similar to: Shorewall blocks LISa on port 7741

Hi i have a small problems on one of my interface : i can''t get traffic out and don''t know why. Ither user say me that i can use Shorewall for create the counter and after get the information for mrtg. Anyone know what is the process into shorewall 2.0.X ? i don''t want monitor by specified port, but all ports Thanks for your help

Hi all, I''m trying to set up traffic shaping and I''m having some difficulty. Here is what I want, and where I am. 1. HTTP and SMTP traffic needs to be priority 1. 2. All other traffic priority 2 3. Torrent traffic priority 3. My distro is Fedora Core 4, and the torrent protocol does not appear in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is built on top

>> Hello, >> >> I am using Debian Sarge, with Shorewall 2.2.3, >> >> for access control I am using hosts.allow : >> >> ALL: 144.131.xxx.xxx >> >> and hosts.deny: >> >> ALL: ALL >> >> I have a virtual machine that is being port forwarded to with Shorewall : >> >> DNAT net loc:10.0.0.100 tcp 3389

I am having a problem that I really just don''t get.... I have this in my rules file: DNAT net loc:192.168.1.2 tcp 21 21 Everything worked fine earlier today.. Now it is dropping packets destined for Port 21 /var/log/messages: Dec 14 00:36:39 pcp08479598pcs kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:0b:6a:3f:e6:72:00:01:5c:22:92:42:08:00 SRC=24.210.36.92 DST=68.57.216.61

Have read the comments about Shorewall not being a personal firewall, etc., and am not necessarily advocating such use, but, trying to get into the poster''s head, and doing some creative thinking, thought that possibly some form of EGID rule might help out if there is a reasonable reason behind the question. It is not hard for me to see how something like this could be useful.

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

When searching in google I could verify that many examples of used rules in shorewall do not exist to block port scanners external. Example: nmap. Somebody has some rule or example ? thanks.

Sorry for asking this, as I believe it to be a kernel-related rather than Shorewall-related problem. But some of you guys seem to have a lot of experience with these kind of things. I''m setting up a NAT''ing router with two ISP lines. At first sight, everything works as expected, however when the local machines try to keep a TCP-connection open for a long time, it disconnects

We are having problems remounting an ext3 filesystem using an external journal device. The filesystem in question was working fine until the server was rebooted. This is what we see on dmesg when trying to mount: EXT3: failed to claim external journal device. The external journal lives on a LVM2 logical volume and it seems to be accessible ( we can dumpe2fs and see filesystem information).

All, I have a problem with H323 the call disconnects when answered. The debug shows -- Executing Dial("SIP/sj1-4ff7", "H323/0797617729") in new stack -- Called 0797617729 -- H323/0797617729 is ringing -- H323/0797617729 answered SIP/sj1-4ff7 == Spawn extension (default, 0797617729, 1) exited non-zero on 'SIP/sj1-4ff7' -- Executing

 Hello, everybody.  This one''s got me stumped.  What I''m trying to do is have two networks--192.168.1.0 and 192.168.2.0--with SMB and WINS running between them.  So far I can mount SMB shares allright, but I can''t browse by WINS names across the router.  I''ve posted this question on Linuxquestions.org; you''ll find the details there.  Here are my

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

Hi there, I''ve read Routing on One Interface, and Shorewall and Aliased Interfaces docs but I''m a little confused, and all my test attempts have mostly failed. Here is my setup: CentOS 4.2 ShoreWall 3.0.2 My server has a subnet 192.168.50.0/29 routed to it via 192.168.1.2. Currently 192.168.1.2 is setup on eth0. With no ShoreWall involved routing seems to work if I just setup

Last question, I promise, I am running PopTop for PPTP on the same box as my firewall. I can connect to the box fine, but nothing will route between the VPN tunnel and the local hosts. I read the Some Hosts have Special Firewalling Requirements article and though it was what I needed, but either I don''t get it, or it doesn''t apply to me. Here is my config: Zones: #ZONE

(Sorry, my previous post was sent in HTML format) I am having a hell of a time with shorewall... I have a Dlink DCM202 Cable modem with the Ethernet connected directly to eth0 on the linux box. Then I have a second nic on the linux box connected to a hub for the internal network. I am trying to allow traffic from the internet connect to my FTP and WEB servers on my Winbloze box on the lan.

Hi folks, I have OpenVPN (respect for it developers) running on my FW. Is has two external NICs and on internal everything is fine, except I want OpenVPN (UDP port 1194) going not via default route/network interface. I use such commands: iptables -t mangle -D POSTROUTING -o eth0 -p udp --dport 1194 -j MARK --set-mark 0x990 ip rule add fwmark 0x990

Hi folks Im currently doin firewall project.. the scenario is like this.. my application server open port number 3079 the server ip is 202.188.0.132. and now the port can be accessed from everywhere. Now i want to block all the everywhere accessed. But my problem is, the application will be accessed by few locations that doing transaction with the application server. and the said locations are

Greetings all, I have just install Shorewall on a Debian system and I''m using it as a firewall on an internal network. The specifics of the system are as follows: firewall:/var/log# shorewall version 3.0.4 firewall:/var/log# uname -a Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST 2005 i586 GNU/Linux Shorewall start successfully and $FW can connect to the Internet for upgrading

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

Hi all, I have a client that has 4 subnets within his building, internet, office, business center and wireless. My plan is to use Shorewall but I have never tested it with more than 2 interfaces. Is this possible? Would there be any issues that might arise. Each subnet would have access to the internet but there will be no communications allowed between the others. Thanks in advance....