Displaying 20 results from an estimated 61 matches for "fw2net".
2005 Mar 27
2
Can''t get shorewall to start...
...one and as a consequence I have a hosts file
with the following in it:
net eth0:!192.168.0.0/24
loc eth0:192.168.0.0/24
When I run shorewall start, I get an error, running in debug mode and
capturing the output give me:
+ run_iptables -A OUTPUT -o eth0 -d ''!192.168.0.0/24'' -j fw2net
+ ''['' -n '''' '']''
+ ''['' -n '''' '']''
+ /sbin/iptables -A OUTPUT -o eth0 -d ''!192.168.0.0/24'' -j fw2net
iptables v1.2.11: host/network `!192.168.0.0'' not found
Try `iptab...
2005 Jan 21
5
Cannot restart shorewall
Hi Tom and other gurus,
I modified SHOREWALL (version 2.0.15) for bridging and I cannot restart it.
I got the following error
...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy REJECT for fw to loc using chain all2all
Policy DROP for net to fw using chain net2all
Policy ACCEPT for loc to fw using chain loc2fw
Policy ACCEPT for loc to net using chain loc2net
Masqueraded Networks and Hosts:
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh...
2007 Nov 20
11
rfc1918 on external interface
Please, help me. Can i forbid and how any outgoing traffic
(ping,trace) to rfc1918 networks on my external interfaces?
Thank you very much.
Aleksandr
--------------------
Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА
и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер,
ноутбуков и PDA. Гарантия минского сервисного центра.
2005 Jan 11
5
Problem starting Shorewall using Bridge configuration
...ridging software is
installed and working correctly, including startup etc.
The problem that I have is in "shorewall start"
The output form "shorewall debug start 2> /home/stewart/trace" reveals an
error
" + iptables -A OUTPUT -o br0 -m physdev --physdev-out eth0 -j fw2net
iptables: No chain/target/match by that name
+ ''['' -z '''' '']''
+ stop_firewall"
It looks to me that the Chain "fw2net" isn''t being recognised. Am I making a
mistake here in assuming that the default zone "fw" ex...
2004 Dec 03
1
not logging as exspected
...g on my part.
i use shorewall 2.0.4 and for logging metalog 0.8.
the problem is that new connections of certain (most) types don''t get
logged. when i browse for example i see such:
----------------------------------------------------------------------
Dec 3 15:49:12 [kernel] Shorewall:fw2net:AllowDNS:IN= OUT=eth0
SRC=80.218.188.212 DST=62.2.24.158 LEN=59 TOS=0x00 PREC=0x00 TTL=64
ID=17070 DF PROTO=UDP SPT=32770 DPT=53 LEN=39
----------------------------------------------------------------------
but never such:
----------------------------------------------------------------------
D...
2003 Nov 28
3
Problems with FTP to one host
...or the life of me figure out why this doesn''t match my rule. Here''s
what shorewall says on startup:
...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw tcp 80,443,22,20,21 -" added.
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy DROP for net to fw using chain net2all
...
and when I FTP and try an "ls", shorewall logs:
Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=00:b0:d0:e7:64:8a:00:20:78:db:5c:c7:08:00 SRC=64.19.189.166
DST=192.168.1.102 LEN=48 TOS=0x08 PREC=0x00 TTL=114 ID=59474 DF PROTO=TCP
SPT=20 DPT=3...
2005 Jun 02
3
Net > DMZ > AllowFTP
Lables:
Gateway = 209.5.171.65
Netmask = 255.255.255.192
Eth0 = net = 209.5.171.66
Eth1 = loc = 192.168.0.1
There is no NAT clients, in essence loc is dmz. I can rename loc to dmz
if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126
Problem:
Using the Shorewall Action AllowFTP does not result in desired behavior
when connecting from Internet to machines behind firewall in DMZ. From
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2011 Jul 21
42
Problem With OpenVPN Connectivity
Hi,
I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the
VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in
Slackware 13.1 using the same Shorewall version and files, the ''interfaces'',
''policy'' and ''zone'', are all I have configured, it was working and this also
works in Arch at
2007 Feb 02
13
Client cannot connect to Internet
...EC=0x20 TTL=107 ID=27105
PROTO=UDP SPT=2119 DPT=1434 LEN=384
Feb 2 08:08:43 fury [32579.604207] Shorewall:net2all:DROP:IN=eth0 OUT= SRC=
71.204.17.37 DST=71.203.146.136 LEN=92 TOS=0x00 PREC=0x20 TTL=114 ID=5644
PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=26501
Feb 2 08:11:04 fury [32720.939826] Shorewall:fw2net:ACCEPT:IN= OUT=eth0
SRC=71.203.146.136 DST=68.87.74.162 LEN=70 TOS=0x00 PREC=0x00 TTL=64
ID=40217 DF PROTO=UDP SPT=32769 DPT=53 LEN=50
Feb 2 08:11:13 fury [32730.239305] Shorewall:net2all:DROP:IN=eth0 OUT= SRC=
193.95.190.178 DST=71.203.146.136 LEN=404 TOS=0x00 PREC=0x20 TTL=108
ID=57862 PROTO=UDP...
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
2007 Jul 08
6
mldonkey/edonkey - servers not connected
...ion to open
ports for edonkey protocol
I add in /etc/shorewall/rules:
# eDonkey 2000
ACCEPT net $FW tcp 4662
ACCEPT net $FW udp 4666
but I could not connect to any edonkey server.
I check logs and notice that udp traffic on port 4666 is still dropped.
Jul 8 22:35:57 BSN-77-157-156 Shorewall:fw2net:REJECT: IN= OUT=ppp0 MAC=
SRC=132.71.17.156 DST=213.150.62.180 LEN=34 TOS=00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=4666 DPT=4665 LEN=14
Why?
regards Brumela
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Expr...
2005 Jul 02
6
Port redirection on standalone pc to pop3 proxy AV scanner
...stination
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
0 0 DROP !icmp -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT udp -- * ath0 0.0.0.0/0
0.0.0.0/0 udp dpts:67:68
0 0 fw2net all -- * ppp0 0.0.0.0/0
0.0.0.0/0
0 0 fw2net all -- * ath0 0.0.0.0/0
0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0
0.0.0.0/0...
2003 Jan 01
10
Cleanning up the rules
I attached a copy of my rules file and I was wonndiering if there is some commands that I don''t need. I am running a webserver,email server,samba server. Thanks
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now-------------- next part --------------
##############################################################################
#ACTION
2003 Feb 22
4
Shorewall with ProxyARP
...OP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
3 168 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 common all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0...
2005 Feb 04
3
loc2net no longer working (and I read the FAQ)
...39;ve got a 2-interface setup, using Shorewall 2.0.15 (installed via
Debian). eth0 is connected to my DSL modem (uses PPPoE) and eth1 is the
local 192.168.1.0/24 subnet.
I run a dnsmasq on the firewall. All loc machines can do DNS lookups
without problems.
loc2fw connections work fine, as do fw2net. Just loc2net seems to be
failing.
I''m attaching the output from:
- shorewall version
- shorewall status
- ip addr show
- ip route show
I''ll gladly send more info if more info is needed.
- Colin
p.s. please cc your responses to colin@viebrock.ca and colin@easydns.com...
2004 Nov 25
6
Logfile entry query
Hi,
I get frequent logfile entries from Shorewall similar to the following:
Nov 25 11:22:51 10.0.0.248 kernel: Shorewall:net2mill:DROP:IN=eth2
OUT=eth0 SRC=202.96.117.50 DST=10.0.0.10 LEN=56 TOS=0x00 PREC=0x00
TTL=241 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=10.0.0.10
DST=202.101.167.133 LEN=48 TOS=0x00 PREC=0x00 TTL=1
ID=13591 DF PROTO=TCP INCOMPLETE [8 bytes] ]
Could someone explain what the
2005 Mar 31
1
can''t use shorewall in a UML-Session
...Filtering...
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/ipsec...
Processing /etc/shorewall/rules...
Processing Actions...
Generating Transitive Closure of Used-action List...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy ACCEPT for loc0 to net using chain loc02net
Policy ACCEPT for loc1 to net using chain loc12net
Policy ACCEPT for wlan to net using chain wlan2net
Masqueraded Networks and Hosts:
iptables: Invalid argument
ERROR: Command "/sbin/iptables -t nat -A ppp0_masq -s 192.168.11.0/24...
2004 Dec 27
3
shorewall doesn''t restart at boot
hi,
i installed the shorewall 2.0.9 in fc2,after configuring the shorewall i
did shorewall start this is the last few lines of it is output:
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy DROP for net to fw using chain net2all
Masqueraded Networks and Hosts:
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16"...
2005 May 25
9
Newbie going through a probably stupid thing
...dp -- * ppp0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
> 0 0 ACCEPT udp -- * ath0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
> 0 0 fw2home all -- * eth0 0.0.0.0/0 192.168.174.242
> 254 27951 fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
> 0 0 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0
> 0 0 fw2net all -- * ath0 0.0.0.0/0 0.0.0.0/0
> 0 0 all2all all -- *...