search for: routeback

Displaying 20 results from an estimated 136 matches for "routeback".

2008 Dec 31
5
Problem with "routeback, blacklist, tcpflags" in Shorewall 4.2.4-2
Hi, enabling this line in hosts file "WAN eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 routeback,blacklist,tcpflags" results in this error message -- Preparing iptables-restore input... Running /usr/sbin/iptables-restore... iptables-restore v1.3.8: error creating chain ''ACCEPT'':File exists Error occurred at line: 29 Try `iptables-restore -h'' or ''ipta...
2005 Jan 26
9
Proxy-ARP on Same Segment
I have had to replace an existing setup which has a bunch of IPs Proxy-NAT''ed onto the loc segment. While I do eventually want to move them to their own segment, I have to deal with this for the next few weeks. My problem is that from a loc system I can ping the public IP of a system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being blocked according
2003 Nov 21
7
FORWARD:REJECT
...et Nov 21 12:18:45 kbeewall kernel: Shorewall:FORWARD:REJECT:IN=eth2 OUT=eth2 SRC=172.17.0.2 DST=172.16.0.130 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=36553 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=7168 In http://lists.shorewall.net/pipermail/shorewall-users/2003-September/008978.h tml It says to add routeback as an option in interfaces, but I get the error Validating interfaces file... Warning: Invalid option (routeback) in record "dmz eth2 detect routeback" Eventually I would like to change the policy to REJECT and write rules for subnet connections in the DMZ. How can I set shorewall t...
2004 Jul 12
1
routeback and FAQ 32
I am trying to setup a 2 ISP shorewall box and I have 1 question. Does the routeback option replace the steps in FAQ 32 or do I need both? Thanks Jim
2005 Feb 07
9
Zoning Out
...10.100.1.0/24 So, I think I need: interfaces: - tun0 hosts: remote1 tun0:10.100.2.0/24 routers tun0:10.100.1.0/24 remote tun0:0.0.0.0/8 zones: remote1 routes remote In rules & policy I would list rules in order by remote1, routers, remote. Does this seem correct? Where do I put the routeback so that routers can see each other? Thanks, A.
2003 Apr 10
2
Shorewall 1.4.2
...INCLUDE directives are ignored. 3) Routing traffic from an interface back out that interface continues to be a problem. While I firmly believe that this should never happen, people continue to want to do it. To limit the damage that such nonsense produces, I have added a new ''routeback'' option in /etc/shorewall/interfaces and /etc/shorewall/hosts. When used in /etc/shorewall/interfaces, the ''ZONE'' column may not contain ''-''; in other words, ''routeback'' can''t be used as an option for a multi-zone i...
2003 Nov 05
0
Bug? wildcard interfaces not accepted in fwd chain
Hi, [Summary] There seems to be a bug when using the "+" wildcard notation in the interfaces file, in that rules are not generated in the fwd chain to permit traffic going out an interface with a "+" in it. [Details] The interface entries: loc tun0 detect routeback,newnotsyn loc tun1 detect routeback,newnotsyn loc tun2 detect routeback,newnotsyn and loc tun+ detect routeback,newnotsyn do not seem to be equivalent because the latter won''t create a rule in the "tun_fwd" chain allowing traffic between diffe...
2003 Nov 08
1
Sourceforge updates, webmin
...forge site doesn''t seem to be kept up to date. This should be pointed out more (Sourceforge probably shouldn''t be the first mirror either). It caused me some long hours trying to solve a bug in 1.4.6, thinking this was the latest version, when in fact this bug was solved in 1.4.8 (routeback for if+). Second, an even more cosmetic bug ;) Routeback isn''t included in the list of options in interfaces (the file). And lastly, the only part I actually want a reply to ;). Is there any development on the webmin interface? The one included with the webmin-dist. isn''t up to...
2009 Aug 21
2
Multiple interfaces in a zone (not a standard case)
...been brought up in the forum, but it''s a bit different. If I have a set of tun interfaces. I already defined tun+ as zone A, and I have excluded tun15 as zone B (a subset of zone A). I need to add tun16 to zone B. My config: /etc/shorewall/interfaces: A tun+ - routeback B tun15 /etc/shorewall/ A ipv4 B:A ipv4 I tried to define in /etc/shorewall/interfaces: A tun+ - routeback B tun15,tun16 Thank you. ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting -...
2005 Jan 04
5
Shorewall and ChilliSpot
Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the
2006 Dec 19
7
routing problem
hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or
2008 Mar 26
8
Hub/Spoke OpenVPN can't communicate from Client A to Client B - FORWARD:REJECT:IN=tun0 OUT=tun0
Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->
2005 Feb 04
13
resending to new external address
Hi folks, As you''ve no doubt noticed incoming spam recently massively increased. This has overloaded our current server (24.74.9.226) which does HTTP, SMTP, POP and IMAP. To help cope with this, I''ve put up a second server (24.74.9.225) which will be the mail server, leaving the original server to just be a web server. Can I use shorewall on the first machine (version
2011 Aug 23
8
problems configuring shorewall in proxmox pve (debian5)
...ps://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html but when I run shorewall check, this error occurs: Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... ERROR: Invalid zone (dmz) in record "dmz venet0 detect routeback" the guide does not talk about the / etc/shorewall / zzones, so it is by default file /etc/shorewall/zones: #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ipv4 loc ipv4 #LA...
2004 Dec 23
2
Reflecting internal connections to public IP back into network?
...want and the difference between these 3 methods? 1) The "Three Interface Firewall" quick-start guide recommends this rule: DNAT loc dmz:10.10.11.2 tcp 80 - <external IP> 2) FAQ Question 2 recommends the more complicated: In /etc/shorewall/interfaces: loc eth1 detect routeback In /etc/shorewall/masq: eth1:192.168.1.5 eth1 192.168.1.254 tcp www In /etc/shorewall/rules: DNAT loc loc:192.168.1.5 tcp www - 130.151.100.69 3) The Shorewall 2.x reference adds a few more possibilities but I _think_ they''re just variations on those already listed. So...
2012 Apr 16
6
problems with shorewall proxyarp
Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.
2005 Jan 27
12
problem with masquerading with shorewall
Hello, I''m not sure if this has been asked before but I would like to ask assistance for this problem I have. I installed gentoo for my firewall/gateway and installed dhcp and shorewall. Currently, I can ssh, ftp, remote desktop connect, ping, etc (anything I can think of) from an internal computer inside my network to an external IP, except I cannot surf the net. I can ssh/ftp to
2004 Sep 03
18
Public IP
I have problem with IP public, my Network configuration [wireless] <------> [Router] <------ > [ Linux proxy ] < ------ > [Client ] IP configuration [202.123.123.1] <------->[202.123.123.2 and 192.168.0.1] < ------ > [192.168.0.2 and 202.123.123.3] < ------ > [202.123.123.4] this configuration will use IP 202.123.123.2 on internet how to config my network
2004 Mar 06
16
Bridging Update
The bridging documentation (http://shorewall.net/2.0/bridge.html) has been expanded and there is a refresh of the bridging code (ftp://shorewall.net/pub/shorewall/Bridging and http://shorewall.net/pub/shorewall/Bridging). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
2004 Dec 28
5
Multiple IP´s in one Zone
...68.16.0/24,192.168.99.0/24 ############################################################################ ### Interface ############################################################################ ### net eth1 detect loc eth0 192.168.9.255 dhcp,routeback - eth2 detect ############################################################################ ### Agentur V&V Medien Lars Bunse Müggenburg 40a 42277 Wuppertal Tel:0202/7995300 http://www.vvmedien.com <http://www.vvmedien.com/> info@vvmedien.com PGP-Verschlüsselung...