similar to: FTP/DNAT Issue

Hi all, I have a VPN setup but it only works once in a while. It seems my firewall (shorewall 3.0.8) is blocking protocol 47. Here is what I have: eth0: internet eth2: dmz - my pptp server My entry In the rules file: pptp/ACCEPT fw dmz:192.168.253.2 My pptp macro ############################################################################### #ACTION SOURCE

I just setup the Shorewall in my school, but now all clients can''t through to internet, all servers can through to internet with NAT, when I disabled NAT that all servers can''t through to internet. Below is my school network: internet ---> shorewall ----> loc ---> ciso router ---> loc1 Below is my config files: policy: # If you want to force clients to

Now I step by step to configure Shorewall to match my school environment, the following error when I restart the Shorewall. ..End Macro iptables v1.2.11: Unknown arg `--sports'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports !

Hi all, I am having an issue with a multiple ISP setup. I have followed the docs online and I think I have everything setup correctly but I can get the desired traffice to go out my secondary ISP. A quick run down on what I am trying to acomplish. I want to send all sip/iax traffic out one ISP in the net zone and then send all other traffic out my secondary ISP in the dsl zone. Attached is

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

Hi When I start shorewall, the multicast stream is stopped. My config: Windows VLC Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux VLC Streaming server 192.168.254/24 lan wan (but it''s really a internal lan !) 191.168.1.21/16 on the FW/shorewall route add -net 224.0.0.0 netmask

Hi, How can only allow http,ftp,smtp define on outgoing rules ? Thanks _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and

Hi all I need to create following rule (described): All connections from any zone going to server 80.1.1.1 on port 210 in zone DMZ should be redirected to that same IP in same zone but on port 200 So basically for all zones I want to redirect requests for port on server to different port on same server. None of the examples i found in documentation, FAQ or mailing list cover this particular

I have a couple of firewalls that are rather complicated - one has 21 interfaces, and the other has about 50 (there''s some heavy use of 802.1q, they only have half a dozen network cards). They work okay, but - compiling the rules takes a long time even on the faster servers, and restarting shorewall-lite takes between 5 and 10 minutes (during which time, only the routestopped stuff will

I''m having troubles with my outbound VOIP connection. I''m convinced that I don''t have QOS/traffic shaping configured properly in my shorewall linux firewall, which serves as my Asterisk VOIP server and Internet router/gateway. I don''t have a separate router box. I''ve been using VOIP for about a year now, but just recently realized that I need to

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

Hello, I changed the log path in shorewall.conf, LOGFILE=/var/log/messages to LOGFILE=/var/log/shorewall, and then I touched the shorewall file in /var/log, permission root:root 600, after shorewall restart, no logging messages appear in /var/log/shorewall. so how can I fix this problem ? Thanks !! _______________________________________ YM - 離線訊息

Hello everyone! How are you? Hope you''re well :) Here''s my setup at home: Internet -> (eth1) Comp1 (shorewall, DHCP, dns server, Internet sharing) (eth0) -> Linksys (wireless) ~~~~~~~~~~~~ (wlan0) Comp2 (eth0) -> IP Phone My computer1 is well confiugred, everything was working right and well. I decided to move the IP Phone to the COmputer 2. I was able to make this

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hey guys I''ve been beating my head on this for a few hours. Maybe it is just a stupid configuration error you can point me at. First here is a small diagram of what I am trying to configure: http://6bit.com/img/netdiag.png Currently I only have Shorewall running on the host on the right of the diagram until I can get this working then I''ll add it to the other host as well.

Hi! It''s me again bothering you guys, what I want to do is to give full bandwidth to VPN traffic and limit the rest to 30KB/s (kilobytespersecond), ok? Here''s what I have: tcclasses ################################## eth0 1 1kbps 70kbps 1 eth0 2 1kbps 30kbps 2 default eth1 3 15kbps 10000kbps 1 eth1 4

I am completely new to this.. I am trying to make simple traffic control.. I have read quite some manuals and posts that i found, but i don''t understand much, i think.. My situation is: i have linux server which i am using for firewall for local network.. also on same linux server i have torrentflux for downloading torrents.. What i want to do is to give priority to local clients(2-3

Running shorewall 3.0.6, Linux 2.6.16, iptables 1.3.0. This firewall has eth1 facing the DMZ and eth0 is a 802.1q trunk with 6 VLANs and zones on it. I would like to allow one subnet living out beyond the DMZ to have access to all zones on this firewall. It seemed that creating a zone would allow for this to be done cleanly via a line in the policy file. I defined this special subnet as the