search for: tcpflags

Hi, enabling this line in hosts file "WAN eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 routeback,blacklist,tcpflags" results in this error message -- Preparing iptables-restore input... Running /usr/sbin/iptables-restore... iptables-restore v1.3.8: error creating chain ''ACCEPT'':File exists Error occurred at line: 29 Try `iptables-restore -h'' or ''iptables-restore --help...

...tween VLANxx to LAN & outside. 2. Failover between interfaces, so if one goes down the other one goes up. 3. Routing based on device model (VLAN10 gateway will be ppp0 and in a case of failover it will jump to ppp1 for example) post of my config files: interfaces: #NET net0 ppp0 detect tcpflags,dhcp,routefilter,nosmurfs net1 ppp1 detect tcpflags,dhcp,routefilter,nosmurfs net2 ppp2 detect tcpflags,dhcp,routefilter,nosmurfs net3 ppp3 detect tcpflags,dhcp,routefilter,nosmurfs #WAN wan0 eth0 detect tcpflags,routefilter,nosmurfs wan1 eth1 detect tcpflags,routefilter,nosmurfs wan2 eth2...

Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:

...Setting up TCP Flags checking... iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0'' not found Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/usr/sbin/iptables -A eth2_fwd -p tcp -s 169.254.0.0/16!169.254.1.0/24 -j tcpflags" Failed Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/shorewall: line 742: 9333 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart -------------------------------------------------------- This is the corresponding entry...

...DROP info None Any Any REJECT info None The interface settings are : Interface Zone name Broadcast address Options eth0 net Automatic dhcp,routefilter,norfc1918,tcpflags eth1 loc Automatic tcpflags After I save and reboot my eth0 is down. I am not able to browse on my server. Why ? Thanks Varun

...o em1. If I have ppp0 disabled and NetworkManger brings up the interfaces, em1 gets an IP of 192.168.1.2. Then when I get NetworkManger to bring up ppp0, it removes the IP on em1. The DSL Modems internal IP is 192.168.1.254 In the shorewall interface file, I have: net ppp0 detect routefilter,tcpflags,blacklist modem em1 detect loc p3p1 detect tcpflags,dhcp dmz p4p1 detect tcpflags,dhcp In the shorewall masq file, I have: ppp0 10.10.1.0/24 ppp0 10.10.2.0/23 em1 10.10.1.0/24 em1 10.10.2.0/23 p4p1 10.10.1.0/24 Is there any config change that I can do in Shorewall, to be able to c...

Release candidate 1 is available at: http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta The ''releasenotes.txt'' file tells you about the release. -Tom PS to those of you on the Shorewall Announcement List: Feedback to this point is overwelmingly in favor of keeping Beta and Release Candidate announcements on this list. I have configured the list

...figuration. openvpn.conf: local <ip of ppp0> port 8881 dev tap0 secret key.txt persist-key persist-tun ping-timer-rem ping-restart 60 ping 10 comp-lzo user nobody group nobody shorewall interface: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - norfc1918,routefilter,tcpflags loc br0 detect tcpflags,dhcp vpn tap+ #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE shorewall zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local Networks vpn VPN Remote subnet #LAST LINE -- ADD YOUR E...

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command.

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

Hi, My firewall is a machine running Debian Squeeze with shorewall 4.4.11.6. /etc/shorewall/policy says this: loc $FW ACCEPT loc loc ACCEPT loc net ACCEPT $FW net ACCEPT $FW loc ACCEPT net all DROP # info all all REJECT

...- w/ openVPN eth0 = 192.168.150.5/24 eth1 = 192.168.200.5/24 eth2 = public IP eth3 = 192.168.120.5/24 tun240 = 10.240.255.1 /etc/shorewall/zones all zones declared as ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS tlm eth0 detect routefilter,tcpflags,dhcp adm eth1 detect routefilter,tcpflags,dhcp net eth2 detect norfc1918,tcpflags,routefilter sis eth3 detect routefilter,tcpflags l240 tun240 - /etc/shorewall/tunnels #TYPE ZONE GATEWAY...

...-vpn (but iPhone don´t run with open-vpn) wlan ipv4 vpn1 ipv4 <--- old VPN over pptp - but unsure -> in future should be l2tp/ipsec vpn2 ipsec <--- new entry l2tp ipv4 <--- new entry #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE /etc/shorewall/interfaces net ppp0 detect tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians loc eth0 detect tcpflags,detectnets,nosmurfs dmz eth2 detect tcpflags,detectnets,nosmurfs ovpn tun0 detect tcpflags,detectnets,nosmurfs wlan eth3 detect tcpflags,dhcp,detectnets,nosmurfs vpn1 ppp1 detect tcpflags,detectnets,nosmurfs vmn eth4 detect tc...

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi: According to http://www.shorewall.net/Documentation.htm#Interfaces there is one recommendation for internal interface but wireless Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs a recommendation for wired internal interface?(100 win32 clients) I use tcpflags,detectnets thanks

...by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net vboxnet0 detect dhcp,tcpflags,nosmurfs,logmartians to shorewall/interfaces and everything seemed to work. Not so easy with the vit-man/kvm setup, where > net virbr0 detect dhcp,tcpflags,nosmurfs,logmartians does not seem to lead to a network-setup that works out - no network connection from the (migrat...

...utefilter loc eth1 192.168.1.255 l2tp ppp+ - #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My current interface as currently used on my firewall is below: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - dhcp,tcpflags,nosmurfs,logmartians loc eth0 detect dhcp,tcpflags,nosmurfs,routefilter,logmartians My question is if i define ppp+ for the l2tp zone will my ''net'' zone be included in the l2tp zone? How would i go about setup with ppp0 as my WAN interface as opposed t...

...Intrusion: Invalid TCP Source Port TCP Source Port: 0. This is an invalid port number. TCP Destination Port: 6881 Intrusion: Invalid TCP Options TCP Source Port: 33931 TCP Destination Port: 6881 Invalid TCP Option: 0xc660b2ba As I have: net eth0 detect dhcp,routefilter,norfc1918,tcpflags in interfaces, I thought that the invalid stuff should be prevented to enter my network... Running "shorewall show tcpflags" reveals that nothing has been caught. Both loc and dmz are NAT''ed atm. I imagine I should just add a rule for source port zero to fix that part. Should...

...e vpns. shorewall/hosts #ZONE HOST(S) OPTIONS loc eth1:192.168.25.0/24 loctw eth1:192.168.50.0/24 locsa eth1:192.168.75.0/24 vpntw ppp+:!192.168.50.0/24 vpnsa ppp+:!192.168.75.0/24 #vpn3 ppp+:!192.168.3.0/24 interfaces net eth0 detect routefilter,norfc1918,tcpflags - eth1 192.168.25.255,192.168.50.255,192.168.75.255 - ppp+ now if I comment out vpnsa in hosts and enter vpnsa in interfaces it works (meaning the tunnel can talk :). I can not figure out what the trouble is. Thanks Mike

I have had to replace an existing setup which has a bunch of IPs Proxy-NAT''ed onto the loc segment. While I do eventually want to move them to their own segment, I have to deal with this for the next few weeks. My problem is that from a loc system I can ping the public IP of a system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being blocked according