similar to: shorewall Dom0 config using Xen's default setup -- correct?

Hi, i wonder if there is any need to install shorewall on a machine located in the dmz zone of shorewaal. ( 3 interfaces example) mess-mate -- You are a fluke of the universe; you have no right to be here. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE

Hello *, I''m trying to setup Shorewall under Ubuntu 7.04 and Xen configured to use network-dummy instead of network-bridge (network-bridge seems to be buggy at the moment under Debian/Ubuntu). Is there a shorewall config example I can use in combination with network-dummy? In particular, with network-dummy there is no peth interface and the bridge include the real eth interface. I

Hi, We have a shorewall firewall running on SUSE 10. We have three nic''s, Lan, DMZ and Internet. We also have a Cisco Pix 506e. We moved from sending all our traffic through the pix to using the Suse box yesterday. The PIX is in the DMZ, with a connection to the LAN switch, the idea being that VPN users can connect to the pix to the lan. The Pix is on the 10.0.1.x subnet, the lan is

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

Hi, I''m running mldonkey on same box as shorewall. I follow this http://mldonkey.sourceforge.net/ShorewallConfiguration to open ports for edonkey protocol I add in /etc/shorewall/rules: # eDonkey 2000 ACCEPT net $FW tcp 4662 ACCEPT net $FW udp 4666 but I could not connect to any edonkey server. I check logs and notice that udp traffic on port 4666 is still dropped. Jul 8 22:35:57

Hello, Can anyone tell me my shorewall is get hacked ? or local Lan computers got Virus ? please see the following log. http://www.wilson-kwok.com/shorewall.txt Please help --------------------------------- 現在你可輕易阻擋垃圾郵件，立即使用Yahoo! Mail 你就會相信! ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express

I have delete "lo" Zones And Interface and rebuild all the firewall >From Local I ping www.google.fr with DNS resolution DNSMASK installed on the firewall. POSTFIX and Squid+SquidGuard Installed on firewall All clients machines have the IP of Firewall for Dns resolution New Dump joint Without Squid : I surf and all works perfectly With Squid And REDIRECT rule : surf Is VERY TOO

Hi, I''m trying to add following iptables rules to shorewall: iptables -I INPUT -d 192.168.1.1 iptables -I OUTPUT -s 192.168.1.1 What should I put in my custom action or any ware else? I need these rules for munin accounting. iptables -L INPUT -v -n -x Chain INPUT (policy DROP 5 packets, 260 bytes) pkts bytes target prot opt in out source destination 7175

when i start or restart syslog-ng, i''ve above message. Can this be a shorewall or iptables synchro ? mess-mate -- April 1 This is the day upon which we are reminded of what we are on the other three hundred and sixty-four. -- Mark Twain, "Pudd''nhead Wilson''s Calendar"

Hi, I have a very simple server setup, using shorewall as my firewall. I have a line like this at the top of my rules file to allow ssh connections, but limited to 3 connection per minute with a burst rate of 3: SSH/ACCEPT net $FW - - - - 3/min:3 - Now when I have that in place, and from a remote machine run scp server:/some/file ., I find

Hello, Please see the following picture: http://www.wilson-kwok.com/pptp.jpg I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server, and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server, but I cannot connect from my home to pptp server. Here is the nat file: 210.0.0.1 eth0:2 192.168.0.2 Here is the rules

i have no idea how to definie for a parallel zone the host file if the second zone (net) should be the composition of the first zone (dmz). i tried all the following combinations in the interface and host files: interface: - eth0 - (variante 1) - eth0 192.168.0.255,255,255,255,255 (variante 2) - eth0 192.168.0.255,!192.168.0.255 (variante 3)

Hello list I''m considering moving shorewall to a xen domu and the using the Proxy ARP method (we use NAT today). Is it possible to have a Proxy ARP firewall inside a domu serving requests to other domus with public IP-addresses placed on separate hardware (not the hardware the domu with the firewall is on) ? I figure that there''s a problem since it''s different bridges

Hi Andreas, I don''t know if the WRV200 is running freeswan or openswan. We use the newest US-version of the linksys firmware 1.0.32.2 from 2.5.2007. Another problem is in accessing the vpn-Gateway itself with ssh for instance, I get a freezing windows, whenever I tranfer more than just a few bytes. I can type my login-name and my password, then get a prompt ... but if I call,

I was previously using multiple providers on my "real linux" gateway which had a kernel that supported high marks and I was policy routing in tcrules. I''ve now moved to openwrt where their kernel apparently does not have high marks. I want to continue to be able to have multiple providers and a) policy route between them and b) be able to set marks for other things like

I''m currently using Shorewall 3.4.1 to manage a firewall for my LAN at home. It works very well, and I''m definitely pleased, but . . . . I now have a situation where I need to enforce access restrictions on a specific computer during specific times of day -- e.g., a particular computer might have no Internet access at all between 10 PM and 6 AM. Is there any way to do such a

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

Please see enclosed - from the Debian BTS. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/