search for: routeback

Hi, enabling this line in hosts file "WAN eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 routeback,blacklist,tcpflags" results in this error message -- Preparing iptables-restore input... Running /usr/sbin/iptables-restore... iptables-restore v1.3.8: error creating chain ''ACCEPT'':File exists Error occurred at line: 29 Try `iptables-restore -h'' or ''ipta...

I have had to replace an existing setup which has a bunch of IPs Proxy-NAT''ed onto the loc segment. While I do eventually want to move them to their own segment, I have to deal with this for the next few weeks. My problem is that from a loc system I can ping the public IP of a system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being blocked according

...et Nov 21 12:18:45 kbeewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=172.17.0.2 DST=172.16.0.130 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=36553 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=7168 In http://lists.shorewall.net/pipermail/shorewall-users/2003-September/008978.h tml It says to add routeback as an option in interfaces, but I get the error Validating interfaces file... Warning: Invalid option (routeback) in record "dmz eth2 detect routeback" Eventually I would like to change the policy to REJECT and write rules for subnet connections in the DMZ. How can I set shorewall t...

I am trying to setup a 2 ISP shorewall box and I have 1 question. Does the routeback option replace the steps in FAQ 32 or do I need both? Thanks Jim

...10.100.1.0/24 So, I think I need: interfaces: - tun0 hosts: remote1 tun0:10.100.2.0/24 routers tun0:10.100.1.0/24 remote tun0:0.0.0.0/8 zones: remote1 routes remote In rules & policy I would list rules in order by remote1, routers, remote. Does this seem correct? Where do I put the routeback so that routers can see each other? Thanks, A.

...INCLUDE directives are ignored. 3) Routing traffic from an interface back out that interface continues to be a problem. While I firmly believe that this should never happen, people continue to want to do it. To limit the damage that such nonsense produces, I have added a new ''routeback'' option in /etc/shorewall/interfaces and /etc/shorewall/hosts. When used in /etc/shorewall/interfaces, the ''ZONE'' column may not contain ''-''; in other words, ''routeback'' can''t be used as an option for a multi-zone i...

Hi, [Summary] There seems to be a bug when using the "+" wildcard notation in the interfaces file, in that rules are not generated in the fwd chain to permit traffic going out an interface with a "+" in it. [Details] The interface entries: loc tun0 detect routeback,newnotsyn loc tun1 detect routeback,newnotsyn loc tun2 detect routeback,newnotsyn and loc tun+ detect routeback,newnotsyn do not seem to be equivalent because the latter won''t create a rule in the "tun_fwd" chain allowing traffic between diffe...

...forge site doesn''t seem to be kept up to date. This should be pointed out more (Sourceforge probably shouldn''t be the first mirror either). It caused me some long hours trying to solve a bug in 1.4.6, thinking this was the latest version, when in fact this bug was solved in 1.4.8 (routeback for if+). Second, an even more cosmetic bug ;) Routeback isn''t included in the list of options in interfaces (the file). And lastly, the only part I actually want a reply to ;). Is there any development on the webmin interface? The one included with the webmin-dist. isn''t up to...

...been brought up in the forum, but it''s a bit different. If I have a set of tun interfaces. I already defined tun+ as zone A, and I have excluded tun15 as zone B (a subset of zone A). I need to add tun16 to zone B. My config: /etc/shorewall/interfaces: A tun+ - routeback B tun15 /etc/shorewall/ A ipv4 B:A ipv4 I tried to define in /etc/shorewall/interfaces: A tun+ - routeback B tun15,tun16 Thank you. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting -...

Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

Hi folks, As you''ve no doubt noticed incoming spam recently massively increased. This has overloaded our current server (24.74.9.226) which does HTTP, SMTP, POP and IMAP. To help cope with this, I''ve put up a second server (24.74.9.225) which will be the mail server, leaving the original server to just be a web server. Can I use shorewall on the first machine (version

...ps://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html but when I run shorewall check, this error occurs: Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... ERROR: Invalid zone (dmz) in record "dmz venet0 detect routeback" the guide does not talk about the / etc/shorewall / zzones, so it is by default file /etc/shorewall/zones: #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 #LA...

...want and the difference between these 3 methods? 1) The "Three Interface Firewall" quick-start guide recommends this rule: DNAT loc dmz:10.10.11.2 tcp 80 - <external IP> 2) FAQ Question 2 recommends the more complicated: In /etc/shorewall/interfaces: loc eth1 detect routeback In /etc/shorewall/masq: eth1:192.168.1.5 eth1 192.168.1.254 tcp www In /etc/shorewall/rules: DNAT loc loc:192.168.1.5 tcp www - 130.151.100.69 3) The Shorewall 2.x reference adds a few more possibilities but I _think_ they''re just variations on those already listed. So...

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

Hello, I''m not sure if this has been asked before but I would like to ask assistance for this problem I have. I installed gentoo for my firewall/gateway and installed dhcp and shorewall. Currently, I can ssh, ftp, remote desktop connect, ping, etc (anything I can think of) from an internal computer inside my network to an external IP, except I cannot surf the net. I can ssh/ftp to

I have problem with IP public, my Network configuration [wireless] <------> [Router] <------ > [ Linux proxy ] < ------ > [Client ] IP configuration [202.123.123.1] <------->[202.123.123.2 and 192.168.0.1] < ------ > [192.168.0.2 and 202.123.123.3] < ------ > [202.123.123.4] this configuration will use IP 202.123.123.2 on internet how to config my network

The bridging documentation (http://shorewall.net/2.0/bridge.html) has been expanded and there is a refresh of the bridging code (ftp://shorewall.net/pub/shorewall/Bridging and http://shorewall.net/pub/shorewall/Bridging). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

...68.16.0/24,192.168.99.0/24 ############################################################################ ### Interface ############################################################################ ### net eth1 detect loc eth0 192.168.9.255 dhcp,routeback - eth2 detect ############################################################################ ### Agentur V&V Medien Lars Bunse Müggenburg 40a 42277 Wuppertal Tel:0202/7995300 http://www.vvmedien.com <http://www.vvmedien.com/> info@vvmedien.com PGP-Verschlüsselung...