search for: fw2lan

What shorewall rules would be required to allow the OSPF routing protocol to pass fw<->loc? Any suggestions would be appreciated. Ben

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

...ause PHYSIN is set. Why is this? Why is SSH not lan(br0) -> $FW ? You mentioned that unless the physdev flag is set, shorewall only cares about lan(br0) <-> $FW Why does PHYSIN get set for SSH ? ping(server->lan) Sep 14 23:42:45 veridian kernel: [618269.196281] Shorewall:fw2lan:ACCEPT:IN= OUT=br0 SRC=192.168.1.6 DST=192.168.1.255 LEN=185 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=165 ssh Sep 14 23:45:15 veridian kernel: [618418.797081] Shorewall:phys2fw:ACCEPT:IN=br0 OUT= PHYSIN=eth0 MAC=00:01:29:f5:f0:26:00:18:01:5b:a8:72:08:00 SRC=207.172.176.168 D...

...53 -" added. Rule "ACCEPT lan wan tcp ftp-data -" added. Rule "ACCEPT lan fw::3328 tcp www - all" added. Rule "ACCEPT fw wan tcp www -" added. Setting up ICMP Echo handling... Processing /etc/shorewall/policy... Policy ACCEPT for fw to lan using chain fw2lan Policy ACCEPT for fw to wan using chain fw2wan Policy ACCEPT for lan to fw using chain lan2all Policy ACCEPT for lan to lan using chain lan2all Policy ACCEPT for lan to wan using chain lan2wan Policy DROP for wan to fw using chain wan2all Masqueraded Subnets and Hosts: To 0.0.0.0/...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer