search for: loc2net

...INE -- DO NOT REMOVE interfaces net eth2 detect filterping loc eth0 detect filterping dmz eth1 detect and when I tried to go to the net the messages are: Jan 16 17:49:33 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SRC =192.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=6877 DF PROT O=TCP SPT=1813 DPT=23 WINDOW=16384 RES=0x00 SYN URGP=0 Jan 16 17:49:33 murowall kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2 SRC=1 92.168.2.96 DST=80.25.233.57 LEN=48 TOS=0x00 PREC...

...interface setup, using Shorewall 2.0.15 (installed via Debian). eth0 is connected to my DSL modem (uses PPPoE) and eth1 is the local 192.168.1.0/24 subnet. I run a dnsmasq on the firewall. All loc machines can do DNS lookups without problems. loc2fw connections work fine, as do fw2net. Just loc2net seems to be failing. I''m attaching the output from: - shorewall version - shorewall status - ip addr show - ip route show I''ll gladly send more info if more info is needed. - Colin p.s. please cc your responses to colin@viebrock.ca and colin@easydns.com ... since I...

here''s a snippet from my /var/log/messages: Nov 4 00:24:45 firewall kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=80.143.227.136 DST=165.247.174.243 LEN=76 TOS=0x00 PREC=0x00 TTL=114 ID=41910 PROTO=UDP SPT=9940 DPT=9940 LEN=56 Nov 4 00:24:45 firewall kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=ppp0 SRC=10.0.0.2 DST=4.4.130.47 LEN=76 TOS=0x00 PREC=0x00 TTL=127 ID=26091 PROTO=UDP SPT=9940 DPT=63225 LEN=56 Nov 4 00:24:49 firewall kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=ppp0 SRC=10.0.0.2 DST=4.4.130.47 LEN=76 TOS=0x00 PREC=0x00 TTL=127 ID=43243 PROTO=UDP SPT=9940 DPT=632...

If I''m using eth1 as my lan zone on my router box, it needs a static ip... what do I set the gateway option to in /etc/network/interfaces since this computer is actually the gateway for the rest of the lan? Itself? My "net" NIC''s address? Something else? My lan isn''t getting internet access using the default Shorewall config file (edited per

I would like to cut down on packets logged from "loc2net". I have modified my policy file so that the logging for loc2net is "err" but dns packets and smtp are still being logged. Is it possible to filter these out? On a separate note, if I define ULOG in policy, I get an error on shorewall startup "ULOG not defined" or somethi...

Hi, I''m using following rule in /etc/shorewall/rules REJECT:ULOG:P2P loc net ipp2p:all ipp2p iptables -L : Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ULOG all -- anywhere anywhere ipp2p v0.8.2--ipp2p ULOG copy_range 0 nlgroup 1 prefix `Shorewall:loc2net:REJECT:P2...

Does anyone know what this log entry indicates? What service running on a WinNT server would send out a UDP packet with source port 137 and destination port 1? (I was unable to get any clarity from Google...) --------- May 27 11:01:47 ykrgw kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 SRC=192.168.3.3 DST=166.84.151.198 LEN=84 TOS=0x00 PREC=0x00 TTL=127 ID=37008 PROTO=UDP SPT=137 DPT=1 LEN=64 ---------- Thanks in advance. Jim Werkowski jwerkowski@attglobal.net

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the machines is attached. btw if any of you have any hint on setting up P2P filtering, or some good howto, pleas...

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

...out to the net. Hope this helps Mike -----Original Message----- From: Alan Sparks [mailto:asparks@doublesparks.net] Sent: Thursday, January 16, 2003 11:02 AM To: marta_jara@zenithmedia.es Cc: Shorewall-users@shorewall.net Subject: Re: [Shorewall-users] Jan 16 17:49:33 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SRC Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2 You should probably have shown the rules file also... but I see the loc->net policy is CONTINUE, but don''t see where the policy subsequently allows this outbound traffic. Do you really mean for that to be CONTINU...

Please, help me. Can i forbid and how any outgoing traffic (ping,trace) to rfc1918 networks on my external interfaces? Thank you very much. Aleksandr -------------------- Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер, ноутбуков и PDA. Гарантия минского сервисного центра.

...r is outside the firewall, Now, the rule stop working for sometime, my mail gateway couldnt resolve any hostname anymore. but when i restart shorewall, it''s work , just for while, and so on. what happened to my shorewall ? log from kernel seem fine Aug 3 17:51:51 fw kernel: Shorewall:loc2net:ACCEPT:IN=eth0 OUT=eth2 SRC=172.16.0.229 DST=202.x.x.x LEN=77 TOS=0x00 PREC=0x00 TTL=63 ID=31630 PROTO=UDP SPT=51468 DPT=53 LEN=57 please help me.. regards reza

...net ACCEPT dmz net ACCEPT net all DROP info all all REJECT info interfaces: loc eth0 detect dhcp I interpret this to mean that eth0 is in the local zone, and therefore by the loc2net policy should be able to browse. However, I get stuff like this in the log: Sep 3 19:43:35 all2all:REJECT:IN=eth0 OUT= SRC=[my ip] DST=[isp dns ip] LEN=48 TOS=0x00 PREC=0x00 TTL=62 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=18568 SEQ=0 ...and I can''t connect to the outside world if shorewall...

...ot;ACCEPT fw net udp 53" added. Rule "ACCEPT loc fw tcp 22" added. Setting up ICMP Echo handling... Processing /etc/shorewall/policy... Policy REJECT for fw to net using chain all2all Policy REJECT for loc to fw using chain all2all Policy ACCEPT for loc to net using chain loc2net Masqueraded Subnets and Hosts: Cannot send dump request: Connection refused Terminated ========================================================== When I follow the tracing instruction, I get the following # tail /tmp/trace ++ ''['' -f /etc/shorewall/stopped '']'' +...

Hi, here my system on shorewall: eth0 192.168.108.1 net eth1 192.168.109.1 dmz eth2 192.168.110.1 loc_110 eth3 192.168.111.1 loc I haven''t access from or to server in loc_110 through shorewall. I can use ssh or other types from loc to dmz or from loc to fw, but I can''t use connections to loc_110. I can also use ssh - connection from fw to loc_110 or redirectly. Where is the

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

...all -- * * 0.0.0.0/0 0.0.0.0/0 Chain br0_fwd (1 references) pkts bytes target prot opt in out source destination 4 240 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 4 240 loc2net all -- * eth0 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in eth1 0 0 loc2road all -- * br0 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in eth1 --physdev-out tap+ 0 0 all2all all -- * eth0 0.0.0.0/0...

...server. I''ve googled for some days and found no way to do it. Any advice please? This is my rules and log file (IP addresses faked) Rules: ACCEPT loc:w.x.y.z net:a.b.c.d tcp 1024:65535 And this is the log file: Jun 13 10:29:22 firewall kernel: Shorewall:loc2net:DROP:IN=eth1 OUT=eth0 SRC=w.x.y.z DST=a.b.c.d LEN=44 TOS=0x00 PREC=0x00 TTL=127 ID=4040 DF PROTO=TCP SPT=1358 DPT=1696 WINDOW=8192 RES=0x00 SYN URGP=0 Regards

...39;t get masq working. Maybe this is because something changed in masq since I have been using similar configuration in 2.x But I can''t see what... There is nothing in messages so it doesn''t point me in the right direction. No REJECT, no loc2something... No communication like loc2net is logged when I try to get through (ping, dns, telnet...) It is not a vmware-related issue since the same problem is when I try to masq a real computer like from eth1. THANKS! This is my config: interfaces: net eth2 detect dhcp # wan -- to cable modem loc eth1 detect loc vmnet0 detec...

Hi Vene, Would appreciate any help you can give as I am not sure which NAT you are talking about. A little more background. I am replacing a Windows 2000 routing and remote access machine that was acting as the gateway and performing NAT for Internet access for our local clients. In this setup the cisco VPN clients had no problem connecting to the vpn concentrator. The only difference in any