Displaying 20 results from an estimated 34 matches for "eth1_fwd".
Did you mean:
eth0_fwd
2006 Aug 04
4
policy ordering when mixing interface zones and host defined zones
...all zones on this firewall.
It seemed that creating a zone would allow for this to be done cleanly via
a line in the policy file. I defined this special subnet as the "sys" zone.
To test I''m sending traffic from "sys" to "pubsh".
The pkt goes through chain eth1_fwd then goes to
dmz2pubsh then goes to all2all where it is rejected
by the default all2all reject policy.
If the traffic fell out the bottom of dmz2pubsh and returned to eth1_fwd
it would be caught by sys2all and be allowed. Is there some reordering
I can do to achieve such a result?
Hosts:
------
s...
2006 Jun 15
1
What happened to my shorewall? I can no longer reach apache
...t change anything. So here is what I have done, I ran tcpdump to
make sure packets are reaching server which they are. There is no
shorewall items in logfile to show block. I then did shorewall dump, which
shows the iptables counts. The thing that looks funny is the packets are
going to net2loc and eth1_fwd, instead of net2fw and eth1_in. Attached is
my shorewall dump.
Thanks,
Brian
2007 Mar 14
6
ipp2p problems
...39;m v1.3.1).
Only one line, again.
root@servidor:/usr/src/ipp2p-0.8.0# iptables -L FORWARD
Chain FORWARD (policy DROP)
target prot opt source destination
DROP !icmp -- anywhere anywhere state INVALID
eth0_fwd all -- anywhere anywhere
eth1_fwd all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
5/min burst 2 LOG level info prefix `Shorewall:FORWARD:REJECT:''
reject all -- anywhere anywhere
I don'&...
2006 Aug 28
0
[Bug 507] New: tun99 don't trapped by tun+
...prot opt in out source destination
677K 448M eth0_fwd all -- eth0 any anywhere anywhere
417K 452M tun_fwd all -- tun+ any anywhere anywhere
294 34569 tun99_fwd all -- tun99 any anywhere anywhere
1600 696K eth1_fwd all -- eth1 any anywhere anywhere
244K 67M eth3_fwd all -- eth3 any anywhere anywhere
0 0 Reject all -- any any anywhere anywhere
0 0 LOG all -- any any anywhere anywhere
L...
2003 Feb 25
0
Shorewall Setup.
...-- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 2 packets, 96 bytes)
pkts bytes target prot opt in out source destination
260 201K eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
297 43893 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 tunl_fwd all -- tunl+ * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0...
2005 May 25
5
State rules placement
Hi all,
I have seen Shorewall places the state verification rules (-m state
--state ESTABLISHED,RELATED) as the first rule in a zone2zone chain.
This means that state checking is done after all the rules involving
from this zone to this zone. As you could have a lot of them, wont be
better to place them just after checking the state is not invalid? This
will mean a lot of packages will be
2003 Feb 27
3
Unknown commments in shorewall status.
...l -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
14786 14M eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
11823 1055K eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 tunl_fwd all -- tunl+ * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0...
2005 Feb 28
1
Mail server on DMZ
...0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 20 packets, 960 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
302K 170M eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
1095K 409M eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
752K 360M eth2_fwd all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
0 0...
2004 Aug 05
9
Not able to access website
...ain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
34 15323 eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
56 13757 eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 eth2_fwd all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 l...
2005 Mar 07
10
DNS Name problem with mail server on LAN
...0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 20 packets, 960 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
302K 170M eth1_fwd all -- eth1 * 0.0.0.0/0
0.0.0.0/0
1095K 409M eth0_fwd all -- eth0 * 0.0.0.0/0
0.0.0.0/0
752K 360M eth2_fwd all -- eth2 * 0.0.0.0/0
0.0.0.0/0
0 0 Drop all -- * * 0.0.0.0/0
0.0.0.0/0
0 0...
2003 Feb 22
4
Shorewall with ProxyARP
...l -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
414 26802 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'...
2003 Sep 30
4
macaddress blacklist problem
...mcbafw shorewall]# grep ''blacklst'' /tmp/iptables.save
:blacklst - [0:0]
[0:0] -A blacklst -m mac --mac-source 00:04:E2:83:7C:75 -j LOG
--log-prefix "Shorewall:blacklst:DROP:" --log-level 7
[0:0] -A blacklst -m mac --mac-source 00:04:E2:83:7C:75 -j DROP
[1260:97713] -A eth1_fwd -j blacklst
[1086:255521] -A eth1_in -j blacklst
the blacklst rull has not bee triggered but the log entries continue :(
I thought I had a handle on this stuff but I guess that is what I get
for thinking. There is obviously something I am missing here but I am
stumped
ohyeah,
[root@fumcbafw...
2004 Oct 25
4
enquiry on shorewall functions
hi all,
shorewall claim that support stateful connection. But I read the
document, I can''t found any configuration on it like in iptables e.g.
-m -state NEW, ESTABLISHED
something like like.
Is shorewall by default is staeful connection for any connectione.g. web, http
2004 Dec 28
5
Multiple IP´s in one Zone
Hi everybody
I have a Problem with Masquerading from my local net (loc) to my VPN (loc2).
I can reach every Service from loc2 in loc, but I can''t get reach any
service from loc in loc2.
Has somebody an Idea where my mistake is ?
Without shorewall, it was working.
Thanks for helping
Lars
Technical Information :
Shorewall 2.0.13
Suse 9.0
*177.177.77.X The first 3 Counts are changed
2006 Jan 28
3
Shorewall/Xen setup (correct from-address this time)
.../0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 xenbr0_fwd all -- xenbr0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:''
0 0...
2004 Nov 29
2
SFTP
...0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
618 85948 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
795 96621 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'...
2003 Aug 26
1
ADSL router, two nics, web server not visible from internet
...0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'...
2005 Jan 08
8
Shorewall problem, perhaps with PPPoE
...* 0.0.0.0/0 0.0.0.0/0
state INVALID
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x02 TCPMSS clamp to PMTU
26 1688 ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
4 170 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
24 1592 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0....
2005 May 31
2
Local machine not through firewall
...0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
12 576 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS
clamp to PMTU
0 0 ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0
12 576 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix
`Shorewall:FORWARD:REJECT:''
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in o...
2004 Aug 27
3
Proxy Arp Ip Conflicts
...DROP 1 packets, 76 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
42 2332 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
21 1384 eth1_fwd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
6 384 eth2_fwd all -- eth2 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0...