search for: nosmurfs

...outside. 2. Failover between interfaces, so if one goes down the other one goes up. 3. Routing based on device model (VLAN10 gateway will be ppp0 and in a case of failover it will jump to ppp1 for example) post of my config files: interfaces: #NET net0 ppp0 detect tcpflags,dhcp,routefilter,nosmurfs net1 ppp1 detect tcpflags,dhcp,routefilter,nosmurfs net2 ppp2 detect tcpflags,dhcp,routefilter,nosmurfs net3 ppp3 detect tcpflags,dhcp,routefilter,nosmurfs #WAN wan0 eth0 detect tcpflags,routefilter,nosmurfs wan1 eth1 detect tcpflags,routefilter,nosmurfs wan2 eth2 detect tcpflags,routefilte...

Release candidate 1 is available at: http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta The ''releasenotes.txt'' file tells you about the release. -Tom PS to those of you on the Shorewall Announcement List: Feedback to this point is overwelmingly in favor of keeping Beta and Release Candidate announcements on this list. I have configured the list

...-vpn) wlan ipv4 vpn1 ipv4 <--- old VPN over pptp - but unsure -> in future should be l2tp/ipsec vpn2 ipsec <--- new entry l2tp ipv4 <--- new entry #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE /etc/shorewall/interfaces net ppp0 detect tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians loc eth0 detect tcpflags,detectnets,nosmurfs dmz eth2 detect tcpflags,detectnets,nosmurfs ovpn tun0 detect tcpflags,detectnets,nosmurfs wlan eth3 detect tcpflags,dhcp,detectnets,nosmurfs vpn1 ppp1 detect tcpflags,detectnets,nosmurfs vmn eth4 detect tcpflags,detectnets,nosmurfs l2tp ppp2...

...l maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net vboxnet0 detect dhcp,tcpflags,nosmurfs,logmartians to shorewall/interfaces and everything seemed to work. Not so easy with the vit-man/kvm setup, where > net virbr0 detect dhcp,tcpflags,nosmurfs,logmartians does not seem to lead to a network-setup that works out - no network connection from the (migrated) virtu...

...loc eth1 192.168.1.255 l2tp ppp+ - #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My current interface as currently used on my firewall is below: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - dhcp,tcpflags,nosmurfs,logmartians loc eth0 detect dhcp,tcpflags,nosmurfs,routefilter,logmartians My question is if i define ppp+ for the l2tp zone will my ''net'' zone be included in the l2tp zone? How would i go about setup with ppp0 as my WAN interface as opposed to eth0 as...

...192.168.101.2/24 The IP''s of the secondary box are one number higher. The hardware is the same, and the OS was imaged from the primary machine. So when I try to ping from the secondary box to the primary, the primary spits out kernel log rejecting on smurfs. I edit interfaces to remove nosmurfs from eth3, restart. Then it rejects on mac_list, so I remove that and restart. THEN I GET THIS showing that it has been dropped on IN=eth0, while previous logs all properly showed eth3: Feb 3 21:28:38 barbrady kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:04:75:eb:a9:00:00:50:8b:e8:74:9c:0...

...he interfaces (ADSL0) to provide traffic to/from our lan, one of the interfaces to provide vpn access to our lan, and one of the interfaces to support a small dmz with a handful of servers. I have set Shorewall up with the following interfaces: net eth0 detect tcpflags,routefilter,nosmurfs,logmartians,blacklist vpn eth1 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist dmzo eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians,blacklist vpnre tun0 detect lan eth3 detect tcpflags,detectnets,...

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

...ng is the error problem: Validating interfaces file... ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2 The shorewall interface file: net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians P.S. I tried to remove norfc1918 from interface eth2 that can successfully startup shorewall. Thx --------------------------------- Yahoo! 網上安全攻略，教你如何防範黑客! 了解更多 ------------------------------------------------------------------------- This SF.net email is sponsored by...

...switch. Is this the expected behavior in this configuration? I just want to make sure Im not missing anything because I''ve seen some weird stuff happening. Here''s my /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect tcpflags,nosmurfs,routefilter,logmartians loc eth1 detect dhcp,tcpflags,nosmurfs,logmartians loc vlan2 detect dhcp,tcpflags,nosmurfs,logmartians And /etc/network/interfaces: # eth1 - local lan segment (gigabit) auto eth1 iface eth1 inet static address 10.5.1.1 netmask 255.255.255.0 #...

.... - isp2 : a DSL provider with 15Mbits/1Mbits. We use isp2 as the default outgoing provider. The isp1 provider is used for "critical" services (SSH...) and for incoming connections (VPN...). Our interfaces file : ======================== isp1 eth0 detect logmartians,nosmurfs,routefilter=0,tcpflags isp2 eth1 detect logmartians,nosmurfs,routefilter,tcpflags ======================== Here is our providers file: ======================== #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY isp1 1 0x100 -...

...shed and the net pptp tunnel to share with the machines in my localnet successfully. But Tunnel two to four i''m not able to do 1:1 nat. What could be a solution ? Kind regards, Felix. interfaces: loc eth0 detect tcpflags modem eth1 detect dhcp,tcpflags,routefilter,nosmurfs,arp_filter net ppp0 - tcpflags,routefilter,nosmurfs,arp_filter pptp2 ppp1 - tcpflags,routefilter,nosmurfs,arp_filter pptp3 ppp2 - tcpflags,routefilter,nosmurfs,arp_filter pptp4 ppp3 - tcpflags,routefilter,nosmurfs,arp_filter zones: modem InodeInterna...

...io/) and am having trouble to integrate the "docker0" bridge it creates on the fly into my shorewall setup (version 4.5.16.1) on debian testing. IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces has an entry like so, > doc docker0 tcpflags,nosmurfs,logmartians,bridge,routeback,optional and "policy" like so >doc net ACCEPT However, when firing up an container and trying to acces the web, "shorewall logwatch" is giving me entries like >doc2net:REJECT:IN=docker0 OUT=eth0 PHYSIN=veth3sm8hc SRC=172.17.0.7 DST=...

...OPTIONS > casp ppp0:1.2.3.4 ipsec > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS LINE -- DO NOT REMOVE /etc/shorewall/interfaces: > #ZONE INTERFACE BROADCAST OPTIONS > net ppp0 detect tcpflags,dhcp,routefilter,nosmurfs,logmartians > loc eth0 detect tcpflags,nosmurfs,dhcp > dmz eth1 detect > #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE /etc/shorewall/masq: > #INTERFACE SOURCE ADDRESS PROTO PORT(S) IPSEC MARK &g...

...sing the following: /etc/ppp/ip-up.d/mobile: #!/bin/sh /sbin/shorewall restart fi (Refer: http://sourceforge.net/mailarchive/message.php?msg_id=19774645 ) /etc/shorewall/interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - tcpflags,logmartians,nosmurfs /etc/default/shorewall: startup=0 wait_interface="ppp0" ----------------------- What I''m wanting to do: ----------------------- I want to configure Shorewall to work with my ppp0 and wlan0 connections. I will use one or the other connection at a time, but I will only be connec...

...able: Not available [root@k9-66 root]# 2, 2.1 and 2.2 I plan to implement via bash script (not a topic to discuss here :-). Finally, I think my /etc/shorewall should be like that: - interfaces: svr eth1 detect norfc1918,nobogons,routefilter,blacklist,tcpflags, routeback,nosmurfs ogo eth2 detect norfc1918,nobogons,routefilter,blacklist,tcpflags, routeback,nosmurfs loc eth0 detect tcpflags,nosmurfs - masq: eth1 eth0 eth2 eth0 Using the above masq file means that PBR for so called officers is organized via "ip route" by the script...

Hi: According to http://www.shorewall.net/Documentation.htm#Interfaces there is one recommendation for internal interface but wireless Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs a recommendation for wired internal interface?(100 win32 clients) I use tcpflags,detectnets thanks

...out on my zones file is below # loc - connection to the internal network loc eth0 detect dhcp # dmz - connection to the dmz dmz eth3 detect # net2 - dsl line 2 for dmz connections net2 eth4 detect norfc1918,nobogons,blacklist,tcpflags,nosmurfs # net - dsl line 1 for loc connections net eth2 detect norfc1918,nobogons,blacklist,tcpflags,nosmurfs I''ve got a nat setup for the computer sitting on the dmz at 10.2.1.10 and I''m able to get to and from it as required. I think I shouldn''t have...

...et/match by that name Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... Terminated This is my interfaces file: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect tcpflags,dhcp,norfc1918,routefilter,nosmurfs loc eth0 192.168.2.255 Somebody can help me fix the error ? Thanks

...TION=DROP TC_BITS= PROVIDER_BITS= PROVIDER_OFFSET= MASK_BITS= ZONE_BITS=0 IPSECFILE=zones ---------------------------------------------------------------------- /etc/shorewall/interfaces ---------------------------------------------------------------------- sdsl   eth1   dhcp,tcpflags,routefilter,nosmurfs,logmartians,optional free   eth2   dhcp,tcpflags,routefilter,nosmurfs,logmartians,optional #ovh   eth3   dhcp,tcpflags,routefilter,nosmurfs,logmartians,optional loc    eth0   tcpflags,nosmurfs,routeback vpn    tun0   tcpflags,nosmurfs ---------------------------------------------------------------...