search for: maclist

First off, I want to say that everyone on this list is great. So heres what I want to do..I have a maclist setup with all my users (roughly 400). There are constantly people leaving (deleting their accounts which removes their MAC address) and registering for internet access ( I have a php webserver that registers them, adds them to the maclist, and allows them on the net). Is there a way to force the...

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP ADDRESSES (Optional) eth0 00:30:4F:1...

...em there. Regards, Alex Martin http://www.rettc.com Cristian Valentin Barean wrote: > Hello ! > My name is Barean Cristian, and I have a network of 35 users, on a > Linux Mandrake 9.2 server. > As I was adding more users in my network, I found a problem with the > maclist. From n ip-macs in the maclist, shorewall is processing only n-1. > And the nat address to address does''n work, or at list I coudn''t make it > work. > > Thanks! > > Cristian Barean > > _______________________________________________ > Sho...

Hi, I want to automate some of the maclist and rule functionality: User connects to the network and gets a DHCP address from the shorewall box. Using squid and redirection, all the user can do is go to a login page on the firewall User logs in correctly to the form on the webpage and a process captures MAC and IP address info from the dhcp...

how to make this work, its seem to me that netfilter is changed more or less someplaces that shorewall do not support, using 4.4.27 shorewall and shorewall6 suggestion welcomed ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99!

> Yes -- just leave the setting of MACLIST_DISPOSITION=REJECT and any request > from interfaces with the ''maclist'' option will be rejected if there isn''t a > match found in the maclist file. I have wrote some IP''s and MAC''s from my network, for example : #INTERFACE MAC...

It is working very good :) Thank You. I only need to write Interface etho in maclist file. My MAC addresses don''t neet the ~ in front of. Thanks ! Maciek -- ---- Oferta jakiej jeszcze nie by³o! Serwer www 60 MB za 99 z³ rocznie Szczegó³y: www.oferta.alpha.pl ----

...e mac address without the ip and not worked too ... then in the meantime, i recompiled the kernel, checked everything and just realized it''s one of two, a shorewall problem or my configuration of shorewall :) i added the mac addresses of the bridge''s eth0 and eth1 to the eth2 maclist and it works ! weird it works, but everybody can access the internet, including clients that dont have macs listed ... here is what i think: 1 the package comes throuth eth2 going to eth0. 2 the firewall sees it is going to internet and do an snat on lt to mascarade my internal net and changes...

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=infointerfaces:#ZONE INTERFACE BROADCAST OPTIONSnet ppp0 217.96.90.242 nopingloc eth0 255.255.255.0 routestopped,maclistmaclist:#INTERFACE MAC IP ADDRESSES (Optional)eth0 00:30:4F:19:73:0C 192.168.1.2 et...

Hi, I have a few problems with my shorewall configuration. First of all, the option maclist seems no to be recognized. I have this: ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#'' - eth1 detect dhcp,tcpflags,routefilter loc eth0 detect tcpflags,maclist When I look at shorewall-init.log, I found out: ghos...

Hi, At the moment I am controlling my LAN client access to the Inet by their MAC address. Currently I am putting their MAC address in the rules file - now the number of the PC that I want to manage is getting more and more and it is not practicle to do this way anymore. My question is, how can I have their MAC address in other separate file? Regards http://www.debian.org/consultants/#Malaysia

hi there. There are approx. 400-500 users in our network and we plan to insert all their MAC addresses into maclist and bind them together with IP address. My question is whether shorewall is able to process that much of MAC addresses without slowing the the network speed performance? thanks for your time. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site...

...VAE: 6.23.0.2; VDF: 6.23.0.19; host: gateway.shorewall.net) X-WP-ChangeAV: 0 X-WP-AntySpam-Rezultat: NIE-SPAM Hello, I have added to blcklist 4000 ranges of ips (ipfilter from emule). In intercafes file: net ppp0 217.96.90.242 loc eth0 255.255.255.0 blacklist,dhcp,maclist but now my dhcp dont work coretly:( It have started but doesn''t give any information to computers in my network, but I can in each computer write IP, gate and mask myself and then it is working correctly. I thought that balcklist option should be last: dhcp,maclist,blacklist but also don...

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

...te to remove the rules added earlier. The result of this change will be that during most of [re]start, new connections will be allowed in accordance with the contents of /etc/shorewall/routestopped. 3) The performance of configurations with a large numbers of entries in /etc/shorewall/maclist can be improved by setting the new MACLIST_TTL variable in /etc/shorewall/shorewall.conf. If your iptables and kernel support the "Recent Match" (see the output of "shorewall check" near the top), you can cache the results of a ''maclist'' file looku...

...e (dmz). i tried all the following combinations in the interface and host files: interface: - eth0 - (variante 1) - eth0 192.168.0.255,255,255,255,255 (variante 2) - eth0 192.168.0.255,!192.168.0.255 (variante 3) hosts: dmz eth0:192.168.0.0/24 maclist net eth0:0.0.0.0/0 norfc1918 (variante 1) net eth0:!192.168.0.0/24 norfc1918 (variante 2) net !eth0:192.168.0.0/24 norfc1918 (variante 3) the documentation say that its possible to build the composition of an interface (!eth0), a network !(192.168.0.0) and ... if i...

I want to run dhcp and shorewall on the same computer.It is my gateway and that computer doing NAT for my network.How can I set up shorewall to let only users that get theire static ip address via dhcp, not to let users that had static address.

Hi: According to http://www.shorewall.net/Documentation.htm#Interfaces there is one recommendation for internal interface but wireless Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs a recommendation for wired internal interface?(100 win32 clients) I use tcpflags,detectnets thanks

hi, if i would like to use ulog (in order to split netfilter messages from other kernel messages), than i have to set all loglevel to ULOG? and then is there any way to define diferent loglevel for eg. maclist? thanks in advance. yours. ps. it''s a bit confusing that all loglevel parameter name is LOG_LEVEL except BLACKLIST_LOGLEVEL:-( -- Levente "Si vis pacem para bellum!"

...port added. c) Willing to devote enough time to help develop and debug the Shorewall bridge code. Also willing to put up with the instability associated with alpha-level software. The current version of the code supports: 1. Defining a zone in terms of a bridged interface. 2. Allowing ''maclist'' verification on traffic from a bridged interface. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net