search for: loc2fw

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

...p --state INVALID -j DROP #[/etc/shorewall/zones]----------------------------------------------- net Net Internet Blixer loc Local Rete Locale Ivrea dmz DMZ Demilitarized zone @@@@@@@ this is a portions of debug of shorewall script ... + iptables -A loc2fw -m state --state ESTABLISHED,RELATED -j ACCEPT + eval loc2fw_exists=Yes ++ loc2fw_exists=Yes + ''['' www = none -o www = None -o '''' = none -o '''' = None -o '''' = none -o '''' = No ne -o '''' = none -...

...p --state INVALID -j DROP #[/etc/shorewall/zones]----------------------------------------------- net Net Internet Blixer loc Local Rete Locale Ivrea dmz DMZ Demilitarized zone @@@@@@@ this is a portions of debug of shorewall script ... + iptables -A loc2fw -m state --state ESTABLISHED,RELATED -j ACCEPT + eval loc2fw_exists=Yes ++ loc2fw_exists=Yes + ''['' www = none -o www = None -o '''' = none -o '''' = None -o '''' = none -o '''' = No ne -o '''' = none -...

...answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00 SRC=192.168.6.5 DST=192.168.6.82 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9327 DF PROTO=TCP SPT=1267 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 Other subnet Dec 29 09:53:36 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:...

I''m noticing some weirdness in my ulog files with version 2.0.10. Here is a portion of the log: Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP SPT=631 DPT=631 LEN=77 Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00...

My Shorewall server /var/log/messages only have loc2fw, net2fw, I want display net2loc, how can do that? Thank _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-i...

Hi, I have a few problems with my shorewall configuration. First of all, the option maclist seems no to be recognized. I have this: ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#'' - eth1 detect dhcp,tcpflags,routefilter loc eth0 detect tcpflags,maclist When I look at shorewall-init.log, I found out:

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

If I''m using eth1 as my lan zone on my router box, it needs a static ip... what do I set the gateway option to in /etc/network/interfaces since this computer is actually the gateway for the rest of the lan? Itself? My "net" NIC''s address? Something else? My lan isn''t getting internet access using the default Shorewall config file (edited per

I give up and need help! I won''t add to the confusion by showing all the combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and FAQ2a many times! When googling the subject of this post there are many answers that boil down to using the same three iptables rules, two of which use nat. I won''t repeat them here. I don''t want to risk mixing

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

...) for bridging and I cannot restart it. I got the following error ... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net using chain loc2net Masqueraded Networks and Hosts: Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16&quo...

...#39;t "see" out. I''ve got a 2-interface setup, using Shorewall 2.0.15 (installed via Debian). eth0 is connected to my DSL modem (uses PPPoE) and eth1 is the local 192.168.1.0/24 subnet. I run a dnsmasq on the firewall. All loc machines can do DNS lookups without problems. loc2fw connections work fine, as do fw2net. Just loc2net seems to be failing. I''m attaching the output from: - shorewall version - shorewall status - ip addr show - ip route show I''ll gladly send more info if more info is needed. - Colin p.s. please cc your responses to col...

[newbie question] Before using Shorewall I used to manually write some very short iptables rules which where probably much poorer than what this Shorewall gem does but I could "follow" them very easily. Now reading the output of iptable -L gives me a terrible headache. Is there some tool that graphs the rules in order to "see" them better ? For instance I was experiencing

...0 all2all all -- * tunl+ 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 5 1015 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 5 1015 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 23 1216 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED...

...0 all2all all -- * tunl+ 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 332 45305 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 332 45305 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain fw2net (1 references) pkts bytes target prot opt in out source destination 17224 2809K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED...

....0.0.0/0 0.0.0.0/0 537K 261M loc2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 490K 69M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 490K 69M loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 302K 170M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 122K 70M net2loc all -- * eth0 0.0.0.0/0 0...

...0 0 loc2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 111 12988 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 1747 1175K loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth2_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 dmz2net all -- * e...

....0.0.0/0 0.0.0.0/0 537K 261M loc2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 490K 69M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 490K 69M loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 302K 170M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 122K 70M net2loc all -- * eth0 0.0.0.0/0 0...

...all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 1 236 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 1 236 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth2_fwd (1 references) pkts bytes target prot opt in out source destination 2 126 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 24 1...