search for: net2fw

...have the following interfaces: ppp0 - interneteth0 - local networkrem - client openvpnl2tp - ppp for lt2p clients I am getting the following error logged when trying to connect into the server with L2TP from a remote machine (203.111.228.2). Jan 19 16:20:21 router kernel: [114176.615448] Shorewall:net2fw:DROP:IN=ppp0 OUT= MAC= SRC=203.111.228.2 DST=2.49.2.193 LEN=412 TOS=0x00 PREC=0x00 TTL=107 ID=15353 PROTO=UDP SPT=500 DPT=500 LEN=392 MARK=0x100 I have attached a dump file. Greatly appreciate the help. Thanks, Chris --------------------------------------------------------------------...

Hi I am having a problem with a DNAT rule where the packets being REJECT''d: DNAT:info net priv:192.168.6.15 udp 5060 With the following appearing in the log: Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT= MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25 DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000 PROTO=UDP SPT=5060 DPT=5060 LEN=609 Mar 6 11:59:34 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT= MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=7...

...ngle card standalone "firewall" (used like a "personal firewall"). Have sshd running on the FW. Want the sshd daemon to be accessible only from 2 LANs: 1) My other home LAN machine 2) IBM intranet machines (9.0.0.0) Whatever I have tried if the rule is written like Any2FW or Net2FW it works but IBM2FW does not (the net2all chain is hit with it''s DROP action). Here follows my FW status. Thank you very much for any help, Bob Alexander > Shorewall-2.2.3 Status at t40 - Wed May 25 18:10:00 CEST 2005 > > Counters reset Wed May 25 18:04:14 CEST 2005 > &...

log message : Jun 21 17:22:04 antares kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:04:23:b6:f4:68:00:0f:cc:0c:55:00:08:00 SRC=213.41.177.48 DST=192.168.1.11 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=23492 DF PROTO=TCP SPT=50859 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 The server listening on 192.168.1.11 port 80 receives nothing. Is there any explanation?????...

My Shorewall server /var/log/messages only have loc2fw, net2fw, I want display net2loc, how can do that? Thank _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrate...

Hi all: Sorry for my ignorance but I don't understand these log entries: Feb 25 04:18:24 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e: 00:12:da:a4:14:bf:08:00 SRC=95.211.197.1 DST=81.166.42.2 LEN=60 TOS=00 PREC=0x00 TTL=120 ID=1036 PROTO=255 MARK=0 Feb 25 04:18:25 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e: 00:12:da:a4:14:bf:08:00 SRC=95.211.197.1 DST=81.166.42.2 LEN=...

I have a fedora 3 with postfix and apache apache is ok, webmin is fine, etc no 25 or 110 ? kevin Jan 4 15:47:13 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:06:29:33 :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=33681 PROTO=TCP SPT=57621 DPT=25 WINDOW=2048 RES=0x00 SYN U RGP=0 Jan 4 15:47:20 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:06:29:33 :e8:7e:00...

...here is what I have done, I ran tcpdump to make sure packets are reaching server which they are. There is no shorewall items in logfile to show block. I then did shorewall dump, which shows the iptables counts. The thing that looks funny is the packets are going to net2loc and eth1_fwd, instead of net2fw and eth1_in. Attached is my shorewall dump. Thanks, Brian

hi all, shorewall claim that support stateful connection. But I read the document, I can''t found any configuration on it like in iptables e.g. -m -state NEW, ESTABLISHED something like like. Is shorewall by default is staeful connection for any connectione.g. web, http

...* 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 0 0 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 16605 23M tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 home2fw all -- * * 192.168.174.242 0.0.0.0/0 16607 23M net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain home2fw (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * *...

Hi, I have a very simple server setup, using shorewall as my firewall. I have a line like this at the top of my rules file to allow ssh connections, but limited to 3 connection per minute with a burst rate of 3: SSH/ACCEPT net $FW - - - - 3/min:3 - Now when I have that in place, and from a remote machine run scp server:/some/file ., I find

...es) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 0 0 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dropBcast (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 DROP...

...one I can hear audio from my cell phone on the home phone speaker, but not the other way. 3. If I dial in from my cell phone, I cannot hear audio from either direction. I watched /var/log/messages, and occasionally I would see a packet dropped similar to this: Oct 27 11:20:56 fw kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:a0:c9:1a:fa:5c:00:01:5c:24:29:c2:08:00 SRC=24.64.26.203 DST=67.164.192.73 LEN=512 TOS=0x00 PREC=0x20 TTL=66 ID=56131 PROTO=UDP SPT=24850 DPT=1028 LEN=492 Oct 27 11:22:49 fw kernel: Shorewall:net2fw:DROP:IN=eth0 OUT= MAC=00:a0:c9:1a:fa:5c:00:01:5c:24:29:c2:08:00 SRC=24.64.5...

Lables: Gateway = 209.5.171.65 Netmask = 255.255.255.192 Eth0 = net = 209.5.171.66 Eth1 = loc = 192.168.0.1 There is no NAT clients, in essence loc is dmz. I can rename loc to dmz if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126 Problem: Using the Shorewall Action AllowFTP does not result in desired behavior when connecting from Internet to machines behind firewall in DMZ. From

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Hi My situation: I have two pc''s with public ip''s (192.159.56.206(webserver) and 84.196.123.65(mail-gateway)) in the dmz. The firewall (84.196.123.66) is configures with proxyarp, so nothing is changed on the pc''s from when they were not behind the firewall (i.e. they don''t have the firewall as gateway (and they each have different gateways, only 84.196.123.65

...y of REJECT causes ICMP port unreachable packets to be returned. On the system where you are seeing this problem, is there perhaps a blank= et DROP rule for net->fw UDP? You might try resetting the Shorewall counters (shorewall reset) then run nmap and look at the output of "shorewall show net2fw" to see which rules the packets are matching. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ------------------------------------------------------- --=20 Tom Eastep \ Shorewall - iptables made easy...

...a port but no protocol cause startup errors similar to the following: iptables v1.3.3: unknown protocol `1194'' specified Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/usr/sbin/iptables -A net2fw -p 1194 -s 0.0.0.0/0 --sport 1194 -j ACCEPT" Failed The problem may be worked around by specifying the protocol as well (e.g., "openvpn:udp:3455). There is also a corrected ''firewall'' file available in http://www1.shorewall.net/pub/shorewall/2.4/sh...

Please, help me. Can i forbid and how any outgoing traffic (ping,trace) to rfc1918 networks on my external interfaces? Thank you very much. Aleksandr -------------------- Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер, ноутбуков и PDA. Гарантия минского сервисного центра.