search for: rfc1918

Is my RFC1918 file obsolete? I have been assigned an ip in the 83.0.0.0/8 range, and of cource a lot of Shorewall systems drop me with a RFC1918 error. So, is my ISP actually giving me a RFC1918 IP, or am I missing something? .

Hi I''ve come accross a small problem with the rcf1918 address blocking on my internet interface. Im connected via a cable modem and it has an internel web server that allows me to configure/monitor it but as expected if I enable rfc1918 blocking for my eth0 interface(The internet one) it also blocks the cable modems web server. Is there any way it can add a rule before the rfc1918 blocking that will let all traffic to and from the 192.168.100.1 address of the modem in/out but still block all other rfc1918 addresses. Thanks...

..., I''ve a little problem, I hope so.. First a hint, I haven''t a static IP - Adress and so I used a dyndns Provider. In DMZ runs a sftp server. It should accessible from net. My router is forwarding the traffic from port 22 to the machine in DMZ. Now, in basic installation I have rfc1918-dropping configured by net interface. My problem: If rfc1918 dropping is on I can''t receive the machine in DMZ. If I switch it off, it works fine. In logfile (after dropping) is the SRC=83.76.254.X, not a private adress. Where is the problem. Sorry for my english. Regards Michael

Hi List, I read this list for nearly two years and learnt a lot, but now i have a very strange problem I can''t solve.. I have a firewall machine running Debian, which connects a small office to the internet via a DSL-line (with pppoe) and which is running Shorewall. It allows all outbound traffic and accepts pptp, openvpn and ssh-connections (on a non-standard port) from the internet.

I''m beginning to think again about what will be different in 2.0. Here are some thoughts. a) User-defined actions will be emphasized. - A library of actions will be available with names such as: AcceptSSH AcceptDNS DropWindows (drops all SMB noise) DropBroadcasts (Silently drop all Broadcast traffic) ... The possibilities are nearly endless but should

...rthlink cable service provided by Time Warner. All this information, I think, is important because when I started examining my shorewall logs I found out that the source IP was 69.3.127.173 and some other IPs but all from 69.x.x.x network. All requests coming from that network was “DROPed” by rfc1918. I removed the line with that network from rfc1918 file and by that fixed the problem, but I am not sure if list is either outdated or something is wrong with IP assigning or I am not understanding it. Please let me know. By the way, my traceroutes die somewhere is Houston… traceroute 69.22....

I have tried (RH7.3/shorewall-1.3.12-1) both of the following in shorewall.conf to eliminate ''rfc1918'' logging into /var/log/messages: RFC1918_LOG_LEVEL=debug RFC1918_LOG_LEVEL=notice Neither appear to eliminate the logging. Here''s what the ''logdrop'' chain shows: 1 229 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix \ `Shorewall:rf...

Please, help me. Can i forbid and how any outgoing traffic (ping,trace) to rfc1918 networks on my external interfaces? Thank you very much. Aleksandr -------------------- Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер, ноутбуков и PDA. Гарантия минского сервис...

I don't know if this is the right place, but it is a place to start. I have two machines in a co-location facility. They are both on the same physical network segement and have real internet addresses and RFC1918 addresses. We get charged for traffic which goes across the "real" internet addresses which is part of the purpose for the RFC1918 network. The problem is connecting the UNIX machine to the NT machine. If I use the RFC1918 address NT responds with a "connection refused" If...

Hello, when I execute "shorewall hits" command I find this stats: HITS IP DATE ---- --------------- ------ 92099 192.168.0.2 Nov 24 7764 59.104.107.85 Nov 23 3997 192.168.1.77 Nov 24 337 181.50.93.89 Nov 23 331 59.104.156.68 Nov 23 315 99.109.157.73 Nov 23 301 190.225.157.40 Nov 23 275 179.153.183.53 Nov 23 268

Updated rfc1918 and bogons files are now available: rfc1918 for Shorewall 2.0.0 and earlier: http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 bogons for Shorwall 2.0.1: http://shorewall.net/pub/shorewall/errata/2.0.1/bogons Thanks go to Thomas Backlund for pointing out that the file was out of date....

A new rfc1918 file that reflects the recent IANA allocation of 222/8 and 223/8 may be found at: http://www.shorwall.net/pub/shorewall/errata/1.3.14/rfc1918 ftp://ftp.shorewall.net/pub/shorewall/errata/1.3.14/rfc1918 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall....

hi: Just a litle update: 41/8 allocated to AfriNIC (APR 2005). 73/8 allocated to ARIN (MAR 2005). hope it helps.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To reflect recent allocations by the IANA, the following files are available: For Shorewall 2.0.0b and earlier: http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 ftp://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 For Shorewall 2.0.1 and later: http://shorewall.net/pub/shorewall/errata/2.0.10/bogons ftp://shorewall.net/pub/shorewall/errata/2.0.10/bogons - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline,...

hi, in the interface documentation at the dhcp option 3. said: ----------------------------------- 3. you have a static IP but are on a LAN segment with lots of Laptop DHCP clients. ----------------------------------- can someone explain it for me? what the laptop means here? on the loc zones interface we have a static ip but the whole network is dhcp clients. but they are not laptops rather

I have several computers connected to the internet through a DSL router that assigns rfc1918 (192.168.1.x) addresses to the systems connected. I have a server where shorewall is installed with one interface eth0, with a static ip (192.168.1.3). The router is configured to forward all connections from the internet to the linux server. I''d like to know how I can configure shorewall...

Hello all, The reserved addresses list seems to be in flux more lately. Since I have several servers that all run Shorewall, updating /etc/shorewall/rfc1918 has become a little tedious. I put together a shell script that can download the latest file, write a new /etc/shorewall/rfc1918 and restart Shorewall. I run this from a cron job and now don''t have to pay much attention to keeping this part fresh. If anyone would like to play with it, th...

In my peculiar setup I need my shorewall router to do one-to-one NAT with RFC1918 addresses. The "external" addresses are 10.215.0.0 and the internal addresses are 192.168.0.0. I can ping, vnc, http, smb from 10.215.144.48 to 10.215.145.237 which is 192.168.44.237 internally. >From 192.168.44.237 I can do http, rdp, ping to 10.215.0.0 hosts. So all seems fine ex...

...ts file''s description of the ''ipsec'' option pointing out that the option is redundent if the zone named in the ZONE column has been designated an IPSEC zone in the /etc/shorewall/ipsec file. New Features: 1. The SUBNET column in /etc/shorewall/rfc1918 has been renamed SUBNETS and it is now possible to specify a list of addresses in that column. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://list...

...other users do not have a problem. I have a cable modem, with a shorewall 1.4 machine behind it. On the second interface of the shorewall machine I have a few machines, of which one is the webserver. Checking the logfile I see the following messages: Aug 30 21:24:16 gatekeeper kernel: Shorewall:rfc1918:DROP:IN=eth1 OUT=eth0 SRC=84.119.226.171 DST=192.168.0.50 LEN=48 TOS=0x00 PREC=0x00 TTL=123 ID=14912 DF PROTO=TCP SPT=2198 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 It seems that he is trying to access my internal ip adress immediately, right? But when he ping of nslookups the website with the name...