similar to: Local Network Can't Get Past Shorewall to the Internet

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

Hi folks Im currently doin firewall project.. the scenario is like this.. my application server open port number 3079 the server ip is 202.188.0.132. and now the port can be accessed from everywhere. Now i want to block all the everywhere accessed. But my problem is, the application will be accessed by few locations that doing transaction with the application server. and the said locations are

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

I want to build a robust firewall for a resort installation. The resort''s telephony is entirely VOIP, asterisk based. We have the following internet feeds: 1) 512/512 kb fixed bandwidth leased line with static IP from Telco- primary connection, expensive, to use for VOIP, VPN traffic, mail server, SSH access for remote work. Reliable. 2) 256/512 kb ADSL from Telco, not fixed IP -

Hi all well im using two interfaces.. e.g: eth0:202.188.9.2 is WAN and eth1;192.168.1.1 is LAN.. when im in LAN let say from 192.168.1.9 i cant open WAN IP address e.g: 202.188.9.2 .. why? how to set this?... i only can open 192.168.1.1 .. if possible i want to have both accessable.. thanks rgds amir

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I''m worked all day on an issue I found today and I just can''t find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1

Hi All, I''m using Shorewall 3.0.4 and I''m wondering if it is possible to do traffic shapping on only one interface from a bridge. The firewall has got 3 NIC, eth0, eth1, eth2. eth0 and eth2 are bridged, but if I''m right, when you specify a traffic rate for a link, you do it for the interface. In my case, eth0 and eth2 do not appear in the interface file, but it is

Hello, My hoster updated its kernel packages... It contained some old problems that should have been fixed. My servers have now a wonderful 2.6.21.5 kernel + grsec running. Both are running Debian 4.0 (stable release). mx:/etc/shorewall# iptables --version iptables v1.3.6 mx:/etc/shorewall# uname -a Linux mx.network-hosting.com 2.6.21.5-grsec-xxxx-grs-ipv4-32 #1 SMP Fri Jul 27 17:18:23 CEST

Rene apparently believes that I run a personal consulting service. I don''t -- here is the response to my last post. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hi all, I''m trying to set up a transparent proxy with dansguardian, and running into some strange issues with the squid setup without dansguardian. I have used shorewall for quite some time, and I''m stumped as to why I can''t get this to work. Here is a brief synopsis of my network. loc --> gateway/firewall--> net I have the following policies: #firewall to

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

Hello, after upgrading Shorewall (see subject) and Gentoo-Linux (from Kernel 2.6.12 to 2.6.15, both with Gentoo patches, e.g. not Vanilla) the firewall on our load balancer rejects HTTP packets for the VIP with >Mar 5 23:22:51 balance Shorewall:all2all:REJECT:IN= OUT=eth0 >SRC=XX.XXX.XXX.XXX >DST=XXX.XXX.XXX. XXX LEN=48 TOS=0x00 PREC=0x00 TTL=114 >ID=26421 DF PROTO=TCP SPT=2025

[192.168.0.0/24 Lan] v [Shorewall box ''Curtain'', 192.168.0.254, DHCP to ISP, and a OpenVPN tunnel 10.4.0.2] v [Internet] v [Shorewall box ''statler'' 130.241.25.165, and an OpenVPN tunnel 10.4.0.1] Now, i have set a rule on statler ACCEPT vpn $FW tcp smtp and i have as below. root@statler:/etc/shorewall# cat zones | grep -v ^# net Net Internet

Hi all, I''ve a little server, an old PIII 677 with Fedora Core 4, default kernel, and Shorewall 3.0.1. This pc is working fine, but I need to use a 2nd ISP connection; everything is working from configuration point of view, but the server, after a while (usually few hours), just hangs. Removing the 2-ISP configuration part, the problem is solved, so I''m quite sure that hangs are

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

sorry, i''m confuse where to post my problem.. i was post to shorewall-users, but must read to support.html this''s my problem ----------- i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same

Our VPN runs for 3 months very well with a minimum of traffic <100 kbit/s. Only DNS Zones and nagios passive checks were transferred. Everything seems to work. Left side is x.x.x.14 (host 1) Subnet 10.0.0.0/24 openswan 2.4.4 shorewall 2.4.2 & iptables 1.3.4 gentoo 2.6.12-r9 with policy match It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is another gentoo 2.6.12-r9