search for: fw2net

...one and as a consequence I have a hosts file with the following in it: net eth0:!192.168.0.0/24 loc eth0:192.168.0.0/24 When I run shorewall start, I get an error, running in debug mode and capturing the output give me: + run_iptables -A OUTPUT -o eth0 -d ''!192.168.0.0/24'' -j fw2net + ''['' -n '''' '']'' + ''['' -n '''' '']'' + /sbin/iptables -A OUTPUT -o eth0 -d ''!192.168.0.0/24'' -j fw2net iptables v1.2.11: host/network `!192.168.0.0'' not found Try `iptab...

Hi Tom and other gurus, I modified SHOREWALL (version 2.0.15) for bridging and I cannot restart it. I got the following error ... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net using chain loc2net Masqueraded Networks and Hosts: Processing /etc/shorewall/tos... Rule "all all tcp - ssh...

Please, help me. Can i forbid and how any outgoing traffic (ping,trace) to rfc1918 networks on my external interfaces? Thank you very much. Aleksandr -------------------- Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер, ноутбуков и PDA. Гарантия минского сервисного центра.

...ridging software is installed and working correctly, including startup etc. The problem that I have is in "shorewall start" The output form "shorewall debug start 2> /home/stewart/trace" reveals an error " + iptables -A OUTPUT -o br0 -m physdev --physdev-out eth0 -j fw2net iptables: No chain/target/match by that name + ''['' -z '''' '']'' + stop_firewall" It looks to me that the Chain "fw2net" isn''t being recognised. Am I making a mistake here in assuming that the default zone "fw" ex...

...g on my part. i use shorewall 2.0.4 and for logging metalog 0.8. the problem is that new connections of certain (most) types don''t get logged. when i browse for example i see such: ---------------------------------------------------------------------- Dec 3 15:49:12 [kernel] Shorewall:fw2net:AllowDNS:IN= OUT=eth0 SRC=80.218.188.212 DST=62.2.24.158 LEN=59 TOS=0x00 PREC=0x00 TTL=64 ID=17070 DF PROTO=UDP SPT=32770 DPT=53 LEN=39 ---------------------------------------------------------------------- but never such: ---------------------------------------------------------------------- D...

...or the life of me figure out why this doesn''t match my rule. Here''s what shorewall says on startup: ... Processing /etc/shorewall/rules... Rule "ACCEPT net fw tcp 80,443,22,20,21 -" added. Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy DROP for net to fw using chain net2all ... and when I FTP and try an "ls", shorewall logs: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:b0:d0:e7:64:8a:00:20:78:db:5c:c7:08:00 SRC=64.19.189.166 DST=192.168.1.102 LEN=48 TOS=0x08 PREC=0x00 TTL=114 ID=59474 DF PROTO=TCP SPT=20 DPT=3...

Lables: Gateway = 209.5.171.65 Netmask = 255.255.255.192 Eth0 = net = 209.5.171.66 Eth1 = loc = 192.168.0.1 There is no NAT clients, in essence loc is dmz. I can rename loc to dmz if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126 Problem: Using the Shorewall Action AllowFTP does not result in desired behavior when connecting from Internet to machines behind firewall in DMZ. From

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at

...EC=0x20 TTL=107 ID=27105 PROTO=UDP SPT=2119 DPT=1434 LEN=384 Feb 2 08:08:43 fury [32579.604207] Shorewall:net2all:DROP:IN=eth0 OUT= SRC= 71.204.17.37 DST=71.203.146.136 LEN=92 TOS=0x00 PREC=0x20 TTL=114 ID=5644 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=26501 Feb 2 08:11:04 fury [32720.939826] Shorewall:fw2net:ACCEPT:IN= OUT=eth0 SRC=71.203.146.136 DST=68.87.74.162 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=40217 DF PROTO=UDP SPT=32769 DPT=53 LEN=50 Feb 2 08:11:13 fury [32730.239305] Shorewall:net2all:DROP:IN=eth0 OUT= SRC= 193.95.190.178 DST=71.203.146.136 LEN=404 TOS=0x00 PREC=0x20 TTL=108 ID=57862 PROTO=UDP...

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

...ion to open ports for edonkey protocol I add in /etc/shorewall/rules: # eDonkey 2000 ACCEPT net $FW tcp 4662 ACCEPT net $FW udp 4666 but I could not connect to any edonkey server. I check logs and notice that udp traffic on port 4666 is still dropped. Jul 8 22:35:57 BSN-77-157-156 Shorewall:fw2net:REJECT: IN= OUT=ppp0 MAC= SRC=132.71.17.156 DST=213.150.62.180 LEN=34 TOS=00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=4666 DPT=4665 LEN=14 Why? regards Brumela ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Expr...

...stination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT udp -- * ath0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 0 0 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 fw2net all -- * ath0 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0...

I attached a copy of my rules file and I was wonndiering if there is some commands that I don''t need. I am running a webserver,email server,samba server. Thanks --------------------------------- Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now-------------- next part -------------- ############################################################################## #ACTION

...OP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 3 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0...

...39;ve got a 2-interface setup, using Shorewall 2.0.15 (installed via Debian). eth0 is connected to my DSL modem (uses PPPoE) and eth1 is the local 192.168.1.0/24 subnet. I run a dnsmasq on the firewall. All loc machines can do DNS lookups without problems. loc2fw connections work fine, as do fw2net. Just loc2net seems to be failing. I''m attaching the output from: - shorewall version - shorewall status - ip addr show - ip route show I''ll gladly send more info if more info is needed. - Colin p.s. please cc your responses to colin@viebrock.ca and colin@easydns.com...

Hi, I get frequent logfile entries from Shorewall similar to the following: Nov 25 11:22:51 10.0.0.248 kernel: Shorewall:net2mill:DROP:IN=eth2 OUT=eth0 SRC=202.96.117.50 DST=10.0.0.10 LEN=56 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=10.0.0.10 DST=202.101.167.133 LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=13591 DF PROTO=TCP INCOMPLETE [8 bytes] ] Could someone explain what the

...Filtering... IP Forwarding Enabled Processing /etc/shorewall/tunnels... Processing /etc/shorewall/ipsec... Processing /etc/shorewall/rules... Processing Actions... Generating Transitive Closure of Used-action List... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy ACCEPT for loc0 to net using chain loc02net Policy ACCEPT for loc1 to net using chain loc12net Policy ACCEPT for wlan to net using chain wlan2net Masqueraded Networks and Hosts: iptables: Invalid argument ERROR: Command "/sbin/iptables -t nat -A ppp0_masq -s 192.168.11.0/24...

hi, i installed the shorewall 2.0.9 in fc2,after configuring the shorewall i did shorewall start this is the last few lines of it is output: Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy DROP for net to fw using chain net2all Masqueraded Networks and Hosts: Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16"...

...dp -- * ppp0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 > 0 0 ACCEPT udp -- * ath0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 > 0 0 fw2home all -- * eth0 0.0.0.0/0 192.168.174.242 > 254 27951 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 > 0 0 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0 > 0 0 fw2net all -- * ath0 0.0.0.0/0 0.0.0.0/0 > 0 0 all2all all -- *...