search for: shorewal

I have registered a project with Sourceforge to produced a Webmin module for Shorewall. http://sourceforge.net/projects/webmin-shorewal/ Anyone interested in participating please email me at enemyofthestate at users.sourceforge.net I am still learning the interface but I think I need your Sourceforge Nym to add you as a developer. -- Stephen Carville Unix and Network Admin...

This one is a bit complex so if no help is forthcoming, I understand. I have 2 shorewall firewalls (1.3.13) up and running. (both machines running Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have squid setup as a caching/filtering server on each of them. Each of them was originally setup using the Two-interface Quick Start Guide. Then the Squid guide and th...

I''m using shorewall 3.0.4 and had started using the internal tc option recently. I noticed that the tc rules for the classes I created don''t have the burst parameter (although the ingress qdisc does). I think it would be nice if there was a burst by default (and of course it would even be better if it we...

I tried to the new GATEWAY option in /etc/shorewal/interfaces file but it didnt work. My network setting consists of 2 ISPs line and i would like to have eth0 to connect to for example, 192.168.15.254 while eth1 connected to 192.168.33.254. I restarted shorewall and nothing is wrong. However, the traffic still goes to the default gateway as shown i...

I have been approached with a question that I am not sure about... A Shorewall system has only one interface, with a public IP-adress. The same system is the endpoint for a few OpenVPN-tunnels. Is it possible to add an aliased IP to the interface, and NAT traffic to a OpenVPN-endpoint? The endpoint is on 10.4.2.3 and the Shorewall-box has an interface of 10.4.2.1. ######...

Our setup: server running shorewal 4.5.2.2 and watchguard vpn appliance. VPN appliance was supplied by our document flow provider. I want to route traffic to 192.168.2.0/24 via 10.10.10.1 gateway. So I thought it would be a good idea to set it up as another ISP in the providers file. But when I enable it I can reach 192.168.2.0/24...

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linu...

Hello, 1) Thanks - shorewall save me a lot of time! 2) I try - exactly: I must :-) - configure a VPN server behind 2 NATs. My situation: RoadWarior - INet - ISP Router (NAT+PortForwarding) - Inetranal Router (running Shorewal, NAT+PortForwarding) - Inetranl VPN Server If RoadWariror try to connect Internal VPN Server then...

Hi list, This is my first post there. CONTEXT : -------------- I have a little lan behind a shorewalled box (internet) -- NET_IP [gateway] LOC-IP -- (lan X.Y.0.0) internet -> net zone connected to the gateway via a ppp interface lan -> loc zone connected to the gateway via eth1 NET_IP and LOC_IP are defined in shorewall params file GOAL : --------- i want to forward http and smt...

Im new to shorewal but have read the docs includint the ping section of the FAQ but I cant seem to get the fw to respod to pings.... my policys are ... loc net ACCEPT info net fw ACCEPT info loc loc ACCEPT info fw...

Hello, I use Shorewall 2.0.16 on my server. I would like to auhtorized some external desktop to connect my network. The desktop''s IP change always, because they use dynamic addresses and they haven''t static IP. So I would like to filter those desktop...With shorewall, I can use an IP to drop, reject......

Hello, This is probably nothing, and I''m just the one missing something here. But I''m just curious. I am trying to run samba in one of my machines that run shorewall. But I forgot to add the rule to allow smb connection in my /etc/shorewall/rules. Of course when I tried to access the smb share from another machine, I couldn''t. I fixed that quickly, no problem. However, when I looked at my /var/log/messages, I did not find any DROP log about that...

>sample setups of freeswan working with shorewall? I just implemented this a few days ago. In my case it was the simple scenario of two private subnets (with different private network numbers!) already equipped with Shorewall firewalls on which I added Freeswan. The hardest part was being patient enough for the other end''s firewall (a 4...

Hi all, Perhaps I''ve miss something... I have read every FAQ and documentation from shorewall.net before asking question here, hope someone can help me ! Try many things DNAT, netmasq, proxy arp, it doesn''t work. LAN and PRIVATE network can''t see each other, i can''t ping PRIVATE LAN from LAN and vice-versa. I first think of routing error, but i can''t see...

I hope any of you shorewall freaks would be able to help me with my problem. First a little network description: I have two zones: WAN net = eth0 (One IP address from my Internet Service Provider) LAN loc = eth1 (192.168.23.0/24) Default gateway (the Internet) for the local clients are 192.168.23.2 (the IP addr...

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted o...

...| | Eth0 : noip | ------------------------------------------------------------- | ------------------------------------------ LAN 192.168.1.0/24 - Gateway : 192.168.1.254 Firewall Shorewall 2.0.9 Fedora Core 2 -----Message d''origine----- De : shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] De la part de shorewall-users-request@lists.shorewall.net Envoyé : dimanche 3 octobre 2004 21:00 À : shorewall-users@lists.shorewall.net...

...router : 192.168.11.254 ------------------------ -------------------------------------------------------- | | ------------------------------------------------------------- | Eth2 : noip Eth1 : 192.168.11.253 | Firewall Shorewall 2.0.9 | | | Fedora Core 2 | br0 : 192.168.1.199 | | | | | Eth0 : noip |...

Hi, I have a machine with a Debian Stable installation that runs OpenVSwitch to connect a virtual machine on the same box. The machine is also running shorewall. The problem that I''m having is that shorewall try to run before openvswitch, this makes that shorewall fails because it can''t determine the IP of the virtual interface generated by openvswitch that start after shorewall. I think that if I change the priority of the openvswitch...

...fixed line! They are not in a good area for ADSL because of copper theft and being a bit to far from the closest DSLAM! They have installed a wireless link and I have made certain that put it behind my simple iptables firewall! My old script will no longer cut it as I need all the raw power of Shorewall! I had total success with it in the past in a very complex situation! Almost like multiple DMZ type of setup! Since those days the simple script based iptables generator has served me well! Re-reading all the documentation the standardish 2 interface will do pretty well plus adding the extra bi...