Displaying 20 results from an estimated 10000 matches similar to: "Shorewall Development Schedule"
2010 Apr 12
21
Using the limit action on a DNAT rule to prevent DoS attackson a specific port
Hi there.
I''m reading and reading through the doc''s and previous posts, but cannot
seem to find what I''m looking for. I want to create a rule that prevents DoS
and maybe even DDoS attacks against a specific port. The current rule looks
like this (the PORT''s and IP''s are dummies of course):
#ACTION SOURCE DEST
2010 Apr 16
3
Route availability check
Hi list,
is it true that Shorewall is not willing to forward traffic from a source-ip
which is not reachable by a static route from Shorewall itself? To say it on
another way. If Shorewall´s routing interface is neither connected nor able
to reach that source ip does it forward or deny it?
So the situation is the following. I send from an ip which is not part of
interface nor hosts file. But
2010 Feb 27
3
Port Redirection
Hi Everyone!
I''m having problems to redirect an UDP port to an external server. My
firewall have 4 interfaces: NET, LOC (192.168.0.0/24),
DMZ(192.168.1.0/24), CMTC(10.0.0.0/24). On CMTC interface I have a
direct connection to another network using a VPN link.
I need to redirect an UDP port to on server (10.1.0.2) on CMTC zone
using my local IP (192.168.0.1) for gateway. I will use
2010 Mar 03
5
Applications running on the Firewall (MultiISP)
Hello,
it seems I am hit by http://shorewall.net/MultiISP.html#Local :
"Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP
2010 Feb 24
3
Using NFLOG in shorewall6
Dear all,
I have configured both shorewall and shorewall6 on my firewall. Shorewall is
using ULOG as logging target and since that did not seem to work I tried using
NFLOG in shorewall6. However, nothing is logged in the /var/log files.
Three questions:
- What am I doing wrong? I just use LOG=NFLOG in the params file.
- Can I use NFLOG for shorewall too?
- Do I need ulogd when setting the
2010 Apr 15
3
Please help: Shorewall 4.4.8 captures all traffic as "world" on both loc & net on a bridge firewall
Hello All,
I¹ve installed the vanilla shorewall F12, I¹ve got it installed on a couple
of other servers with no problems. no matter how I define the zones and
interfaces, shorewall logs and allows, rejects or drops only traffic to
world.
ACCEPT:info net:<myip>/32 $FW icmp
Shorewall:world2fw:REJECT:IN=br0
ACCEPT:info world:<myip>/32 $FW icmp
2010 Mar 07
3
DNAT not working
Hi I am having a problem with a DNAT rule where the packets being REJECT''d:
DNAT:info net priv:192.168.6.15 udp 5060
With the following appearing in the log:
Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT=
MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25
DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000
2010 Mar 19
6
noob question
Hi list,
thank you for Shorewall :)
I''m trying to get a simple config to work but i can''t seem to work out how
to gain access via ssh to the protected remote machine. But that doesn''t
surprise me really as i have just spend well over an hour to find how to
limit the lograte AND fill in the logburst in shorewall.conf.
I have specified a logfile (not messages) in
2010 Mar 11
5
Question about setting up in a colo environment
Hello all,
We are looking to retire our ancient PIX box at the colo and replace it with
Shorewall, which we''ve been successfully using (along with OpenVPN) at the
headquarters for quite a while.
However, I''m missing something basic in the config. I have the base
configuration set up, but cannot seem to get our routed IPs to be picked up.
Here is the basic config:
We have a
2010 Mar 17
2
DNAT Problem
Hi everyone!
I''m having time out problems when using a DNAT rule.
Rule:
DNAT:info cmtc loc:192.168.0.158 tcp 8011
Log:
Mar 17 17:50:17 gw kernel: [1583997.524924]
Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60
TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011
WINDOW=5840 RES=0x00 SYN URGP=0
Telnet:
root@emudar:~# telnet
2011 Jul 05
24
Shorewall 4.4.21 RC 3
RC 3 is now available for testing.
Problems corrected:
1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands
previously used the setting of RSH_COMMAND and RCP_COMMAND from
/etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf).
These commands now use the .conf file in the current working
directory.
2) The new parameterized
2011 Jul 05
24
Shorewall 4.4.21 RC 3
RC 3 is now available for testing.
Problems corrected:
1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands
previously used the setting of RSH_COMMAND and RCP_COMMAND from
/etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf).
These commands now use the .conf file in the current working
directory.
2) The new parameterized
2010 Mar 19
1
snat
Hi,
I have two public ip''s and i want to dedicate one ip for incoming and
outgoing to one server. I followed
http://www.shorewall.net/shorewall_setup_guide.htm and used the example of
the daughter system. I have a machine connected on vmbr0 with address
10.10.10.1 listening on port 80 www. Still I can''t connect to this system.
I''m forgetting something?
Sincerely,
2010 Apr 17
1
NAT-PMP and Shorewall
Is there support for NAT-PMP in shorewall? If so, where can I RTFM?
Thanks.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
2012 Apr 16
6
problems with shorewall proxyarp
Hi everybody.
I''m trying to configure shorewall folowing this manual:
http://www.montanalinux.org/proxmox-ve-with-shorewall.html
But with shorewall check it tells me thah:
Checking /etc/shorewall/interfaces...
ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16)
How can I define it in the zone file?
thanks for the help.
best regards,
Santiago.
2011 Aug 23
8
problems configuring shorewall in proxmox pve (debian5)
hello
before asking my question I come
My name is Santiago and I''m from Spain but I''m in Colombia
I followed this guide:
https://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html
but when I run shorewall check, this error occurs:
Checking...
Initializing...
Determining Zones...
IPv4 Zones: net loc
Firewall Zone: fw
Validating interfaces file...
ERROR: Invalid
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based
system with dynamic provider gateways uncovered a couple of debilitating
defects in the enable/disable logic).
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in
2011 Sep 02
10
Shorewall 4.4.23 RC 2
RC 2 is now available for testing (Early RC1 testing on a RedHat-based
system with dynamic provider gateways uncovered a couple of debilitating
defects in the enable/disable logic).
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in
2011 Sep 17
4
Shorewall DNAT to IPSET
I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the
contents of an ipset (lan:+serviceshost or similar) where the ipset is
ensured to contain only one host, but can be changed dynamically when
services are in maintenance mode and go to the "services are down"
message on another server. Will this work, or am I barking up a fish here?
2010 Jun 15
4
TPROXY configuration
I''m trying to get TPROXY / Squid running and I have a few questions...
I found this page:
http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY
However, it doesn''t explain what I''m seeing in the configuration.
For the zone file, do I keep my loc and net configurations and just add
the following to the file?
- lo - -
or do I remove the loc and net zones and