search for: logmartian

I''ve set up a simple 2-interface Linux router using shorewall-perl 4.0.8 (and upgraded to 4.0.9). Everything works flawlessly. One small exception I have noticed (since I''m a new shorewall user I assume this is probably an error on my part). 1. Problem: With no "logmartians" entries in /etc/shorewall/interfaces, shorewall-perl sets /proc/sys/net/ipv4/conf/*/log_martians to "0". 2. Expected behavior: For any interface entry in /etc/shorewall/interfaces for which the "logmartians" option is not present, shorewall-perl should take no action, le...

...ners as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net vboxnet0 detect dhcp,tcpflags,nosmurfs,logmartians to shorewall/interfaces and everything seemed to work. Not so easy with the vit-man/kvm setup, where > net virbr0 detect dhcp,tcpflags,nosmurfs,logmartians does not seem to lead to a network-setup that works out - no network connection from the (migrated) virtual machine....

...eth1 192.168.1.255 l2tp ppp+ - #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My current interface as currently used on my firewall is below: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - dhcp,tcpflags,nosmurfs,logmartians loc eth0 detect dhcp,tcpflags,nosmurfs,routefilter,logmartians My question is if i define ppp+ for the l2tp zone will my ''net'' zone be included in the l2tp zone? How would i go about setup with ppp0 as my WAN interface as opposed to eth0 as in the exa...

...error problem: Validating interfaces file... ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2 The shorewall interface file: net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians P.S. I tried to remove norfc1918 from interface eth2 that can successfully startup shorewall. Thx --------------------------------- Yahoo! 網上安全攻略，教你如何防範黑客! 了解更多 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft...

...expected behavior in this configuration? I just want to make sure Im not missing anything because I''ve seen some weird stuff happening. Here''s my /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect tcpflags,nosmurfs,routefilter,logmartians loc eth1 detect dhcp,tcpflags,nosmurfs,logmartians loc vlan2 detect dhcp,tcpflags,nosmurfs,logmartians And /etc/network/interfaces: # eth1 - local lan segment (gigabit) auto eth1 iface eth1 inet static address 10.5.1.1 netmask 255.255.255.0 # VLAN 2 - VoIP network a...

...with 10 Mbps. - isp2 : a DSL provider with 15Mbits/1Mbits. We use isp2 as the default outgoing provider. The isp1 provider is used for "critical" services (SSH...) and for incoming connections (VPN...). Our interfaces file : ======================== isp1 eth0 detect logmartians,nosmurfs,routefilter=0,tcpflags isp2 eth1 detect logmartians,nosmurfs,routefilter,tcpflags ======================== Here is our providers file: ======================== #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY isp1 1...

...aces (ADSL0) to provide traffic to/from our lan, one of the interfaces to provide vpn access to our lan, and one of the interfaces to support a small dmz with a handful of servers. I have set Shorewall up with the following interfaces: net eth0 detect tcpflags,routefilter,nosmurfs,logmartians,blacklist vpn eth1 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist dmzo eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist vpnre tun0 detect lan eth3 detect tcpflags,detectnets,nosmurfs dm...

...am having trouble to integrate the "docker0" bridge it creates on the fly into my shorewall setup (version 4.5.16.1) on debian testing. IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces has an entry like so, > doc docker0 tcpflags,nosmurfs,logmartians,bridge,routeback,optional and "policy" like so >doc net ACCEPT However, when firing up an container and trying to acces the web, "shorewall logwatch" is giving me entries like >doc2net:REJECT:IN=docker0 OUT=eth0 PHYSIN=veth3sm8hc SRC=172.17.0.7 DST=192.168.100...

...outputs), using the following: /etc/ppp/ip-up.d/mobile: #!/bin/sh /sbin/shorewall restart fi (Refer: http://sourceforge.net/mailarchive/message.php?msg_id=19774645 ) /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - tcpflags,logmartians,nosmurfs /etc/default/shorewall: startup=0 wait_interface="ppp0" ----------------------- What I''m wanting to do: ----------------------- I want to configure Shorewall to work with my ppp0 and wlan0 connections. I will use one or the other connection at a time, but I will only...

...actions now invoke the new standard action ''AllowICMPs''. This new action accepts critical ICMP types: Type 3 code 4 (fragmentation needed) Type 11 (TTL exceeded) 2) Explicit control over the kernel''s Martian logging is now provided using the new ''logmartians'' interface option. If you include ''logmartians'' in the interface option list then logging of Martian packets on will be enabled on the specified interface. If you wish to globally enable martian logging, you can set MARTIAN_LOGGING=Yes in shorewall.conf. 3)...

Hi, In log I get: ----------------------------------------------------------- Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0 ---------------------------------------------------------- Even in /etc/shorewall/rules I have

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

Hi, I am trying to get L2TP roadwarrior VPN working from http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP but i am making a mistake somewhere, appreciate a fresh set of eyes to help. I have the following interfaces: ppp0 - interneteth0 - local networkrem - client openvpnl2tp - ppp for lt2p clients I am getting the following error logged when trying to connect into the server with L2TP from a remote

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m running Shorewall 4.4.0/Debian Lenny and I''m trying to setup OpenVPN with a mild degree of success so far. My ultimate end goal is to basically have an extension of my home lan to my laptop as well as my wife''s when we are away from home, and have all of my normal network resources available as if I were sitting at home

...all is V3.0.5 on server A and V3.0.7 on server B. The Shorewall configuration files for server A are shown below. If anyone can cast any light on this, or even suggest a troubleshooting approach, I''d be very grateful. interfaces: net eth0 detect tcpflags,routefilter,nosmurfs,logmartians net eth1 detect tcpflags,routefilter,nosmurfs,logmartians loc eth2 detect tcpflags,detectnets,nosmurfs loc ppp+ vpn tun0 masq: eth0 eth2 192.168.2.1 eth1 eth2 192.168.3.1 policy: loc net ACCEPT $FW net ACCEPT $FW loc ACCEPT $FW vpn ACCEPT vpn $FW ACCEPT vp...

...TC_BITS= PROVIDER_BITS= PROVIDER_OFFSET= MASK_BITS= ZONE_BITS=0 IPSECFILE=zones ---------------------------------------------------------------------- /etc/shorewall/interfaces ---------------------------------------------------------------------- sdsl   eth1   dhcp,tcpflags,routefilter,nosmurfs,logmartians,optional free   eth2   dhcp,tcpflags,routefilter,nosmurfs,logmartians,optional #ovh   eth3   dhcp,tcpflags,routefilter,nosmurfs,logmartians,optional loc    eth0   tcpflags,nosmurfs,routeback vpn    tun0   tcpflags,nosmurfs ---------------------------------------------------------------------- /et...

...OPTIONS > casp ppp0:1.2.3.4 ipsec > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE /etc/shorewall/interfaces: > #ZONE INTERFACE BROADCAST OPTIONS > net ppp0 detect tcpflags,dhcp,routefilter,nosmurfs,logmartians > loc eth0 detect tcpflags,nosmurfs,dhcp > dmz eth1 detect > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/masq: > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK > ppp0...

Hi, I have a multi-isp configuration both on ppp interfaces. As one of them is 32Mbit/s and the other is 8Mbit/s , I have a weight setting of 4 to 1 as in the following providers file entries: vdsl 1 0x10000 - ppp1 - track,balance=4 adsl 2 0x20000 - ppp0 - track,balance=1 I would also like to have fallback between them so that if one is

Hi, I configured some ha services using heartbeat, I have this on my log: Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: Unable to send bcast [-1] packet: Operation not permitted Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: write failure on bcast bond1.: Operation not permitted how allow broadcast only on some interfaces with shorewall? attacched is shorewall status Thanks Nicola

...nternet i get a connection time-out on port 3299 by the saprouter My shorewall interfaces configuration is: ZONE INTERFACE BROADCAST OPTIONS loc eth3 detect routeback net eth0 detect routefilter,tcpflags,logmartians,nosmurfs where eth0 is world zone (i.e: 191.99.200.0/24) and firewall public IP address is: 191.99.200.50 and eth3 is local zone (i.e. 10.0.0.1) with firewall internal IP address is: 10.0.0.200 and saprouter internal server is: 10.0.0.60. in rules file i have a dnat row like the following: ACT...