIP] LEN=532 TOS=0x00 PREC=0x00 TTL=64 ID=52669 DF PROTO=TCP SPT=80 DPT=54697 WINDOW=61 RES=0x00 ACK PSH FIN URGP=0 Here are my iptables commands for http connections (I have the default policy set to drop): # Allow http connections from the outside world /sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p tcp --sport 1024: --dport http -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p tcp --sport http --dport 1024: -m state --state ESTABLISHED -j ACCEPT Here are some strange things: 1. I have the exact same rules running on two other servers which do no...

...ect. I edited my shorewall/masq file as such: eth0 eth1 12.34.56.78 or should it be? eth0 10.0.0.0/24 12.34.56.78 First, is this all that is necessary to properly start using SNAT? I was unsure whether I should use ADD_SNAT_ALIASES=yes also or instead or not. Second, if I have ETH0_IP=`find_interface_address eth0` in my params file, I can have eth0 eth1 $ETH0_IP in the masq file, correct? The commented help in the params file doesn''t name masq as one of "the other configuration files." Third, using SNAT didn''t seem to make any difference....

...s code: # Flush the rules /usr/sbin/iptables -F # Set the default policies to accept /usr/sbin/iptables -P INPUT ACCEPT /usr/sbin/iptables -P OUTPUT ACCEPT /usr/sbin/iptables -P FORWARD ACCEPT I wrote /usr/local/bin/firewall.start to set the firewall rules. It contains this code: # IP definitions ETH0_IP=a.b.c.d # Load the FTP conntrak module /usr/sbin/modprobe nf_conntrack_ftp # Set the default policies to drop all packets /usr/sbin/iptables -P INPUT DROP /usr/sbin/iptables -P OUTPUT DROP /usr/sbin/iptables -P FORWARD DROP # Flush any existing rules /usr/sbin/iptables -F # Allow loopback traf...

Hi, I''ve to restart shorewall when my dynamic IP was changed from my ISP. Of course i can with a shell script do it automatically, but the question is still there.. why ? mess-mate -- "I understand this is your first dead client," Sabian was saying. The absurdity of the statement made me want to laugh but they don''t call me Deadpan

...tcpflags,routeback lan1 eth1 detect tcpflags,routeback inet2 eth2 detect tcpflags,routeback lan2 eth3 detect tcpflags,routeback masq: # INTERFACE SUBNET ADDRESS eth0 $ETH0_IP 217.100.100.10 eth2 $ETH2_IP 217.132.100.100 eth0 eth1 eth2 eth3 params: ETH0_IP=$(find_first_interface_address eth2) ETH2_IP=$(find_first_interface_address eth0) providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTION...

...N= OUT=eth0 SRC=71.203.146.136 DST=68.87.74.162 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=32769 DPT=53 LEN=50 I set my rules, policy, masq, interfaces, etc according to the basic two-interface firewall howto, and used an FAQ to configure my firewall as follows: /etc/shorewall/params: ETH0_IP=`find_first_interface_address eth0` /etc/shorewall/rules: # # Local Rules SSH/ACCEPT loc $FW Ping/ACCEPT loc $FW # DNS DNS/ACCEPT loc $FW # DHCP SERVER ACCEPT loc net UDP 67 ACCEPT loc net TCP 67 # DHCP CLIENT A...

I have an Athlon/64, 1 GB RAM, 80 GB IDE system and I'm intending to use it for combination workstation/Dev server duties. I've gotten a consistent failure when I try to groupinstall KDE. After grinding through all the deps, it comes up with the below: Install 228 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 331 M Is this ok [y/N]: y

I have an Athlon/64, 1 GB RAM, 80 GB IDE system and I'm intending to use it for combination workstation/Dev server duties. I've gotten a consistent failure when I try to groupinstall KDE. After grinding through all the deps, it comes up with the below: Install 228 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 331 M Is this ok [y/N]: y

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in