similar to: Unreplied message when i try to connect to an internal system

I am having a problem with connections from a server behind a shorewall firewall. Both machines are running redhat 8.0 with a custom 2.4.20 kernel. The problem lies with a mail server I am configuring which has been able to send mail to all hosts, except this one. The connection starts with the SYN_SENT, and then just hangs there. (telnet to remote server on port 25 just hangs trying to

Hi all, I''m new to shorewall and have been struggling with several problems for several days now. Most of them are solved, but one still persists. The firewall is running on my server under Debian Sarge (Kernel 2.6) I''ve got three network interfaces: ppp0 (DSL Internet) eth1 (lan) ath0 (wlan) eth1 and ath0 are bridged together to br0. The problem is, that Samba (also running

https://bugzilla.netfilter.org/show_bug.cgi?id=1183 Bug ID: 1183 Summary: need options to output UNREPLIED connections Product: conntrack-tools Version: unspecified Hardware: x86_64 OS: Fedora Status: NEW Severity: enhancement Priority: P5 Component: conntrack Assignee:

I''ve installed a bering box acting as a firewall for a lan; the lan is 192.168.1.0/24 the bering box is 192.168.1.254 I''ve installed a squid server 192.168.1.1 It is possible to configure shorewall for a transparent proxy to the squid server? I''ve tryed with REDIRECT loc loc:192.168.1.1:3128 tcp www - !192.168.1.1 in the rules file I get this error: Error:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1

Hello, I''ve finally managed to setup a firewall with freeswan 2.04 using the kernel crypto api (backported from kernel 2.6). (Almost) everything seems to work fine if I disable shorewall, but packets are filtered whe shorewall is active. I''ve already read a past thread on the subject and I followed all the hints and it actually partially works: my lan I can access the remote

Hi, Trying to figure out why I cannot get access to dell.com Their site is up because I can browse using a different firewall. Trying to find out where the logs are located and what log files it would write to if it were to deny browsing to a website. I can see the [UNREPLIED] when using the shorewall status. Was hoping to know what logfile it is writing it to. Thanks in advance, Elmer

https://bugzilla.netfilter.org/show_bug.cgi?id=1203 Bug ID: 1203 Summary: 'DisableExternalCache On' seems to be broken Product: conntrack-tools Version: unspecified Hardware: All OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: conntrack-daemon Assignee:

I wonder if someone can tell me what these ''unknown'' remarks mean in my status file. They are only in the last portion of the file and are listed below. If they mean nothing, I will rest easy. But if not it means I need to fix something. Your thoughts would be appreciated. ---------------- udp 17 92 src=24.224.173.220 dst=24.222.0.75 sport=1027 dport=53 src=24.222.0.75

Hi !, I have this problem. On a Mandrake 10.0 server with all the updates (Kernel 2.6.3-15mdk, iptables-1.2.9-7mdk and shorewall-2.0.3a-1mdk), one of our internal users have to FTP some files to our external web server. I think we have the correct configuration and rules in shorewall, and have read the http://www.shorewall.net/FTP.html document. Still, our users can''t FTP to the

I must have something configured wrong somewhere. I''ve enabled proxy-arp on my shorewall 2.0.7 firewall. Works fine for what its supposed to do, I can see all the machines through it great. However, whenever its enabled, the network on the DMZ goes screwy. I''ve narrowed it down to this: when proxy arp is enabled for that interface, like such: echo 1 >

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=70 Summary: udp connection(snmp) not being tracked. Product: netfilter/iptables Version: patch-o-matic Platform: All OS/Version: Debian GNU/Linux Status: NEW Severity: major Priority: P2 Component: connection tracking AssignedTo:

I''m having a problem with the Shorewall firewall and CUPS printing interfering with each other. My Linux firewall machine is acting as both a CUPS server and client for all of my tests. Shorewall 2.0.13 CUPS 1.1.22-2 Linux kernel 2.6.9 CUPS was working fine to print to my Epson C84 (network connected via a Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I

I have the need to know how many connection the server has, i run this command but i don't know how to sum all the results and get a final number. any ideas? netstat -an | grep -E 'tcp|udp' | awk '{print $6}' | sort | uniq -c | sort -n ?? 1 CLOSE_WAIT ?? 1 FIN_WAIT_2 ?? 1 LAST_ACK ?? 1 TIME_WAIT ?? 4 SYN_SENT ? 15 ? 37 LISTEN ? 44 ESTABLISHED

---------- Original Message ---------------------------------- From: "Jim Van Eeckhoutte" <jim@vaneeckhoutte.com> Reply-To: <jim@vaneeckhoutte.com> Date: Mon, 8 Jul 2002 15:27:14 -0700 this is shorewall status output: tcp 6 431899 ESTABLISHED src=192.168.20.5 dst=64.4.12.45 sport=2185 dport=1863 src=64.4.12.45 dst=63.25.123.58 sport=1863 dport=2185 [ASSURED] use=1

Hi, I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

(Sorry, my previous post was sent in HTML format) I am having a hell of a time with shorewall... I have a Dlink DCM202 Cable modem with the Ethernet connected directly to eth0 on the linux box. Then I have a second nic on the linux box connected to a hub for the internal network. I am trying to allow traffic from the internet connect to my FTP and WEB servers on my Winbloze box on the lan.

Hi Tom Here is the output of shorewall status Thanks Lars [H[2JShorewall-2.0.13 Status at - Thu Dec 30 21:43:44 CET 2004 Counters reset Thu Dec 30 15:38:17 CET 2004 Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 38383 11M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp --

Hi all! Samba 2.x has been running for a while now but now it's time to upgrade. I tried everything (Google, Books, HOWTO's, etc.) but for the last month I've been unable to perform a succesfull migration. Maybe I try to do to many things at once but I cannot get the following to work: - Move the samba domain from a 2.x server to 3.x on a different machine - switch to a ldap