search for: icmpdef

...rify that my route table is ok. It just cant''t ping in the same network! :( Any sugestions? # iptables -L | grep icmp ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request icmpdef icmp -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-request Chain icmpdef (1 refere...

...who have ALLOWRELATED=3DNo in shorewall.conf should see the Upgrade Issues. 2) A ''FORWARDPING'' option has been added to shorewall.conf. The effect of setting this variable to Yes is the same as the effect of adding an ACCEPT rule for ICMP echo-request in /etc/shorewall/icmpdef. Users who have such a rule in icmpdef are encouraged to switch to FORWARDPING=3DYes. 3) The loopback CLASS A Network (127.0.0.0/8) has been added to the rfc1918 file. 4) Shorewall now works with iptables 1.2.7. 5) The documentation and Web site no longer use FrontPage themes. I would like t...

...e these rules, create # /etc/shorewall/common to replace it. It is suggested that you include # the command ". /etc/shorewall/common.def" in your # /etc/shorewall/common file so that you will continue to get the # advantage of new releases of this file. # run_iptables -A common -p icmp -j icmpdef ############################################################################ # Drop invalid state TCP packets # run_iptables -A common -m state -p tcp --state INVALID -j DROP ############################################################################ # NETBIOS chatter # run_iptables -A common -p u...

How do I allow traceroute to reach my server? Pings work fine but traceroute stops at the last hop before my server. If I shut off the firewall it reaches it fine. PING danicar.net (24.222.246.120): 56 data bytes 64 bytes from 24.222.246.120: icmp_seq=0 ttl=237 time=104.0 ms 64 bytes from 24.222.246.120: icmp_seq=1 ttl=237 time=74.9 ms 64 bytes from 24.222.246.120: icmp_seq=2 ttl=237 time=90.6

...0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (5 references) pkts bytes target prot opt in out source destination 0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 19 3338 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 reject-with icmp-port-unr...

...0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 2 120 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (5 references) pkts bytes target prot opt in out source destination 18 1580 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 1084 141K REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 reject-with icmp-port-unr...

...to squid but directly exit. what''s wrong? Thanks ------- Dario Lesca (d.lesca@ivrea.osra.it) -------------------------------------- @@@@@@@ this is my shorewall-1.2.13 config: #[/etc/shorewall/common.def]----------------------------------------------- run_iptables -A common -p icmp -j icmpdef run_iptables -A common -p tcp --tcp-flags ACK ACK -j ACCEPT run_iptables -A common -p tcp --tcp-flags RST RST -j ACCEPT run_iptables -A common -p udp --dport 137:139 -j REJECT run_iptables -A common -p udp --dport 445 -j REJECT run_iptables -A common -p tcp --dport 135 -j reject...

...0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (5 references) pkts bytes target prot opt in out source destination 0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 7 697 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 reject-with icmp-port-unr...

...to squid but directly exit. what''s wrong? Thanks ------- Dario Lesca (d.lesca@ivrea.osra.it) -------------------------------------- @@@@@@@ this is my shorewall-1.2.13 config: #[/etc/shorewall/common.def]----------------------------------------------- run_iptables -A common -p icmp -j icmpdef run_iptables -A common -p tcp --tcp-flags ACK ACK -j ACCEPT run_iptables -A common -p tcp --tcp-flags RST RST -j ACCEPT run_iptables -A common -p udp --dport 137:139 -j REJECT run_iptables -A common -p udp --dport 445 -j REJECT run_iptables -A common -p tcp --dport 135 -j reject...

...bility to specify a user-defined action as a policy - The samples will have customized policy actions. For example, SMB will be silently dropped from the net but rejected from local networks. b) The common.def file and /etc/shorewall/common will disappear along with /etc/shorewall/icmpdef. c) Specific tunnel support disappears to be replaced with generic tunnels and examples/documentation. d) All ''unclean'' support will be removed. f) Shorewall will get out of the routing business. This means that the HAVEROUTE column in /etc/shorewall/proxyarp will be remo...

Hi My situation: I have two pc''s with public ip''s (192.159.56.206(webserver) and 84.196.123.65(mail-gateway)) in the dmz. The firewall (84.196.123.66) is configures with proxyarp, so nothing is changed on the pc''s from when they were not behind the firewall (i.e. they don''t have the firewall as gateway (and they each have different gateways, only 84.196.123.65

...0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (5 references) pkts bytes target prot opt in out source destination 0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject udp...

Hi, I have a install of shorewall I have 2 interfaces(I think) ppp0[connection device] and eth0 [LAN device], I want to allow all traffic from the the internet in or aleast port 80 and CVS and webmin and mail and everything normal to the main machine with shorewall on it. I changed to policy file but it just gave me errors as to double interfaces. I also what still to alow connection sharing

...0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 5 836 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain common (5 references) pkts bytes target prot opt in out source destination 0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 1 236 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject...

Sorry to barge in on an old thread. I''m having the same trouble as the gent who started this thread. I''ve tried the options described and can''t seem to get the tunnel to pass packets through it. I''m using the Netscreen Remote VPN client (Safenet derivative) on a windows machine, trying to connect to a Netscreen 5xp at the other end. The connection fires

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

...destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (0 references) pkts bytes target prot opt in out source destination Chain net2all (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RE...

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

...state RELATED,ESTABLISHED 115 7604 newnotsyn tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags:!0x16/0x02 13 696 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 12513 849K fw2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (0 references) pkts bytes target prot opt in out source destination Chain loc2all (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED...

...Chain fw2net (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (0 references) pkts bytes target prot opt in out source destination Chain loc2dmz (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED...