similar to: Shorewall Development Schedule

Displaying 20 results from an estimated 10000 matches similar to: "Shorewall Development Schedule"

2010 Apr 12
21
Using the limit action on a DNAT rule to prevent DoS attackson a specific port
Hi there. I''m reading and reading through the doc''s and previous posts, but cannot seem to find what I''m looking for. I want to create a rule that prevents DoS and maybe even DDoS attacks against a specific port. The current rule looks like this (the PORT''s and IP''s are dummies of course): #ACTION SOURCE DEST
2010 Apr 16
3
Route availability check
Hi list, is it true that Shorewall is not willing to forward traffic from a source-ip which is not reachable by a static route from Shorewall itself? To say it on another way. If Shorewall´s routing interface is neither connected nor able to reach that source ip does it forward or deny it? So the situation is the following. I send from an ip which is not part of interface nor hosts file. But
2010 Feb 27
3
Port Redirection
Hi Everyone! I''m having problems to redirect an UDP port to an external server. My firewall have 4 interfaces: NET, LOC (192.168.0.0/24), DMZ(192.168.1.0/24), CMTC(10.0.0.0/24). On CMTC interface I have a direct connection to another network using a VPN link. I need to redirect an UDP port to on server (10.1.0.2) on CMTC zone using my local IP (192.168.0.1) for gateway. I will use
2010 Mar 03
5
Applications running on the Firewall (MultiISP)
Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP
2010 Feb 24
3
Using NFLOG in shorewall6
Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the
2010 Apr 15
3
Please help: Shorewall 4.4.8 captures all traffic as "world" on both loc & net on a bridge firewall
Hello All, I¹ve installed the vanilla shorewall F12, I¹ve got it installed on a couple of other servers with no problems. no matter how I define the zones and interfaces, shorewall logs and allows, rejects or drops only traffic to world. ACCEPT:info net:<myip>/32 $FW icmp Shorewall:world2fw:REJECT:IN=br0 ACCEPT:info world:<myip>/32 $FW icmp
2010 Mar 07
3
DNAT not working
Hi I am having a problem with a DNAT rule where the packets being REJECT''d: DNAT:info net priv:192.168.6.15 udp 5060 With the following appearing in the log: Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT= MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25 DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000
2010 Mar 19
6
noob question
Hi list, thank you for Shorewall :) I''m trying to get a simple config to work but i can''t seem to work out how to gain access via ssh to the protected remote machine. But that doesn''t surprise me really as i have just spend well over an hour to find how to limit the lograte AND fill in the logburst in shorewall.conf. I have specified a logfile (not messages) in
2010 Mar 11
5
Question about setting up in a colo environment
Hello all, We are looking to retire our ancient PIX box at the colo and replace it with Shorewall, which we''ve been successfully using (along with OpenVPN) at the headquarters for quite a while. However, I''m missing something basic in the config. I have the base configuration set up, but cannot seem to get our routed IPs to be picked up. Here is the basic config: We have a
2010 Mar 17
2
DNAT Problem
Hi everyone! I''m having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: root@emudar:~# telnet
2011 Jul 05
24
Shorewall 4.4.21 RC 3
RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized
2011 Jul 05
24
Shorewall 4.4.21 RC 3
RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized
2010 Mar 19
1
snat
Hi, I have two public ip''s and i want to dedicate one ip for incoming and outgoing to one server. I followed http://www.shorewall.net/shorewall_setup_guide.htm and used the example of the daughter system. I have a machine connected on vmbr0 with address 10.10.10.1 listening on port 80 www. Still I can''t connect to this system. I''m forgetting something? Sincerely,
2010 Apr 17
1
NAT-PMP and Shorewall
Is there support for NAT-PMP in shorewall? If so, where can I RTFM? Thanks. ------------------------------------------------------------------------------ Download Intel&#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta.
2012 Apr 16
6
problems with shorewall proxyarp
Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.
2011 Aug 23
8
problems configuring shorewall in proxmox pve (debian5)
hello before asking my question I come My name is Santiago and I''m from Spain but I''m in Colombia I followed this guide: https://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html but when I run shorewall check, this error occurs: Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... ERROR: Invalid
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based system with dynamic provider gateways uncovered a couple of debilitating defects in the enable/disable logic). Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in
2011 Sep 17
4
Shorewall DNAT to IPSET
I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the contents of an ipset (lan:+serviceshost or similar) where the ipset is ensured to contain only one host, but can be changed dynamically when services are in maintenance mode and go to the "services are down" message on another server. Will this work, or am I barking up a fish here?
2010 Jun 15
4
TPROXY configuration
I''m trying to get TPROXY / Squid running and I have a few questions... I found this page: http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY However, it doesn''t explain what I''m seeing in the configuration. For the zone file, do I keep my loc and net configurations and just add the following to the file? - lo - - or do I remove the loc and net zones and