similar to: Policy

Now I step by step to configure Shorewall to match my school environment, the following error when I restart the Shorewall. ..End Macro iptables v1.2.11: Unknown arg `--sports'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports !

Hi, How can only allow http,ftp,smtp define on outgoing rules ? Thanks _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and

Hi all, I have a VPN setup but it only works once in a while. It seems my firewall (shorewall 3.0.8) is blocking protocol 47. Here is what I have: eth0: internet eth2: dmz - my pptp server My entry In the rules file: pptp/ACCEPT fw dmz:192.168.253.2 My pptp macro ############################################################################### #ACTION SOURCE

Hello All, I know that this should be a trivial issue, but I''m stuck. I''m totally new to Shorewall and although I''ve read all about the zones, they''re still a bit confusing for me. What I''m attempting to do is run an FTP server on an internal machine. I''ve read the example guide and troubleshooting guide, but I can''t figure it

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

Hi When I start shorewall, the multicast stream is stopped. My config: Windows VLC Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux VLC Streaming server 192.168.254/24 lan wan (but it''s really a internal lan !) 191.168.1.21/16 on the FW/shorewall route add -net 224.0.0.0 netmask

Hi all, I am having an issue with a multiple ISP setup. I have followed the docs online and I think I have everything setup correctly but I can get the desired traffice to go out my secondary ISP. A quick run down on what I am trying to acomplish. I want to send all sip/iax traffic out one ISP in the net zone and then send all other traffic out my secondary ISP in the dsl zone. Attached is

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

I just setup the Shorewall in my school, but now all clients can''t through to internet, all servers can through to internet with NAT, when I disabled NAT that all servers can''t through to internet. Below is my school network: internet ---> shorewall ----> loc ---> ciso router ---> loc1 Below is my config files: policy: # If you want to force clients to

I''m having troubles with my outbound VOIP connection. I''m convinced that I don''t have QOS/traffic shaping configured properly in my shorewall linux firewall, which serves as my Asterisk VOIP server and Internet router/gateway. I don''t have a separate router box. I''ve been using VOIP for about a year now, but just recently realized that I need to

Hello, I changed the log path in shorewall.conf, LOGFILE=/var/log/messages to LOGFILE=/var/log/shorewall, and then I touched the shorewall file in /var/log, permission root:root 600, after shorewall restart, no logging messages appear in /var/log/shorewall. so how can I fix this problem ? Thanks !! _______________________________________ YM - 離線訊息

I have a couple of firewalls that are rather complicated - one has 21 interfaces, and the other has about 50 (there''s some heavy use of 802.1q, they only have half a dozen network cards). They work okay, but - compiling the rules takes a long time even on the faster servers, and restarting shorewall-lite takes between 5 and 10 minutes (during which time, only the routestopped stuff will

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hello everyone! How are you? Hope you''re well :) Here''s my setup at home: Internet -> (eth1) Comp1 (shorewall, DHCP, dns server, Internet sharing) (eth0) -> Linksys (wireless) ~~~~~~~~~~~~ (wlan0) Comp2 (eth0) -> IP Phone My computer1 is well confiugred, everything was working right and well. I decided to move the IP Phone to the COmputer 2. I was able to make this

I am completely new to this.. I am trying to make simple traffic control.. I have read quite some manuals and posts that i found, but i don''t understand much, i think.. My situation is: i have linux server which i am using for firewall for local network.. also on same linux server i have torrentflux for downloading torrents.. What i want to do is to give priority to local clients(2-3

Hi! It''s me again bothering you guys, what I want to do is to give full bandwidth to VPN traffic and limit the rest to 30KB/s (kilobytespersecond), ok? Here''s what I have: tcclasses ################################## eth0 1 1kbps 70kbps 1 eth0 2 1kbps 30kbps 2 default eth1 3 15kbps 10000kbps 1 eth1 4

Hi everyone, I see that shorewall has "ratelimit" but i''m interested in deny conexions by number of them, not by number/sec. Is connlimit feature supported by shorewall? Or maybe someone have an extraofficial patch for them? Regards, Angel Mieres ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT

Running shorewall 3.0.6, Linux 2.6.16, iptables 1.3.0. This firewall has eth1 facing the DMZ and eth0 is a 802.1q trunk with 6 VLANs and zones on it. I would like to allow one subnet living out beyond the DMZ to have access to all zones on this firewall. It seemed that creating a zone would allow for this to be done cleanly via a line in the policy file. I defined this special subnet as the