------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
On Sun, Jan 14, 2007 at 01:24:07PM -0600, wlowe@suddenlinkmail.com wrote:> My problem is one of virtual interfaces. First I understand the ramifications of pass-through.<SNIP>> > The rule in question: > DNAT net loc:192.168.1.3 all - xxx.xxx.xxx.184I believe that what you want is SNAT, or something like this: #EXTERNAL INTERFACE INTERNAL ALL LOCAL # INTERFACES xxx.xxx.xxx.184 eth? 192.168.1.3 no no Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
wlowe@suddenlinkmail.com wrote:> > The rule in question: > DNAT net loc:192.168.1.3 all - xxx.xxx.xxx.184That rule doesn''t have enough columns. The xxx.xxx.xxx.184 is in the SOURCE PORT(S) column which is ignored when PROTO = all. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hello I have my shorewall log full of these Jan 15 02:11:52 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14102 PROTO=UDP SPT=20060 DPT=623 LEN=20 I wish to allow 192.168.63.2 to remove these droppings . How to do that ? I can see a blacklist files but I cannot see a whitelist file I suppose I have to write something on rule , but I am not sure . Anyone can tell me how to do that ? Thanks ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
In /etc/shorewall/rules: ACCEPT loc:192.168.63.2 all all Should work, but I personally have never tried an "all" entry for protocol. On Mon, 2007-01-15 at 06:51 -0700, Graziano wrote:> Hello > > I have my shorewall log full of these > > Jan 15 02:11:52 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 > DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14102 PROTO=UDP > SPT=20060 DPT=623 LEN=20 > > I wish to allow 192.168.63.2 to remove these droppings . How to do that > ? I can see a blacklist files but I cannot see a whitelist file > I suppose I have to write something on rule , but I am not sure . > > Anyone can tell me how to do that ? > > Thanks-- Bryan Vukich Network Administrator The Olson Company ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
I just looked at your log snippet closer, it is being dropped because you have the norfc1918 option set in shorewall/interfaces. If eth0 is your internal (loc) interface, remove that option from that interface, it is ok to leave it on the external (net) interface. On Mon, 2007-01-15 at 06:51 -0700, Graziano wrote:> Hello > > I have my shorewall log full of these > > Jan 15 02:11:52 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 > DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14102 PROTO=UDP > SPT=20060 DPT=623 LEN=20 > > I wish to allow 192.168.63.2 to remove these droppings . How to do that > ? I can see a blacklist files but I cannot see a whitelist file > I suppose I have to write something on rule , but I am not sure . > > Anyone can tell me how to do that ? > > Thanks > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users-- Bryan Vukich Network Administrator The Olson Company ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thank you I have RFC1918_STRICT=No RFC1918_LOG_LEVEL=alert what to do to leave RFC1918 only on the external ? And , please how to allow an ip fully ? are these rules ok ? ACCEPT loc:192.168.63.2 all all (for internal ip) ACCEPT net:215.162.1.22 all all (for external ip) Thank you!> I just looked at your log snippet closer, it is being dropped because > you have the norfc1918 option set in shorewall/interfaces. > > If eth0 is your internal (loc) interface, remove that option from that > interface, it is ok to leave it on the external (net) interface. > > > On Mon, 2007-01-15 at 06:51 -0700, Graziano wrote: > >> Hello >> >> I have my shorewall log full of these >> >> Jan 15 02:11:52 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= >> MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 >> DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14102 PROTO=UDP >> SPT=20060 DPT=623 LEN=20 >> >> I wish to allow 192.168.63.2 to remove these droppings . How to do that >> ? I can see a blacklist files but I cannot see a whitelist file >> I suppose I have to write something on rule , but I am not sure . >> >> Anyone can tell me how to do that ? >> >> Thanks >> >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Graziano wrote:> Hello > > I have my shorewall log full of these > > Jan 15 02:11:52 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 > DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14102 PROTO=UDP > SPT=20060 DPT=623 LEN=20 > > I wish to allow 192.168.63.2 to remove these droppings . How to do that > ? I can see a blacklist files but I cannot see a whitelist file > I suppose I have to write something on rule , but I am not sure . > > Anyone can tell me how to do that ?The ''rfc1918'' in the message indicates that this packet is being dropped because the source IP address (192.168.63.2) is reserved by RFC 1918 and you have the ''norfc1918'' interface option specified on the incoming interface (eth0) in /etc/shorewall/interfaces. To "whitelist" just that IP address with respect to ''norfc1918'' filtration, you must: a) Copy /usr/share/shorewall/rfc1918 to /etc/shorewall/rfc1918 b) Edit /etc/shorewall/rfc1918 and add this as the *first* entry: 192.168.63.2 RETURN -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
In /etc/shorewall/interfaces you probably want something along the following lines: #ZONE INTERFACE BROADCAST OPTIONS loc eth0 detect dhcp net eth1 detect norfc1918,blacklist In /etc/shorewall/policy you probably have a line that looks like: loc net ACCEPT If so, all traffic from loc to the internet will automatically be accepted, so you wont need an accept rule just for 192.168.6.2 Now if you don''t have the above policy on purpose, then the following rule in /etc/shorewall/rules will accomplish the same thing for that one IP: ACCEPT loc:192.168.63.2 all all But you probably don''t want a rule such as: ACCEPT net:215.162.1.22 all all On Mon, 2007-01-15 at 10:05 -0700, Graziano wrote:> Thank you > > I have > RFC1918_STRICT=No > RFC1918_LOG_LEVEL=alert > > what to do to leave RFC1918 only on the external ? > > And , please how to allow an ip fully ? > > are these rules ok ? > > ACCEPT loc:192.168.63.2 all all (for internal ip) > ACCEPT net:215.162.1.22 all all (for external ip) > > Thank you! > > > > > > > > I just looked at your log snippet closer, it is being dropped because > > you have the norfc1918 option set in shorewall/interfaces. > > > > If eth0 is your internal (loc) interface, remove that option from that > > interface, it is ok to leave it on the external (net) interface. > > > > > > On Mon, 2007-01-15 at 06:51 -0700, Graziano wrote: > > > >> Hello > >> > >> I have my shorewall log full of these > >> > >> Jan 15 02:11:52 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= > >> MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 > >> DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=14102 PROTO=UDP > >> SPT=20060 DPT=623 LEN=20 > >> > >> I wish to allow 192.168.63.2 to remove these droppings . How to do that > >> ? I can see a blacklist files but I cannot see a whitelist file > >> I suppose I have to write something on rule , but I am not sure . > >> > >> Anyone can tell me how to do that ? > >> > >> Thanks > >> > >>-- Bryan Vukich Network Administrator The Olson Company ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Bryan Vukich wrote:> In /etc/shorewall/interfaces you probably want something along the > following lines: > #ZONE INTERFACE BROADCAST OPTIONS > loc eth0 detect dhcp > net eth1 detect norfc1918,blacklist > > In /etc/shorewall/policy you probably have a line that looks like: > loc net ACCEPT > > If so, all traffic from loc to the internet will automatically be > accepted, so you wont need an accept rule just for 192.168.6.2 > > Now if you don''t have the above policy on purpose, then the following > rule in /etc/shorewall/rules will accomplish the same thing for that one > IP: > ACCEPT loc:192.168.63.2 all all > > But you probably don''t want a rule such as: > ACCEPT net:215.162.1.22 all allSuch rules cannot override RFC 1918 filtration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
I know, but from what I gather, eth0 is his internal nic, so I am having him remove rfc1918 filtering from that interface. On Mon, 2007-01-15 at 10:06 -0800, Tom Eastep wrote:> Bryan Vukich wrote: > > In /etc/shorewall/interfaces you probably want something along the > > following lines: > > #ZONE INTERFACE BROADCAST OPTIONS > > loc eth0 detect dhcp > > net eth1 detect norfc1918,blacklist > > > > In /etc/shorewall/policy you probably have a line that looks like: > > loc net ACCEPT > > > > If so, all traffic from loc to the internet will automatically be > > accepted, so you wont need an accept rule just for 192.168.6.2 > > > > Now if you don''t have the above policy on purpose, then the following > > rule in /etc/shorewall/rules will accomplish the same thing for that one > > IP: > > ACCEPT loc:192.168.63.2 all all > > > > But you probably don''t want a rule such as: > > ACCEPT net:215.162.1.22 all all > > Such rules cannot override RFC 1918 filtration. > > -Tom > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users-- Bryan Vukich Network Administrator The Olson Company ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Bryan Vukich wrote:> I know, but from what I gather, eth0 is his internal nic, so I am having > him remove rfc1918 filtering from that interface.If that is the case then the rules you suggest wouldn''t be necessary since it appears that broadcasts are what are being logged. And Shorewall policy logging suppresses broadcast/multicast packets. I got the impression that the OP was simply trying to rid himself of the log clutter. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Good point. I was assuming he was trying to actually pass the traffic, but yeah, that''s broadcast traffic alright. So you are probably correct, he just wants to clear up the logs. Unless he has some weird bridge & vpn setup going on (like me, DECNet in an IP world sucks), and actually needs to be sending that broadcast traffic somewhere. But I would highly doubt it, I''m pretty sure I''m the first and last person to be masochistic enough to even attempt that. Graziano, What exactly are you trying to do? On Mon, 2007-01-15 at 10:32 -0800, Tom Eastep wrote:> Bryan Vukich wrote: > > I know, but from what I gather, eth0 is his internal nic, so I am having > > him remove rfc1918 filtering from that interface. > > If that is the case then the rules you suggest wouldn''t be necessary since > it appears that broadcasts are what are being logged. And Shorewall policy > logging suppresses broadcast/multicast packets. I got the impression that > the OP was simply trying to rid himself of the log clutter. > > -Tom > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users-- Bryan Vukich Network Administrator The Olson Company ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thank you all . Ok , I removed norfc1918 from /etc/shorewall/interfaces and now norfc1918 are no more dropped. I have an hosting server hosted on a remote datacenter , truly I have no idea what was that 192.168.63.2 which was fulling my logs Jan 15 20:56:42 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30316 PROTO=UDP SPT=20060 DPT=623 LEN=20 I asked also to my datacenter but I received no reply. For this reason I was searching a way to whitelist this ip . I have serious difficult to set shorewall at the best . I truly hope to see a php/perl interface to set it in a easy way . I know , there is a shorewall webmin interface , but I cannot install webmin togheter with cpanel . I truly hope to see some web interface which can run separately from webmin. Thank you> Good point. I was assuming he was trying to actually pass the traffic, > but yeah, that''s broadcast traffic alright. So you are probably > correct, he just wants to clear up the logs. Unless he has some weird > bridge & vpn setup going on (like me, DECNet in an IP world sucks), and > actually needs to be sending that broadcast traffic somewhere. But I > would highly doubt it, I''m pretty sure I''m the first and last person to > be masochistic enough to even attempt that. > > Graziano, > > What exactly are you trying to do? > > > On Mon, 2007-01-15 at 10:32 -0800, Tom Eastep wrote: > >> Bryan Vukich wrote: >> >>> I know, but from what I gather, eth0 is his internal nic, so I am having >>> him remove rfc1918 filtering from that interface. >>> >> If that is the case then the rules you suggest wouldn''t be necessary since >> it appears that broadcasts are what are being logged. And Shorewall policy >> logging suppresses broadcast/multicast packets. I got the impression that >> the OP was simply trying to rid himself of the log clutter. >> >> -Tom >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
A few questions so I''m not leading you in the wrong direction: Is shorewall running on a dedicated firewall box, or is it running on a host? If it is on a dedicated box, is eth0 on the internet side, or the local side? Does your datecenter give you a public or private ip? (I know a dumb question, but maybe they are doing 1-1 nat or something) Thank you, On Mon, 2007-01-15 at 14:05 -0700, Graziano wrote:> Thank you all . > > Ok , I removed norfc1918 from > > /etc/shorewall/interfaces > > and now norfc1918 are no more dropped. > > I have an hosting server hosted on a remote datacenter , truly I have no idea what was > that 192.168.63.2 which was fulling my logs > > Jan 15 20:56:42 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30316 PROTO=UDP SPT=20060 DPT=623 LEN=20 > > I asked also to my datacenter but I received no reply. For this reason I was searching a way to whitelist this ip . > > I have serious difficult to set shorewall at the best . I truly hope to see a php/perl interface > to set it in a easy way . I know , there is a shorewall webmin interface , but I cannot install webmin togheter with > cpanel . I truly hope to see some web interface which can run separately from webmin. > > Thank you > > > > > > > > Good point. I was assuming he was trying to actually pass the traffic, > > but yeah, that''s broadcast traffic alright. So you are probably > > correct, he just wants to clear up the logs. Unless he has some weird > > bridge & vpn setup going on (like me, DECNet in an IP world sucks), and > > actually needs to be sending that broadcast traffic somewhere. But I > > would highly doubt it, I''m pretty sure I''m the first and last person to > > be masochistic enough to even attempt that. > > > > Graziano, > > > > What exactly are you trying to do? > > > > > > On Mon, 2007-01-15 at 10:32 -0800, Tom Eastep wrote: > > > >> Bryan Vukich wrote: > >> > >>> I know, but from what I gather, eth0 is his internal nic, so I am having > >>> him remove rfc1918 filtering from that interface. > >>> > >> If that is the case then the rules you suggest wouldn''t be necessary since > >> it appears that broadcasts are what are being logged. And Shorewall policy > >> logging suppresses broadcast/multicast packets. I got the impression that > >> the OP was simply trying to rid himself of the log clutter. > >> > >> -Tom > >> ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > >> opinions on IT & business topics through brief surveys - and earn cash > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users > >> > >> ------------------------------------------------------------------------ > >> > >> ------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > >> opinions on IT & business topics through brief surveys - and earn cash > >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> ------------------------------------------------------------------------ > >> > >> _______________________________________________ > >> Shorewall-users mailing list > >> Shorewall-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/shorewall-users > >> > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users-- Bryan Vukich Network Administrator The Olson Company ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
it''s a dedicated server without hardware firewall>is eth0 on the internet side, or the local side ?>I have no idea . I can only told you that ifconfig return and eth0 group for each ip address. Thanks > A few questions so I''m not leading you in the wrong direction:> Is shorewall running on a dedicated firewall box, or is it running on a > host? > > If it is on a dedicated box, is eth0 on the internet side, or the local > side? > > Does your datecenter give you a public or private ip? (I know a dumb > question, but maybe they are doing 1-1 nat or something) > > Thank you, > > > On Mon, 2007-01-15 at 14:05 -0700, Graziano wrote: > >> Thank you all . >> >> Ok , I removed norfc1918 from >> >> /etc/shorewall/interfaces >> >> and now norfc1918 are no more dropped. >> >> I have an hosting server hosted on a remote datacenter , truly I have no idea what was >> that 192.168.63.2 which was fulling my logs >> >> Jan 15 20:56:42 hostname kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:e0:81:30:44:81:08:00 SRC=192.168.63.2 DST=255.255.255.255 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=30316 PROTO=UDP SPT=20060 DPT=623 LEN=20 >> >> I asked also to my datacenter but I received no reply. For this reason I was searching a way to whitelist this ip . >> >> I have serious difficult to set shorewall at the best . I truly hope to see a php/perl interface >> to set it in a easy way . I know , there is a shorewall webmin interface , but I cannot install webmin togheter with >> cpanel . I truly hope to see some web interface which can run separately from webmin. >> >> Thank you >> >> >> >> >> >> >> >>> Good point. I was assuming he was trying to actually pass the traffic, >>> but yeah, that''s broadcast traffic alright. So you are probably >>> correct, he just wants to clear up the logs. Unless he has some weird >>> bridge & vpn setup going on (like me, DECNet in an IP world sucks), and >>> actually needs to be sending that broadcast traffic somewhere. But I >>> would highly doubt it, I''m pretty sure I''m the first and last person to >>> be masochistic enough to even attempt that. >>> >>> Graziano, >>> >>> What exactly are you trying to do? >>> >>> >>> On Mon, 2007-01-15 at 10:32 -0800, Tom Eastep wrote: >>> >>> >>>> Bryan Vukich wrote: >>>> >>>> >>>>> I know, but from what I gather, eth0 is his internal nic, so I am having >>>>> him remove rfc1918 filtering from that interface. >>>>> >>>>> >>>> If that is the case then the rules you suggest wouldn''t be necessary since >>>> it appears that broadcasts are what are being logged. And Shorewall policy >>>> logging suppresses broadcast/multicast packets. I got the impression that >>>> the OP was simply trying to rid himself of the log clutter. >>>> >>>> -Tom >>>> ------------------------------------------------------------------------- >>>> Take Surveys. Earn Cash. Influence the Future of IT >>>> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >>>> opinions on IT & business topics through brief surveys - and earn cash >>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>>> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users >>>> >>>> ------------------------------------------------------------------------ >>>> >>>> ------------------------------------------------------------------------- >>>> Take Surveys. Earn Cash. Influence the Future of IT >>>> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >>>> opinions on IT & business topics through brief surveys - and earn cash >>>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>>> ------------------------------------------------------------------------ >>>> >>>> _______________________________________________ >>>> Shorewall-users mailing list >>>> Shorewall-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>>> >>>> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> Take Surveys. Earn Cash. Influence the Future of IT >> Join SourceForge.net''s Techsay panel and you''ll get the chance to share your >> opinions on IT & business topics through brief surveys - and earn cash >> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Graziano wrote:> it''s a dedicated server without hardware firewallSo it only has one network interface?> > is eth0 on the internet side, or the local side ? > > I have no idea . I can only told you that ifconfig return and eth0 group for each ip address.If you only have one interface, it would be on the Internet side. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV