search for: multiple_zones

I''ve created a new document that discusses creating multiple zones accessed through a single firewall interface. See: http://shorewall.net/shorewall_quickstart_guide.htm Comments and corrections are welcome. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

And it looks like there''s a bug. I have a "firewall" with a single ethernet interface that splits into a network zone and a local zone and as a consequence I have a hosts file with the following in it: net eth0:!192.168.0.0/24 loc eth0:192.168.0.0/24 When I run shorewall start, I get an error, running in debug mode and capturing the output give me: + run_iptables -A

Hello I''m new to the list. I installed a vserver (http://www.linux-vserver.org/) on my gentoo server As network interface is used an alias (eth1:0) eth1 is the card of my "loc" zone. eth1:0 has an address from the same subnet from the vserver I can connect to eth0 but not to the internet. From my local net everything works fine. I have an entry in "mask" for eth1

Hi, I have a shorewall v4.0.7 installation on an older version of fedora. What is the proper way to add another network to the DMZ interface? Is it through virtual networks? If so, how is that done, given I''ve already designed the system around a single network on the DMZ? I have two physical interfaces on the firewall, with eth0 for external (192.168.1.0) and eth1 for the DMZ

Via creative use of the instructions at http://shorewall.net/Multiple_Zones.html#id2497549. But can a zone (in shorewall/interfaces) reference multiple interfaces? I have two openvpn instances running on my server, one bridged (for upstream access to some client vpn''s so I don''t have to request the clients add new subnets to their routing tables) and on...

I have a DMZ (eth2: 10.0.100.0) and a LOC1 (eth0: 10.0.0.0) defined on my firewall. On one of the port on the switch serving LOC1 I have now a router and a switch feeding a bunch of computers with net=10.0.200.0. While I have defined a route to reach LOC2, I would like to define also a specific zone in order to assign different rules to it. Is it possible ? if yes, what is the syntax of the

...working networks.... this is just how it is. I''ve set the IPMI IP on the backup server to 192.168.10.4, and created a virtual interface (eth0:1) on the admin machine with IP 192.168.10.1. But after following the Multiple Zones Through One Interface instructions (http://www.shorewall.net/Multiple_Zones.html) Shorewall simply blocks all traffic. What could be wrong/ is there another way that actually works? ------------------------------------------------------------------------------ Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them....

i ask here after give up reading and following all the documentation.. i got 3 nic eth0:222.222.222.222 netmask:255.255.255.252 gateway:222.222.222.221 eth1:10.10.10.254 netmask:255.255.255.0 gateway:blank eth2:10.10.11.254 netmask:255.255.255.0 gateway: blank i''m running redhat9, and shorewall2.2.2 eth0 connected to dsl modem ( static ip ) eth1 connected to d-link router ( for

Hi I''m using shorewall 2.1.10 on redhat 9 .. The machine have 2 network card eth1 inside network and eth0 internet(router) I define a static route on the linux system ( route add..) to another router But when I try to ping to the host/router I get "fw kernel : shorewall: forward: reject: in eth1 out=eth1...." Eth1= 192.168.220.254 Route add -net 192.114.122.111 netmask

We switched over from a bordermanager firewall to a shorewall firewall. Some stuff is not working now. I realized that I had not created the route for the network that is not working however once I created it, it still didn''t work. Most of our network is fine however some pieces are not working. [Net] - [Shorewall] - [LAN] - [Cisco] - [Clients and servers not working] The firewall

hi, suppose i have firewall with an ethernet interface eth1 for the internal local zone, but in the local zone i have a router which connected to some external offices internal lan. the external office has no other net access just through this line. in orther to be able to define rules and filter the traffic, the router internal interface should have to be in different network then the local

Following link is the question: http://tndo.no-ip.com/~wilson/separate.gif The cisco route already set static route from lan2 to shorewall, how can I set Shorewall route to lan2? Thank. _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk

hello Tom >Another very likely cause is that Shorewall-shell is generating a pkttype >test to identify multicast packets. This can be unreliable and can be >avoided by setting PKTTYPE=No in shorewall.conf. After using PKTTYPE=No in shorewall.conf , my syslog is clean now. Do you mean that adding the following line in /etc/shorewall/interfaces is suffiscient? dmz eth1

Hi Folks! I''m new to shorewall (in the process of switching from Bastille), and I have a question as to how to address using Bluetooth enabled Palms with a BT dongle on a linux box protected by shorewall. Basically I followed the directions located at http://www.metacon.ca/bcs/view.php?page=bluetooth to get things working strictly with iptables, specifically: echo

hello need a little help i have 2 NIC router with shorewall client PCs goes to internet fine with shorewall help. but i need to reroute traffic for one net via other gateway not ISPs. Gateway is on LAN NIC. 192.168.1.0/24 LAN x.x.x.x WAN router(shorewall) IP 192.168.1.15 i need to reroute traffic for 192.168.2.0/24 network to 192.168.1.1 gateway I know how to do it via route and iptables, bu just

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

Hello....I have a specific Requirement on a One Interface Setup...Help me guys 1.Allow ssh,dns and web request to the firewall.....Input Chain ACCEPT net fw tcp 22 ACCEPT net fw udp 53 ACCEPT net fw tcp 80 Are the above rules correct. 2. Allow 6 Pool of Ip''s to be forwarded thru this firewall....This Machine Stands as a gateway for 6

Hello all, What I am doing seems fairly straight forward to me, I just am not sure how to put it into Shorewall''s config files. Here is what I have: I have a single router that takes 5 public IP addresses and routes them to internal IP addresses. In the past, I had control over that router and could port filter at the router, forwarding only the traffic I wanted. However, now, I

I just setup the Shorewall in my school, but now all clients can''t through to internet, all servers can through to internet with NAT, when I disabled NAT that all servers can''t through to internet. Below is my school network: internet ---> shorewall ----> loc ---> ciso router ---> loc1 Below is my config files: policy: # If you want to force clients to

I use since a lot of time a "classical" two-interfaces setup, with the net interface connected to an ADSL modem in half-bridge mode, which receives a public IP from the ISP and gives it to the Linux net interface; the lan interface has the 192.168.30.0/24 class. Now I need to change this setup, because my new ISP (that will switch soon to a FTTS VDSL2 connection) sent me a VDSL2