how to make this work, its seem to me that netfilter is changed more or less someplaces that shorewall do not support, using 4.4.27 shorewall and shorewall6 suggestion welcomed ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 01/21/2012 04:04 AM, Benny Pedersen wrote:> how to make this work, its seem to me that netfilter is changed more or > less someplaces that shorewall do not support, using 4.4.27 shorewall > and shorewall6 >What exact problem are you seeing? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On Sat, 21 Jan 2012 05:08:19 -0800, Tom Eastep wrote:> What exact problem are you seeing?maclist not working, have no other prolems, ipt_mac does not exists in kernel 3.2.x shorewall make a total blocking of all ports when maclist is in use in the interface would be nice to know if its just my fault or not i am aware that maclist is unsafe but just like to use it anyway ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 01/21/2012 06:28 AM, Benny Pedersen wrote:> On Sat, 21 Jan 2012 05:08:19 -0800, Tom Eastep wrote: > >> What exact problem are you seeing? > > maclist not working, have no other prolems, ipt_mac does not exists in > kernel 3.2.x > > shorewall make a total blocking of all ports when maclist is in use in > the interface > > would be nice to know if its just my fault or not > > i am aware that maclist is unsafe but just like to use it anywayDoes Shorewall start when mac filtering is configured? If so, please send me the output of ''shorewall dump'' as an attachment. Thanks, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 01/21/2012 06:58 AM, Tom Eastep wrote:> On 01/21/2012 06:28 AM, Benny Pedersen wrote: >> On Sat, 21 Jan 2012 05:08:19 -0800, Tom Eastep wrote: >> >>> What exact problem are you seeing? >> >> maclist not working, have no other prolems, ipt_mac does not exists in >> kernel 3.2.xBut xt_mac does. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On Sat, 21 Jan 2012 07:25:47 -0800, Tom Eastep wrote:>>> maclist not working, have no other prolems, ipt_mac does not exists >>> in >>> kernel 3.2.x > > But xt_mac does.dump is sent, had to wait until rush hour was gone ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On Sun, 2012-01-22 at 01:00 +0100, Benny Pedersen wrote:> On Sat, 21 Jan 2012 07:25:47 -0800, Tom Eastep wrote: > > >>> maclist not working, have no other prolems, ipt_mac does not exists > >>> in > >>> kernel 3.2.x > > > > But xt_mac does. > > dump is sent, had to wait until rush hour was goneI took a look at the dump this morning and there doesn''t seem to be anything incorrect with the the Shorewall-generated ruleset. So assuming that you only want to accept connections from the router with MAC address 1C:4B:D6:2D:80:B3, it should work. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On Sun, 22 Jan 2012 07:00:30 -0800, Tom Eastep wrote:> I took a look at the dump this morning and there doesn''t seem to be > anything incorrect with the the Shorewall-generated ruleset. So > assuming > that you only want to accept connections from the router with MAC > address 1C:4B:D6:2D:80:B3, it should work.wan policy is drop, i want accept to this mac from wan, so its my fault ? maybe better do it over vpn, but keep it simple is my goal why did you post this mac on maillist :( ------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
On 01/22/2012 02:38 PM, Benny Pedersen wrote:> On Sun, 22 Jan 2012 07:00:30 -0800, Tom Eastep wrote: > >> I took a look at the dump this morning and there doesn''t seem to be >> anything incorrect with the the Shorewall-generated ruleset. So >> assuming >> that you only want to accept connections from the router with MAC >> address 1C:4B:D6:2D:80:B3, it should work. > > wan policy is drop, i want accept to this mac from wan, so its my fault > ? > > maybe better do it over vpn, but keep it simple is my goal > > why did you post this mac on maillist :(MAC addresses are only valid on the ethernet segment where the adapter is connected. And within that segment they are very easily discovered. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
On Mon, 23 Jan 2012 21:39:37 -0800, Tom Eastep wrote:> And within that segment they are very easily discovered.will drop the maclist so, openvpn replacement better ? ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d