similar to: Shorewall Configuration for Asterisk Box

Hi, I need a help... I''m a beginner with shorewall. I have two shorewall firewalls, each with a link. FW (a) - w/ openVPN eth0 = 192.168.150.5/24 eth1 = 192.168.200.5/24 eth2 = public IP eth3 = 192.168.120.5/24 tun240 = 10.240.255.1 /etc/shorewall/zones all zones declared as ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS tlm eth0

Hello , The folllowing is the error problem: Validating interfaces file... ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2 The shorewall interface file: net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians P.S. I tried to remove norfc1918 from interface

Hi, I have a Linux firewall based on shorewall with 2 NIC and ADSL (ppp0). My ppp0 ip is fixed. The internal NIC, eth1, is bridged with tap0, tap1 and tap2 to form br0. br0 subnet is 192.168.2.0/24. The firewall is configured to masq internal traffic and block whatever needs to be blocked. It is also configured to tunnel openvpn v1.6. I have a roaming laptop running XP. I can create a tunnel

Hi, I''m trying to use Shorewall (3.0.6) to accomplish what I thought was going to be fairly simple. Unfortunately, I can''t get the dmz to work correctly, and I''m getting martians logged against the interface at issue. Any help I could get would be greatly appreciated! A picture of my physical setup is attached. I have also attached a shorewall dump. To make a long

Hi all! I''m using shorewall 2.2.3 and I got a net device that seems to be a point-to-point device (that''s what ifconfig suggests): vpnlink Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:aaa.bbb.ccc.ddd P-t-P:aaa.bbb.ccc.ddd Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1300 Metric:1 RX

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None fw net ACCEPT None None net Any

Hi, I am using Shorewall 2.0.6 on Debian with iptables 1.29. Before I was using Shorewall 2.0.3 and If work correctly, I am not sure that my problems begin after upgrade to 2.0.6, but my problem is that I can''t see some websites on the pc clients ( such as www.microsoft.com ), but some websites yes ( they are not in the pc cache ). My config is Shorewall as gateway/router of

Hi, I''m new to shorewall and iptables. I installed shorewalls ver. 2.2 two days ago and it''s working now, but I have some questions concerning pppoe. I have my ISP''s connection to internet trough PPPoE over an ethernet card. On the ethernet card I have a static IP and I have access to all other ISP''s clients wich are in the same subnet (it''s a small

Hello! I configured a pptpserver on my firewall and followed the pptp-manual from Shorewall. Login via VPN to firewall (internal ip: 192.168.10.2) is ok and I can ping this server via internal ip (and use it: add samba-shares, etc.). Unfortunately I can''t connect to other hosts in my intranet (LOC). Ping from vpn-client to clients in intranet fails, although Shorewall-Log shows an

Hello all. First of all, please be a bit indulgent to my poor English :-). Second, this message is "kinda" BIG, so if you don''t like BIG messages, simply don''t read it :-). I''ve read http://shorewall.net/2.0/Shorewall_and_Routing.html and http://shorewall.net/MultiISP.html, however I still a bit confused how to organize what I need :-). I''ve a

Hi, I have a problem installing Shorewall 2.0.7 on a box, when I launch it I have: Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy

Hello all, I had setup shorewall before succesfully with a normal LAN to internet connection. Now I''m connected to the internet via VPN and I got problems with configuring Shorewall. Any help is appreciated. This is my setup: - Gentoo Linux laptop (kernel gentoo-dev-sources-2.6.8.1) with Shorewall 2.0.4 (setup for Standalone one interface) and iptables 1.2.11 - VPN client is

Hello, I forgot to put my #/etc/shorewall/policy file: # /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # adm net DROP info tlm net DROP info # net adm DROP

Hello, If I set my network interface to have "logunclean" along with "dhcp,norfc1918,routefilter,noping,tcpflags", then when I connect to http://welcome.hp.com/country/us/eng/support.htm and choose any of the product I get this. logpkt:LOG:IN=eth0 OUT= MAC=00:a0:cc:5b:09:5f:00:08:e2:32:34:70:08:00 SRC=192.151.11.205 DST=24.24.243.178 LEN=80 TOS=0x00 PREC=0x00 TTL=239 ID=14025

This is some of the messages I get: TCP non-syn/non-ack packet on invalid connection. Packet has been dropped TCP Source Port: http(80) TCP Destination Port: 2595 TCP Message Flags: 0x00000019 The TCP message Flags varies. I''ve seen 0x00000011, 0x00000010, 0x00000018, 0x00000004, 0x00000014 and 0x00000019. Intrusion: Invalid TCP Flags TCP Source Port: 6881 TCP Destination Port: 4307

Hello, I have the need to connect 2 remote site with vpn, the windows pc of the 2 site it can share the HD and printer. This is my configuration : LOCAL NETWORK A : ip from 192.168.10.2 to 192.168.10.99 | | | | eth0: 192.168.10.1 FIREWALL A : ( with debian ; openvpn ver. 2.0.beta15 ; shorewall ver 2.0.11 ) eth1 : xxx.xxx.xxx.xxx ( pubblic ip address ) | | | | INTERNET | | | eth1 :

Hello, I''m trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan trunk. My internal networks are : LAN(eth9): 10.0.0.0/16 VLAN10(eth9) 10.10.0.0/24 VLAN20(eth9) 10.20.0.0/24 VLAN30(eth9) 10.30.0.0/24 VLAN100(eth9) 10.100.0.0/24 I would like to post my configuration here since i don''t success to do the following: 1. Communicate between VLANxx to LAN

Hello! I have a problem using shorewall on an aliased interface. Let me give you a short description of the setup: eth0 uses DHCP and will be assigned a 10.38.0.0/16 address by my ISP; I use a host-route to access their PPTP on 10.0.0.138 with "pptp 10.0.0.138" ppp0 is the Internetconnection then (duh) At the same time I want to connect the box to my LAN using 10.1.0.0/16 or any

Now I have a weird problem I have testing with two networks. This trouble has to do with the hosts file. #ZONE HOST(S) OPTIONS loctw eth1:192.168.50.0/24 loctw ppp+:!192.168.50.0/24 locsa eth1:192.168.75.0/24 locsa ppp+:!192.168.75.0/24 loc eth1:192.168.25.0/24 #vpn3 ppp+:192.168.3.0/24 I can get through only one tunnel at

Bulgrien, Kevin wrote: > Your interface / zone / hosts / rules / policy / etc setup affects > the firewall status. I had a similar problem due to a configuration > file issue. I suggest posting that information to the list. The > status is does not necessarily clearly show what was done > incorrectly. > > It is probably not a rule problem, but rather a zone problem. Also