search for: eth2_in

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@cora.nwra.com Boulder, CO 80301...

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everybody, this is my first post here, i''ve just syubscribed and i woud like to ask a question. i''m running shorewall latest version with mrtg and rrdtool, with the perl shorewall-stats.pl for reporting. the problem is that the pearl gets the stats by the shorewall show command and it''s human readeable bytes form, so

...* 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 299K 333M eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 490K 69M eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 12739 5222K eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:'' 0 0 DROP all...

...* 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 65 8740 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 1747 1175K eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'' 0 0 reject all...

...* 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 299K 333M eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 490K 69M eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 12739 5222K eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:'' 0 0 DROP all...

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

...0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 27 1831 ppp0_in all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 1 236 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 137 10528 eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:&...

...0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 988 75519 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 4 968 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 235 21620 eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'' 0 0...

...* 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 160 14446 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 189 26286 eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 eth3_in all -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flag...

...* 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 103K 25M eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 5449 631K eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 10372 1277K eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in o...

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

Hi Tom, After two weeks of nightmares I decided ask You (and anyone reading this mail). Context is as follows: I try to update system on my central router from kernel 2.6.29.6 and Shorewall 4.2.6 (old) to kernel 2.6.31.6 and Shorewall 4.4.4.2 (new). This is LiveCD image boot (Devil-Linux distribution compiled by me), so config is this same. I have established ten OpenVPN tunnels and two

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

.../0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 239 57749 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 69020 5750K eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 121 19329 eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 8 packets, 924 bytes) pkts bytes target prot o...

...destination 32 2688 ACCEPT ah -- lo * 0.0.0.0/0 0.0.0.0/0 22 3068 eth0_in ah -- eth0 * 0.0.0.0/0 0.0.0.0/0 105 8004 eth1_in ah -- eth1 * 0.0.0.0/0 0.0.0.0/0 1 230 eth2_in ah -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 eth3_in ah -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG ah -- * * 0.0.0.0/...

...0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 42 3730 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 533 142K br0_in all -- br0 * 0.0.0.0/0 0.0.0.0/0 0 0 eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:DROP:...

...0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0 24 1920 eth1_in all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 eth2_in all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'...

Hi, I get frequent logfile entries from Shorewall similar to the following: Nov 25 11:22:51 10.0.0.248 kernel: Shorewall:net2mill:DROP:IN=eth2 OUT=eth0 SRC=202.96.117.50 DST=10.0.0.10 LEN=56 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=10.0.0.10 DST=202.101.167.133 LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=13591 DF PROTO=TCP INCOMPLETE [8 bytes] ] Could someone explain what the

...39;' -n Yes '']'' + ''['' -f /tmp/shorewall.nm8830/iprange '']'' + /sbin/iptables -A eth2_fwd -m state --state NEW,INVALID -j dynamic ++ input_chain eth2 +++ chain_base eth2 +++ local c=eth2 +++ true +++ case $c in +++ echo eth2 +++ return ++ echo eth2_in + createchain eth2_in no ++ chain_base eth2_in ++ local c=eth2_in ++ true ++ case $c in ++ echo eth2_in ++ return + local c=eth2_in + run_iptables -N eth2_in + ''['' -n '''' '']'' + ''['' -n Yes '']'' + ''['...