Displaying 20 results from an estimated 47 matches for "loc2fw".
2005 Apr 10
28
dumb, dumb question
I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall)
with 3 NIC cards.
Shorewall works great on the firewall machine. Bind also works (local
net machines get IPs fine). Under firestarter, all works great.
With shorewall, the loc machines can not route past the firewall. They
can connect to the firewall, but not past it.
Exactly what information should I post to get
2002 May 14
4
Redirect loc::80 to fw::3128 not work
...p --state INVALID -j DROP
#[/etc/shorewall/zones]-----------------------------------------------
net Net Internet Blixer
loc Local Rete Locale Ivrea
dmz DMZ Demilitarized zone
@@@@@@@ this is a portions of debug of shorewall script ...
+ iptables -A loc2fw -m state --state ESTABLISHED,RELATED -j ACCEPT
+ eval loc2fw_exists=Yes
++ loc2fw_exists=Yes
+ ''['' www = none -o www = None -o '''' = none -o '''' = None -o '''' = none -o ''''
= No
ne -o '''' = none -...
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
...p --state INVALID -j DROP
#[/etc/shorewall/zones]-----------------------------------------------
net Net Internet Blixer
loc Local Rete Locale Ivrea
dmz DMZ Demilitarized zone
@@@@@@@ this is a portions of debug of shorewall script ...
+ iptables -A loc2fw -m state --state ESTABLISHED,RELATED -j ACCEPT
+ eval loc2fw_exists=Yes
++ loc2fw_exists=Yes
+ ''['' www = none -o www = None -o '''' = none -o '''' = None -o '''' = none -o ''''
= No
ne -o '''' = none -...
2004 Dec 29
18
No response on port 80 with Shorewall
...answer on http request from all my local subnets
but not from local subnet.
Ping and requests on ports 21 22 23 25 110 works fine.
I logged port 80 in rules files and I got
accept entry same for local subnet and other subnets.
Local subnet is 192.168.6
Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT=
MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00 SRC=192.168.6.5
DST=192.168.6.82 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=9327 DF PROTO=TCP
SPT=1267 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Other subnet
Dec 29 09:53:36 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT=
MAC=00:09:6b:...
2005 Jan 07
5
ULOG weirdness with 2.0.10
I''m noticing some weirdness in my ulog files with version 2.0.10. Here
is a portion of the log:
Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100
DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP
SPT=631 DPT=631 LEN=77
Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00...
2006 Jun 30
1
Newbie Log question
My Shorewall server /var/log/messages only have loc2fw, net2fw, I want display net2loc, how can do that?
Thank
_______________________________________
YM - 離線訊息
就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。
http://messenger.yahoo.com.hk
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-i...
2005 Feb 08
15
Few questions
Hi,
I have a few problems with my shorewall configuration.
First of all, the option maclist seems no to be recognized.
I have this:
ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#''
- eth1 detect dhcp,tcpflags,routefilter
loc eth0 detect tcpflags,maclist
When I look at shorewall-init.log, I found out:
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer
2005 Jun 10
11
/etc/network/interfaces
If I''m using eth1 as my lan zone on my router box, it needs a static
ip... what do I set the gateway option to in /etc/network/interfaces
since this computer is actually the gateway for the rest of the lan?
Itself? My "net" NIC''s address? Something else?
My lan isn''t getting internet access using the default Shorewall config
file (edited per
2013 Oct 10
15
Remapping port below 1024 on the firewall
I give up and need help! I won''t add to the confusion by showing all the
combinations I have tried unsuccessfully... and yes, I''ve read FAQ2 and
FAQ2a many times!
When googling the subject of this post there are many answers that boil
down to using the same three iptables rules, two of which use nat. I
won''t repeat them here.
I don''t want to risk mixing
2006 Feb 17
3
dansguardian+squid masquerading not working
Hello Everyone!
I am using shorewall-3.0.5 on suse linux.
Recently we have implemented dansguardian running on 8080 and squid on
port 3128.
Previously (before dans guardian) masquerading was working fine but
after the implementation of dansguardian masquerading is not working.
My rules file has entry
Previous entry was
ACCEPT loc:192.192.192.3 net
REDIRECT loc 8080 tcp
2005 Jan 21
5
Cannot restart shorewall
...) for bridging and I cannot restart it.
I got the following error
...
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to net using chain fw2net
Policy REJECT for fw to loc using chain all2all
Policy DROP for net to fw using chain net2all
Policy ACCEPT for loc to fw using chain loc2fw
Policy ACCEPT for loc to net using chain loc2net
Masqueraded Networks and Hosts:
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16&quo...
2005 Feb 04
3
loc2net no longer working (and I read the FAQ)
...#39;t "see" out.
I''ve got a 2-interface setup, using Shorewall 2.0.15 (installed via
Debian). eth0 is connected to my DSL modem (uses PPPoE) and eth1 is the
local 192.168.1.0/24 subnet.
I run a dnsmasq on the firewall. All loc machines can do DNS lookups
without problems.
loc2fw connections work fine, as do fw2net. Just loc2net seems to be
failing.
I''m attaching the output from:
- shorewall version
- shorewall status
- ip addr show
- ip route show
I''ll gladly send more info if more info is needed.
- Colin
p.s. please cc your responses to col...
2004 Dec 16
12
A question on rules simplification
[newbie question]
Before using Shorewall I used to manually write some very short iptables
rules which where probably much poorer than what this Shorewall gem does
but I could "follow" them very easily.
Now reading the output of iptable -L gives me a terrible headache.
Is there some tool that graphs the rules in order to "see" them better ?
For instance I was experiencing
2003 Feb 25
0
Shorewall Setup.
...0 all2all all -- * tunl+ 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
5 1015 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
5 1015 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
23 1216 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED...
2003 Feb 27
3
Unknown commments in shorewall status.
...0 all2all all -- * tunl+ 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
332 45305 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
332 45305 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
17224 2809K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED...
2005 Feb 28
1
Mail server on DMZ
....0.0.0/0
0.0.0.0/0
537K 261M loc2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
490K 69M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
490K 69M loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
302K 170M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
122K 70M net2loc all -- * eth0 0.0.0.0/0
0...
2004 Aug 05
9
Not able to access website
...0 0 loc2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
111 12988 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
1747 1175K loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 dmz2net all -- * e...
2005 Mar 07
10
DNS Name problem with mail server on LAN
....0.0.0/0
0.0.0.0/0
537K 261M loc2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
490K 69M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
490K 69M loc2fw all -- * * 0.0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
302K 170M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
122K 70M net2loc all -- * eth0 0.0.0.0/0
0...
2005 Jan 08
8
Shorewall problem, perhaps with PPPoE
...all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
1 236 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
1 236 loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth2_fwd (1 references)
pkts bytes target prot opt in out source
destination
2 126 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state NEW
24 1...