search for: tcpflags

Displaying 20 results from an estimated 147 matches for "tcpflags".

2008 Dec 31
5
Problem with "routeback, blacklist, tcpflags" in Shorewall 4.2.4-2
Hi, enabling this line in hosts file "WAN eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 routeback,blacklist,tcpflags" results in this error message -- Preparing iptables-restore input... Running /usr/sbin/iptables-restore... iptables-restore v1.3.8: error creating chain ''ACCEPT'':File exists Error occurred at line: 29 Try `iptables-restore -h'' or ''iptables-restore --help...
2009 Mar 04
1
MultiWAN & Vlans
...tween VLANxx to LAN & outside. 2. Failover between interfaces, so if one goes down the other one goes up. 3. Routing based on device model (VLAN10 gateway will be ppp0 and in a case of failover it will jump to ppp1 for example) post of my config files: interfaces: #NET net0 ppp0 detect tcpflags,dhcp,routefilter,nosmurfs net1 ppp1 detect tcpflags,dhcp,routefilter,nosmurfs net2 ppp2 detect tcpflags,dhcp,routefilter,nosmurfs net3 ppp3 detect tcpflags,dhcp,routefilter,nosmurfs #WAN wan0 eth0 detect tcpflags,routefilter,nosmurfs wan1 eth1 detect tcpflags,routefilter,nosmurfs wan2 eth2...
2009 Jun 18
9
Redirect port 80 away from Shorewall?
Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:
2008 Dec 25
2
Problems with exclusion in host definition - shorewall 4.2.3 latest
...Setting up TCP Flags checking... iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0'' not found Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/usr/sbin/iptables -A eth2_fwd -p tcp -s 169.254.0.0/16!169.254.1.0/24 -j tcpflags" Failed Processing /etc/shorewall/stop ... IP Forwarding Enabled Processing /etc/shorewall/stopped ... /sbin/shorewall: line 742: 9333 Terminated $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart -------------------------------------------------------- This is the corresponding entry...
2004 Dec 30
9
shorewall shutting down eth0
...DROP info None Any Any REJECT info None The interface settings are : Interface Zone name Broadcast address Options eth0 net Automatic dhcp,routefilter,norfc1918,tcpflags eth1 loc Automatic tcpflags After I save and reboot my eth0 is down. I am not able to browse on my server. Why ? Thanks Varun
2013 Apr 19
1
Can't connect to DSL modem on em1
...o em1. If I have ppp0 disabled and NetworkManger brings up the interfaces, em1 gets an IP of 192.168.1.2. Then when I get NetworkManger to bring up ppp0, it removes the IP on em1. The DSL Modems internal IP is 192.168.1.254 In the shorewall interface file, I have: net ppp0 detect routefilter,tcpflags,blacklist modem em1 detect loc p3p1 detect tcpflags,dhcp dmz p4p1 detect tcpflags,dhcp In the shorewall masq file, I have: ppp0 10.10.1.0/24 ppp0 10.10.2.0/23 em1 10.10.1.0/24 em1 10.10.2.0/23 p4p1 10.10.1.0/24 Is there any config change that I can do in Shorewall, to be able to c...
2004 Mar 25
2
Shorewall 2.0.1 RC1
Release candidate 1 is available at: http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta The ''releasenotes.txt'' file tells you about the release. -Tom PS to those of you on the Shorewall Announcement List: Feedback to this point is overwelmingly in favor of keeping Beta and Release Candidate announcements on this list. I have configured the list
2004 Jul 25
3
Openvpn, bridge and shorewall
...figuration. openvpn.conf: local <ip of ppp0> port 8881 dev tap0 secret key.txt persist-key persist-tun ping-timer-rem ping-restart 60 ping 10 comp-lzo user nobody group nobody shorewall interface: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - norfc1918,routefilter,tcpflags loc br0 detect tcpflags,dhcp vpn tap+ #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE shorewall zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local Networks vpn VPN Remote subnet #LAST LINE -- ADD YOUR E...
2003 Jul 26
3
Snapshot 1.4.6_20030726
http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command.
2005 Feb 04
12
SW 2.2.0: 4 interface system, log reports impossible "IN=" and DROPS
This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s
2011 Mar 13
4
ipod touch, skype, and a shorewall firewall
Hi, My firewall is a machine running Debian Squeeze with shorewall 4.4.11.6. /etc/shorewall/policy says this: loc $FW ACCEPT loc loc ACCEPT loc net ACCEPT $FW net ACCEPT $FW loc ACCEPT net all DROP # info all all REJECT
2009 Mar 09
3
Shorewall Rules and Configurations
...- w/ openVPN eth0 = 192.168.150.5/24 eth1 = 192.168.200.5/24 eth2 = public IP eth3 = 192.168.120.5/24 tun240 = 10.240.255.1 /etc/shorewall/zones all zones declared as ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS tlm eth0 detect routefilter,tcpflags,dhcp adm eth1 detect routefilter,tcpflags,dhcp net eth2 detect norfc1918,tcpflags,routefilter sis eth3 detect routefilter,tcpflags l240 tun240 - /etc/shorewall/tunnels #TYPE ZONE GATEWAY...
2012 Dec 29
10
How could I open Port 1701 for VPN l2tp/ipsec
...-vpn (but iPhone donĀ“t run with open-vpn) wlan ipv4 vpn1 ipv4 <--- old VPN over pptp - but unsure -> in future should be l2tp/ipsec vpn2 ipsec <--- new entry l2tp ipv4 <--- new entry #LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE /etc/shorewall/interfaces net ppp0 detect tcpflags,dhcp,routefilter,norfc1918,nosmurfs,logmartians loc eth0 detect tcpflags,detectnets,nosmurfs dmz eth2 detect tcpflags,detectnets,nosmurfs ovpn tun0 detect tcpflags,detectnets,nosmurfs wlan eth3 detect tcpflags,dhcp,detectnets,nosmurfs vpn1 ppp1 detect tcpflags,detectnets,nosmurfs vmn eth4 detect tc...
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer
2004 Dec 06
1
recomended internal(wired) "interfaces" options??
Hi: According to http://www.shorewall.net/Documentation.htm#Interfaces there is one recommendation for internal interface but wireless Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs a recommendation for wired internal interface?(100 win32 clients) I use tcpflags,detectnets thanks
2012 Mar 25
1
kvm and shorevall-init
...by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net vboxnet0 detect dhcp,tcpflags,nosmurfs,logmartians to shorewall/interfaces and everything seemed to work. Not so easy with the vit-man/kvm setup, where > net virbr0 detect dhcp,tcpflags,nosmurfs,logmartians does not seem to lead to a network-setup that works out - no network connection from the (migrat...
2011 May 24
1
L2TP ppp+ when using ppp0 for WAN
...utefilter loc eth1 192.168.1.255 l2tp ppp+ - #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE My current interface as currently used on my firewall is below: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - dhcp,tcpflags,nosmurfs,logmartians loc eth0 detect dhcp,tcpflags,nosmurfs,routefilter,logmartians My question is if i define ppp+ for the l2tp zone will my ''net'' zone be included in the l2tp zone? How would i go about setup with ppp0 as my WAN interface as opposed t...
2004 Feb 05
1
Norton personal firewall tells me that bad TCP packets are received
...Intrusion: Invalid TCP Source Port TCP Source Port: 0. This is an invalid port number. TCP Destination Port: 6881 Intrusion: Invalid TCP Options TCP Source Port: 33931 TCP Destination Port: 6881 Invalid TCP Option: 0xc660b2ba As I have: net eth0 detect dhcp,routefilter,norfc1918,tcpflags in interfaces, I thought that the invalid stuff should be prevented to enter my network... Running "shorewall show tcpflags" reveals that nothing has been caught. Both loc and dmz are NAT''ed atm. I imagine I should just add a rule for source port zero to fix that part. Should...
2005 Jun 26
12
Vpn Trouble
...e vpns. shorewall/hosts #ZONE HOST(S) OPTIONS loc eth1:192.168.25.0/24 loctw eth1:192.168.50.0/24 locsa eth1:192.168.75.0/24 vpntw ppp+:!192.168.50.0/24 vpnsa ppp+:!192.168.75.0/24 #vpn3 ppp+:!192.168.3.0/24 interfaces net eth0 detect routefilter,norfc1918,tcpflags - eth1 192.168.25.255,192.168.50.255,192.168.75.255 - ppp+ now if I comment out vpnsa in hosts and enter vpnsa in interfaces it works (meaning the tunnel can talk :). I can not figure out what the trouble is. Thanks Mike
2005 Jan 26
9
Proxy-ARP on Same Segment
I have had to replace an existing setup which has a bunch of IPs Proxy-NAT''ed onto the loc segment. While I do eventually want to move them to their own segment, I have to deal with this for the next few weeks. My problem is that from a loc system I can ping the public IP of a system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being blocked according