Displaying 20 results from an estimated 3000 matches similar to: "Shorewall 3.4.0 Beta 1"
2007 Jan 25
4
":T" flags in 3.4.0-RC1
I am trying to apply the new :T flag in tcrules. the man page for this
file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT.
this doesn''t seem to work on my setup. I have in tcrules :
------------------------------------------------------------------------
RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0
CONTINUE:T 0.0.0.0/0 0.0.0.0/0
2006 Nov 16
2
Connlimit in Shorewall?
Hi everyone,
I see that shorewall has "ratelimit" but i''m interested in deny
conexions by number of them, not by number/sec.
Is connlimit feature supported by shorewall? Or maybe someone have an
extraofficial patch for them?
Regards,
Angel Mieres
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
2006 Oct 03
2
Change log path problem
Hello,
I changed the log path in shorewall.conf, LOGFILE=/var/log/messages to LOGFILE=/var/log/shorewall, and then I touched the shorewall file in /var/log, permission root:root 600, after shorewall restart, no logging messages appear in /var/log/shorewall. so how can I fix this problem ?
Thanks !!
_______________________________________
YM - 離線訊息
2007 Feb 27
4
Outgoing rules
Hi,
How can only allow http,ftp,smtp define on outgoing rules ?
Thanks
_______________________________________
YM - 離線訊息
就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。
http://messenger.yahoo.com.hk
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net''s Techsay panel and
2006 Jul 20
2
Policy
Hello All, is it good to DROP all packets coming from net to other zones,
like dmz, loc & fw? or should I REJECT
Here is my Policy for packets from net:
net $FW DROP info
net loc DROP info
net dmz DROP info
net all DROP info
all all
2007 Jan 25
2
Redirecting to different port on same IP
Hi all
I need to create following rule (described):
All connections from any zone going to server 80.1.1.1 on port 210 in zone
DMZ should be redirected to that same IP in same zone but on port 200
So basically for all zones I want to redirect requests for port on server to
different port on same server.
None of the examples i found in documentation, FAQ or mailing list cover
this particular
2007 Mar 14
1
Trafic Shapping on alias interface/vlan
Hi
i don''t understand if i can add Trafic Shaping on a Alias ...
I have a lot of Interface with Vlan and i want add QoS on ...
i have put into tcdevices:
eth1.2002 1900kbit 1900kbit
eth1.2003 1900kbit 1900kbit
eth1.2004 1900kbit 1900kbit
eth1.2005 1900kbit 1900kbit
but after i have read this:
You may NOT specify the name of an alias (e.g.,
2006 Oct 09
1
Problem with routing
Hi All
I have the following setup
Users ------- Machine A ----------- Machine B ----------- Machine C
>From machine A to B:
Ipsec VPN
Allows 192.168.10.0/24 (Users) to connect to 192.168.20.0/24 (Network on
machine B)
>From machine B to C:
Ipsen VPN
Allows 196.44.33.118 to coccent to 192.168.241.65 (machine C)
I want to rewrite 192.168.20.33 to 192.168.241.65
This can be done
2006 Dec 30
1
Accumulating Physdev Counts
When using v2 we would modify the saved /var/lib/shorewall/restore file to
modify logging so we had separate counts by the physical device the
packets (actually, NEW connections, not total packet counts), such as:
-A LogStuff -j LOG etc
-A LogStuff -m physdev --physdev-in eth1 -j DROP
-A LogStuff -m physdev --physdev-in eth2 -j DROP
which gave us an idea where dropped traffic cam from
2007 Jan 23
1
IPSEC VPN tunnel with dynamic DNS
Hi all
Hi everyone
Shorewall 3.2.6 and OpenSWAN 2.4.4-18.2 are on SLES10 machine with public
fixed IP address on Internet interface. I am trying to establish IPSEC VPN
tunnel to network behind D-Link DI-804HV VPN router who is on dynamic IP
address. For this I am using dyndns.org alias on DI804 side.
Shorewall is stopping all packets comming from DI804 whey trying to
establish tunnel. Log on
2006 Aug 04
7
Transparent Proxy problem
Now I step by step to configure Shorewall to match my school environment,
the following error when I restart the Shorewall.
..End Macro
iptables v1.2.11: Unknown arg `--sports''
Try `iptables -h'' or ''iptables --help'' for more information.
ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports !
2007 Mar 13
1
Shorewall and QoS => VoIP Help please
Hi
i want see if my QoS are good because i am not very sure ... the VoIP
quality are not very good when i download.
I have on my Linux routeur/Firewall Asterisk .. and i have into my config :
================================================
tcdevices:
eth0 2000kbit 2000kbit
tcclasses:
eth0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc
eth0 2 full/4 full
2007 Apr 02
4
Amazing Result
I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under
Cygwin on this Windows XP system. I downloaded the two-interface sample
and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I
copied a capabilities file from my desktop and:
teastep@EASTEPNC6000 ~/Configs/test
$ shorewall check .
Checking...
Checking /home/teastep/Configs/test/zones...
Checking
2007 Apr 02
4
Amazing Result
I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under
Cygwin on this Windows XP system. I downloaded the two-interface sample
and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I
copied a capabilities file from my desktop and:
teastep@EASTEPNC6000 ~/Configs/test
$ shorewall check .
Checking...
Checking /home/teastep/Configs/test/zones...
Checking
2007 Jan 03
2
An interface can reference multiple zones...
Via creative use of the instructions at
http://shorewall.net/Multiple_Zones.html#id2497549.
But can a zone (in shorewall/interfaces) reference multiple interfaces?
I have two openvpn instances running on my server, one bridged (for
upstream access to some client vpn''s so I don''t have to request the
clients add new subnets to their routing tables) and one routed (for
nailed
2006 Sep 30
2
Bug? Packets dropped but they shouldn't
Here is my config:
dubenda:~ # shorewall version
3.2.1
dubenda:~ # ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether
2006 Jul 21
4
OpenVZ and virtuel network
Hello All
I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel
it work well
i have in this Host 3 virtual servers (VPS)
i can access from a VPS to the internet , and with NAt rule (Via
Shorewall) i can access from Internet to the 3 VPS.
i want that all the 3 VPS can communicate between them.
i can''t do a tcp connection from a VPS to an other , in my shorewall log
in the
2007 Feb 25
4
Trafic control - simple config, need help
I am completely new to this.. I am trying to make simple traffic control..
I have read quite some manuals and posts that i found, but i don''t understand
much, i think..
My situation is: i have linux server which i am using for firewall for local
network.. also on same linux server i have torrentflux for downloading torrents..
What i want to do is to give priority to local clients(2-3
2007 Jan 22
1
How to close SYN_RECV on port 80 ?
Hello,
today I came to my job and I noticed that apache is not running. When I
tried to run it, I learned that port 80 uis already in use.
Using netstat -aenpl I tried to learn wha proces is using port 80, but I
only leatned this:
tcp 0 0 172.16.0.1:80 172.16.0.1:35664 SYN_RECV 0 0 -
tcp 0 0 172.16.0.1:80 172.16.0.1:43464 SYN_RECV 0 0 -
tcp 0 0 172.16.0.1:80 172.16.0.1:33764 SYN_RECV 0 0 -
tcp
2006 Dec 07
7
shorewall and mrouted
Hi
When I start shorewall, the multicast stream is stopped.
My config:
Windows VLC Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux VLC Streaming server
192.168.254/24 lan wan (but it''s really a internal lan !) 191.168.1.21/16
on the FW/shorewall
route add -net 224.0.0.0 netmask