search for: netfilteroverview

...efore written a brief description of how packets are processed by Netfilter in the hopes that the description will allow you to study the output of "shorewall status" if you have an interest in learning more about Netfilter and Shorewall. The paper may be found at: http://shorewall.net/NetfilterOverview.html Feedback is welcome. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi, I''m trying to use shorewall for a RAS dialup solution We have networks we need to connect to with the same ranges internally (i.e. 2 separate users with a 192.168.0.0/24 range). We connect to these via a pptp tunnel (or isdn) The problem we have is that we need to access these networks all the time, so allocate them a range from our internal range. This will then be NATed to the

hi, is there any reason why there is no such thing as ADD_DNAT_ALIASES in shorewall.conf or in rules (or am i just missed it)? i think about it like in masq file if the masquaraded outgoing interface is different from the default firewall intyerface than i can use ip:<digit> where the digit is the alias number. since dnat is in the rules it can be used from there. eg: if would like to dnat

Hello Shorewall users, I have some questions I am hoping someone can answer. I have searched around the archives but so far I have been unable to find answers. I am trying to configure traffic shaping on my router/firewall box running Shorewall 3.0.5/kernel 2.4.31 and have run into some problems/questions. My basic set up is: 1500/256kbit ADSL (PPPoE/ppp0) -> Shorewall box

...estination MAC address to place on the outgoing interface, assuming it is ethernet? If I have things straight, this packet will never see the routing stack again and so a gateway cannot be designated? (The older iptables -j ROUTE allowed designation of a gateway) If this: http://www.shorewall.net/NetfilterOverview.html ...is right there is no swat at mangling/rewriting post-qdisc? I''m guessing "that''s a job for IMQ"? 2) If I have things straight again, it is not necessary to involve iptables to do this. The method cited in the few examples on the net about doing this use fwmark....

I recently setup shorewall on my freshly rebuilt router box. I setup transparent proxying using transproxy/dansguardian/privoxy/squid. My current rules for the redirect are: REDIRECT loc 81 tcp www - !192.168.100.0/24 ACCEPT fw net tcp www How do I set this so that all the request are redirected except for requests FROM a certain machine (192.168.100.11)? I

Everyone, Progress was slow today. I started out well, but then I ran into Documentation.htm. Progress slowed considerably, as I analyzed the document structure. I''m up to /etc/shorewall/hosts Configuration. I hope to finish Documentation.xml by tomorrow evening. Converted documents: 6to4.xml CorpNetwork.xml FAQ.xml Please post feedback, if you see any problems with the converted

I''m havign a HUGE amount of difficulty getting shoreline to work with LVS. We use it here constantly so we know it works. The problem is packets come in, get directed to a webserver, webserver returns the packet to firewall, and then it goes into a black hole. rp_filter is off globally on all interfaces. LVS seems to be working right.... I use shorewall tcrules to mark packets on

...ter spending a good few hours looking for answers (and learning a lot about shorewall and packet filtering in the process!). My inexperienced eye, looking at the status logs, seems to think that the pings get as far as the two PREROUTING chains (Mangle and Nat) as described in http://shorewall.net/NetfilterOverview.html. Then it appears they get lost somewhere around the "routing decision" because there aren''t any other packets recorded in the status log for any other chains. Here are my details: trevor:/etc/shorewall# shorewall version 2.0.8 trevor:/etc/shorewall# ip addr show 1: lo: &...

Hi, I have a few questions about the inner workings of netfilter (a graphical layout of my network setup @ https://aequorin.homeunix.net:62389/local/media/network-graph.png) 1) These are the syslog entries for some simple connection tests. Shorewall/netfilter has been set to record all stateful connections SSH is recognized as phys(eth0) -> $FW traffic. This is because PHYSIN is

Hello guys, I past the last days trying to configure my shorewall 4.06 firewall to allow openvpn bridging connection. My scenario is the following: roadwarrior (openvpn client) -------------> Internet ------------> (X.Y.W.Z - eth0) Firewall/Gateway (10.x.x.254 - eth1) --------> Local Lan -------> OpenVPN Server (10.x.x.249 - br0) where 10.x.x.0-254 is my private lan X.Y.Z.W is