search for: net2loc

...oes not work...shorewall crashes upon restart: [root@firewall ~]# service shorewall restart Restarting shorewall: iptables v1.3.0: log-level `none'' unknown Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -A net2loc -p tcp --dport 6981 -j LOG --log-level none --log-prefix "Shorewall:net2loc:DROP:"" Failed /etc/init.d/functions: line 83: 3350 Terminated $nice $* [FAILED] Am I reading this totally wrong, or is this a bug?...

...192.168.1.109, so I set ORIGINAL DEST is 202.1.2.3 but when I restart it show error: iptables v1.2.11: invalid TCP port/service `210.0.214.212'' specified Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -A net2loc -p tcp --sport 202.1.2.3 -d 192.168.0.109 --dport 25 -j ACCEPT" Failed Processing /etc/shorewall/stop ... WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables IP Forwarding Enabled Processing /etc/shorewall/stopped ... Terminated Rules for smtp:...

...is I did not change anything. So here is what I have done, I ran tcpdump to make sure packets are reaching server which they are. There is no shorewall items in logfile to show block. I then did shorewall dump, which shows the iptables counts. The thing that looks funny is the packets are going to net2loc and eth1_fwd, instead of net2fw and eth1_in. Attached is my shorewall dump. Thanks, Brian

My Shorewall server /var/log/messages only have loc2fw, net2fw, I want display net2loc, how can do that? Thank _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make you...

Hello! We''re using Shorewall 1.4.2 and running into an interesting problem when we try to enable logging of traffic that netfilter classifies as "related" to an existing connection: there doesn''t seem to be a way to do it. Places where we''ve run into this problem are: (1) Attempting to log individual active or passive FTP data connections separately from

...in mind, resetting the counters at intervals of 1 or 2 hours, I''m thinking of writing a perl data collection script that would parse the output of iptables and store data into an sql database with a timestamp and reset the counters for the in and out chains of the firewall (dmz2net loc2net net2loc net2dmz for example) After that, it''s just a question of querying collected data from the sql database using built-in stat functions. I''m assuming that the byte counters are correct, is there something I''m missing? This would be a great add-on to shorewall, no? Any fe...

...s? (like web mail etc?) ? web and it''s work ? Are you masquerading the clients behind your firewall? ? the masquerading I do in the firewall ? Does your logfile report anything when you try to ping from your local network to a public ip? ?? yes, but only from loc2net and nothing from net2loc ? cat /var/log/messages (cat /path_to_log_dir/messages) ? Best Regards, ? Kenneth. ? -----Opprinnelig melding----- Fra: shorewall-users-bounces@shorewall.net [mailto:shorewall-users-bounces@shorewall.net] P? vegne av Marta Jara Sendt: 8. januar 2003 17:29 Til: kenneth.grande@aspit.no Kopi: shorewa...

...0.0.0/0 0.0.0.0/0 490K 69M loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 302K 170M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 122K 70M net2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 180K 100M net2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 299K 333M dynamic all -- * * 0.0.0.0/0 0.0...

....210.36.92 DST=68.57.216.61 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=50625 DF PROTO=TCP SPT=8753 DPT=21 WINDOW=64512 RES=0x00 SYN URGP=0 From shorewall check : Validating rules file... Rule "DNAT net loc:192.168.1.2 tcp 21 21 " checked. Validating Actions... From iptables -L Chain net2loc (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere 192.168.1.2 tcp spt:ftp dpt:ftp net2all all -- anywhere anywhere From what...

...state INVALID,NEW 0 0 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 34 15323 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 34 15323 net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 net2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 65 8740 dynamic all -- * * 0.0.0.0/0 0.0...

...0.0.0/0 0.0.0.0/0 490K 69M loc2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain eth1_fwd (1 references) pkts bytes target prot opt in out source destination 302K 170M dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 122K 70M net2loc all -- * eth0 0.0.0.0/0 0.0.0.0/0 180K 100M net2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain eth1_in (1 references) pkts bytes target prot opt in out source destination 299K 333M dynamic all -- * * 0.0.0.0/0 0.0...

Hi, I have a cisco sdsl modem to connect to internet via eth1 (192.168.1.2) local is eth0 (192.168.2.254) default gw is 192.168.1.1 the cisco forwards all incoming ports to 192.168.1.2. I connect from outside on port 24562, login is successfull, the ftpserver gives back the external Ip of the cisco as pasv IP to the client (its a setting in the ftpserver). It gives an ip from the pasv range I

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

...tion 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 rfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 net2loc all -- * eth1 0.0.0.0/0 192.168.10.0/24 0 0 net2loc all -- * ppp+ 0.0.0.0/0 192.168.10.0/24 0 0 net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target pr...

...7 949 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 17 949 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 611 85305 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 618 85948 net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 63 8700 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 63...

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

...references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 rfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 6 312 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT u...

...ytes target prot opt in out source destination 35 1800 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 35 1800 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 net2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0 42 2332 net2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0 Chain eth0_in (1 references) pkts bytes target prot opt in out source destination 102 6434 dynamic all -- * * 0.0.0...

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

...4 240 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 nobogons all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 4 240 net2loc all -- * br0 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out eth1 0 0 net2all all -- * br0 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tap+ Chain eth0_in (1 references) pkts bytes target prot opt in out...