search for: nobogon

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi, I''ve a little problem, I hope so.. First a hint, I haven''t a static IP - Adress and so I used a dyndns Provider. In DMZ runs a sftp server. It should accessible from net. My router is forwarding the traffic from port 22 to the machine in DMZ. Now, in basic installation I have rfc1918-dropping configured by net interface. My problem: If rfc1918 dropping is on I

...roblem on the broadcast it is adding some additional route to the router which caused me some problem... Below is my /etc/shorewall/interface swtmng1 eth0.1 202.73.10.127 norfc1918 apmng1 eth0.10 202.73.8.7 norfc1918 dist1 eth0.1000 202.73.11.255 norfc1918,nobogons idc1 eth2.50 202.73.10.255 norfc1918 net eth3 203.115.208.143 norfc1918,blacklist,nobogons dmz eth4.4000 202.73.10.63 norfc1918 loc eth5 dhcp,routeback,blacklist And This are the netconfig that I have. eth0.1 202.73.10.65 broadcast 202.73....

....1.x connected via eth3 go out on my zones file is below # loc - connection to the internal network loc eth0 detect dhcp # dmz - connection to the dmz dmz eth3 detect # net2 - dsl line 2 for dmz connections net2 eth4 detect norfc1918,nobogons,blacklist,tcpflags,nosmurfs # net - dsl line 1 for loc connections net eth2 detect norfc1918,nobogons,blacklist,tcpflags,nosmurfs I''ve got a nat setup for the computer sitting on the dmz at 10.2.1.10 and I''m able to get to and from it as required. I th...

hi all, shorewall claim that support stateful connection. But I read the document, I can''t found any configuration on it like in iptables e.g. -m -state NEW, ESTABLISHED something like like. Is shorewall by default is staeful connection for any connectione.g. web, http

.../o recompiling kernel/iptables). Connmark Match: Not available Raw Table: Not available [root@k9-66 root]# 2, 2.1 and 2.2 I plan to implement via bash script (not a topic to discuss here :-). Finally, I think my /etc/shorewall should be like that: - interfaces: svr eth1 detect norfc1918,nobogons,routefilter,blacklist,tcpflags, routeback,nosmurfs ogo eth2 detect norfc1918,nobogons,routefilter,blacklist,tcpflags, routeback,nosmurfs loc eth0 detect tcpflags,nosmurfs - masq: eth1 eth0 eth2 eth0 Using the above masq file means that PBR...

Hello, when I execute "shorewall hits" command I find this stats: HITS IP DATE ---- --------------- ------ 92099 192.168.0.2 Nov 24 7764 59.104.107.85 Nov 23 3997 192.168.1.77 Nov 24 337 181.50.93.89 Nov 23 331 59.104.156.68 Nov 23 315 99.109.157.73 Nov 23 301 190.225.157.40 Nov 23 275 179.153.183.53 Nov 23 268

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

...39;]'' + echo ''# '' + read first rest + ''['' xloc = xINCLUDE '']'' + echo ''loc eth1 detect dhcp'' + read first rest + ''['' xnet = xINCLUDE '']'' + echo ''net eth0 detect norfc1918,nobogons'' + read first rest + ''['' xnet = xINCLUDE '']'' + echo ''net eth2 detect norfc1918,nobogons'' + read first rest + ''['' x# = xINCLUDE '']'' + echo ''# '' + read first rest + ''['...

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

...Also, now WHM can`t get news from cPanel server! Also, now I can`t resolve IP addresses with PHP scripts, I can`t get who is host, only numbers.... POP3 work fine.... In shorewall.conf I have: IP_FORWARDING=Off ROUTE_FILTER=Yes In "/etc/shorewall/interfaces": net eth0 detect norfc1918,nobogons,blacklist,nosmurfs In "/etc/shorewall/rules": ACCEPT net fw icmp 8 ACCEPT net fw tcp 20 ACCEPT net fw tcp 21 ACCEPT net fw tcp 22 ACCEPT net fw tcp 25 ACCEPT net fw tcp 53 ACCEPT net fw udp 53 ACCEPT net fw tcp 80 ACCEPT net fw tcp 110 ACCEPT net fw tcp 143 ACCEPT net fw tcp 443 ACCEPT...

...all/shorewall-2.0.1/ ftp://shorewall.net/pub/shorewall/shorewall-2.0.1 and will be appearing shortly on a Mirror near you. New features include: - Support for bridge/firewalls. - Support for NETMAP - Support for the -x iptables option - norfc1918 option now broken into two options: norfc1918 and nobogons The release notes are available on-line at: http://www.shorewall.net/pub/shorewall/shorewall-2.0.1/releasenotes.txt -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Is my RFC1918 file obsolete? I have been assigned an ip in the 83.0.0.0/8 range, and of cource a lot of Shorewall systems drop me with a RFC1918 error. So, is my ISP actually giving me a RFC1918 IP, or am I missing something? .

I have been using shorewall and freeswan successfully for 3 or more years now. But they have all been using the Linux 2.4 kernel. My current configuration is (as the title suggests) using SuSE 9.1 which has a 2.6.5 kernel and freeswan 2.0.4 built-in. After much reading and a lot of trial and error, I did get this combination to work with Shorewall 2.0.9. It is happily talking to an older Mandrake

...#39;s my shorewall configuration: Hosts #ZONE HOST(S) OPTIONS loc br0:eth1 road br0:tap+ #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE Interfaces #ZONE INTERFACE BROADCAST OPTIONS GATEWAY net eth0 10.0.0.255 nobogons,routefilter,logmartians,tcpflags,arp_filter,nosmurfs #loc eth1 detect - br0 detect # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE Masq eth0 192.168.3.0/24 Policy #SOURCE DEST POLICY LOG LIMIT:BURST # LEVE...

hi: Just a litle update: 41/8 allocated to AfriNIC (APR 2005). 73/8 allocated to ARIN (MAR 2005). hope it helps.

Hello ! I have installed and configured squid(last version) transparent proxy and i am using shorewall(last version) as a firewall. I have redirected all of my local network''s http requests to the squid port(3128). But, from my local net i cannot ping a remote machine on the internet using his hostname like google.com. I could do it only when i use a ip address. All of computers in the

Hi I am using Shorewall with a bridged Firewall using the "bridging utils" from Debian. eth0 is connected to the router and eth1 is connected to the local lan. eth0 and eth1 are both assigned zero addresses and br0 is assigned the Firewall server address of 192.168.0.1 I should point out that Shorewall is working fine in Bridge mode, but I have hit some problems while evaluating

...55 9423 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0 8 400 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 8 400 norfc1918 all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 8 400 nobogons all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW 18 2881 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0 55 9423 net2dmz all -- * eth2...