search for: fw2loc

Before wasting a lot of time going at this in the wrong list, I would like to confirm whether my thinking is on or off base with respect to source and destination ports. Samba is being blocked by fw2loc even though I have accept rules set up. I believe I can explain why, but I could be wrong. I think that for some reason, samba is sourcing stuff on the commonly used port 137, but trying to send it to a destination port that is not a common port for the protocol. Should samba not be sending to a...

...ot browse the internet anymore from the local network pc. The strange thing is that the /var/log/messages file contains shorewall output telling me that it accepted the ping request from the firewall to the local network pc even though I dont receive an answer back. it says something like ACCEPT fw2loc out=br0 Phys out=eth1 source=192.168.3.12 dest=192.168.3.10 Proto=icmp which is correct. I have IP Forwarding set to on. setting Bridging=Yes or No in shorewall.conf makes no difference at all. here''s my shorewall configuration: Hosts #ZONE HOST(S) OPTIONS loc...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

...in out source destination 592 34399 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 318K 30M fw2net all -- * eth1 0.0.0.0/0 0.0.0.0/0 373K 366M fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 7741 471K fw2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:ACCEPT:'' 0 0 ACCEPT a...

...in out source destination 592 34399 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 318K 30M fw2net all -- * eth1 0.0.0.0/0 0.0.0.0/0 373K 366M fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 7741 471K fw2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:ACCEPT:'' 0 0 ACCEPT a...

...29 3189 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 29 1896 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0 2 356 fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 75 8198 fw2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0 2 340 common all -- * * 0.0.0.0/0 0.0.0.0/0 2 340 LOG all -- * * 0.0....

...source destination 6049 486K LOG all -- * eth0 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix `BANDWIDTH_OUT:'' 2738 156K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 6049 486K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 fw2loc all -- * ath0 0.0.0.0/0 0.0.0.0/0 139K 195M fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewal...

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

...0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 2 205 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 1 40 fw2loc all -- * eth1 0.0.0.0/0 192.168.10.0/24 0 0 fw2loc all -- * ppp+ 0.0.0.0/0 192.168.10.0/24 0 0 fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0...

...0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 448 96464 fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:...

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

...0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 12 1366 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 fw2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:...

...all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 410 42869 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 364 41726 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0 20 1740 fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 798 70693 fw2modem all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain AllowICMPs (2 refer...

...0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 36 11829 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 112K 16M fw2net all -- * eth1 0.0.0.0/0 0.0.0.0/0 6019 4437K fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 12645 5282K fw2loc2 all -- * eth2 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain Dro...

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

...-- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT udp -- * ppp0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 533 51169 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0 1354 133K fw2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' 0 0 reject all -- * *...

I''m having a problem with the Shorewall firewall and CUPS printing interfering with each other. My Linux firewall machine is acting as both a CUPS server and client for all of my tests. Shorewall 2.0.13 CUPS 1.1.22-2 Linux kernel 2.6.9 CUPS was working fine to print to my Epson C84 (network connected via a Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I

Hi there, I''ve read Routing on One Interface, and Shorewall and Aliased Interfaces docs but I''m a little confused, and all my test attempts have mostly failed. Here is my setup: CentOS 4.2 ShoreWall 3.0.2 My server has a subnet 192.168.50.0/29 routed to it via 192.168.1.2. Currently 192.168.1.2 is setup on eth0. With no ShoreWall involved routing seems to work if I just setup

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use