Displaying 20 results from an estimated 6000 matches similar to: "Restricting access by time of day in Shorewall?"
2007 May 28
3
Log questions
Hello,
Can anyone tell me my shorewall is get hacked ? or local Lan computers
got Virus ? please see the following log.
http://www.wilson-kwok.com/shorewall.txt
Please help
---------------------------------
現在你可輕易阻擋垃圾郵件,立即使用Yahoo! Mail 你就會相信!
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
2007 May 25
49
Problem with ssh limit and scp stalling
Hi,
I have a very simple server setup, using shorewall as my firewall. I
have a line like this at the top of my rules file to allow ssh
connections, but limited to 3 connection per minute with a burst rate
of 3:
SSH/ACCEPT net $FW - - -
- 3/min:3 -
Now when I have that in place, and from a remote machine run scp
server:/some/file ., I find
2007 Jun 05
9
PPTP port forwarding question
Hello,
Please see the following picture:
http://www.wilson-kwok.com/pptp.jpg
I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server,
and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server,
but I cannot connect from my home to pptp server.
Here is the nat file:
210.0.0.1 eth0:2 192.168.0.2
Here is the rules
2007 Jul 08
6
mldonkey/edonkey - servers not connected
Hi,
I''m running mldonkey on same box as shorewall.
I follow this http://mldonkey.sourceforge.net/ShorewallConfiguration to open
ports for edonkey protocol
I add in /etc/shorewall/rules:
# eDonkey 2000
ACCEPT net $FW tcp 4662
ACCEPT net $FW udp 4666
but I could not connect to any edonkey server.
I check logs and notice that udp traffic on port 4666 is still dropped.
Jul 8 22:35:57
2007 May 25
4
machine in the dmz zone
Hi,
i wonder if there is any need to install shorewall on a machine
located in the dmz zone of shorewaal. ( 3 interfaces example)
mess-mate
--
You are a fluke of the universe; you have no right to be here.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE
2007 May 22
5
Shorewall and Xen with network-dummy
Hello *,
I''m trying to setup Shorewall under Ubuntu 7.04 and Xen configured to
use network-dummy instead of network-bridge (network-bridge seems to be
buggy at the moment under Debian/Ubuntu).
Is there a shorewall config example I can use in combination with
network-dummy?
In particular, with network-dummy there is no peth interface and the
bridge include the real eth interface.
I
2007 Jun 18
3
ip_tables: policy match: invalid size 308 != 116
when i start or restart syslog-ng, i''ve above message.
Can this be a shorewall or iptables synchro ?
mess-mate
--
April 1
This is the day upon which we are reminded of what we are on the other three
hundred and sixty-four.
-- Mark Twain, "Pudd''nhead Wilson''s Calendar"
2007 Jun 27
3
Adding custom iptables rules to shorewall
Hi,
I''m trying to add following iptables rules to shorewall:
iptables -I INPUT -d 192.168.1.1
iptables -I OUTPUT -s 192.168.1.1
What should I put in my custom action or any ware else?
I need these rules for munin accounting.
iptables -L INPUT -v -n -x
Chain INPUT (policy DROP 5 packets, 260 bytes)
pkts bytes target prot opt in out source
destination
7175
2007 Apr 18
12
multiple providers and tcrules without highmarks
I was previously using multiple providers on my "real linux" gateway
which had a kernel that supported high marks and I was policy routing in
tcrules. I''ve now moved to openwrt where their kernel apparently does
not have high marks.
I want to continue to be able to have multiple providers and a) policy
route between them and b) be able to set marks for other things like
2007 Jun 15
2
Using Proxy ARP inside Xen DomUs
Hello list
I''m considering moving shorewall to a xen domu and the using the Proxy ARP
method (we use NAT today).
Is it possible to have a Proxy ARP firewall inside a domu serving requests
to other domus with public IP-addresses placed on separate hardware (not the
hardware the domu with the firewall is on) ?
I figure that there''s a problem since it''s different bridges
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the
hosts file. In addition, it contains the first release of a new
Bridge/firewall implementation that uses the reduced-function physdev
match found in kernel 3.6.20 and 3.6.21.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2007 Jun 09
20
Shorewall 4.0.0 Beta 4
I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the
hosts file. In addition, it contains the first release of a new
Bridge/firewall implementation that uses the reduced-function physdev
match found in kernel 3.6.20 and 3.6.21.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2007 Jul 06
8
interop with strongswan / ipsec
I see support in shorewall for the KAME-tools, how about strongswan ?
I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my
vpn-gateway for the subnet behind it.
# Shorewall version 3.4 - Zones File
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
fil ipsec mode=tunnel mss=1400
net ipv4
2007 Jul 05
2
Re: [strongSwan] Interop problem Linksys WRV200 with Strongswan 4.1.3 / PSK
Hi Andreas,
I don''t know if the WRV200 is running freeswan or openswan.
We use the newest US-version of the linksys firmware 1.0.32.2 from 2.5.2007.
Another problem is in accessing the vpn-Gateway itself with ssh for
instance,
I get a freezing windows, whenever I tranfer more than just a few bytes.
I can type my login-name and my password, then get a prompt ...
but if I call,
2007 May 23
3
creating a static route (SUSE 10)
Hi,
We have a shorewall firewall running on SUSE 10. We have three nic''s, Lan, DMZ and Internet. We also have a Cisco Pix 506e. We moved from sending all our traffic through the pix to using the Suse box yesterday. The PIX is in the DMZ, with a connection to the LAN switch, the idea being that VPN users can connect to the pix to the lan.
The Pix is on the 10.0.1.x subnet, the lan is
2007 Jun 14
1
Conntrackd and shorewall
Hi,
I´m trying use conntrackd, shorewall and keepalived.
Conntrackd (now know as conntrack-tools) is working ok, keepalived
too, but i don´t know how to put some iptables rules in shorewall.
eth0 is the local area (192.168.0.0/24)
eth1 is the net area (192.168.1.0/24)
[1] iptables -P FORWARD DROP
[2] iptables -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -
j ACCEPT
[3] iptables -A
2007 May 16
1
www.shorewall.net/ftp.shorewall.net is down
The administrator of the main web/ftp site has informed me that the site
is currently down. Until service is restored, you can use:
http://www1.shorewall.net
ftp://ftp1.shorewall.net
Sorry for the inconvenience.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
2007 Jun 29
1
ipp2p traffic not rejected
Hi,
I''m using following rule in /etc/shorewall/rules
REJECT:ULOG:P2P loc net ipp2p:all ipp2p
iptables -L :
Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ULOG all -- anywhere anywhere ipp2p
v0.8.2--ipp2p ULOG
2007 Jul 09
1
Ipsec in Shorewall 4.0.0-RC1
Hi Tom, hi list.
I have an issue in in RC1. The Setup works flawlessly with 3.x and with the
shelll compiler of RC1, but with the same setup and the perl compiler my
IPSEC traffic gets dropped in net2all chain. Attached is a dump, compiled
with perl, including some dropped traffic, e.g. SRC=192.168.66.10
DST=192.168.1.2
Did I overlook something in migration process?
Alex
2007 Jul 11
1
IPSec Problem / hanging session
Hello Tom,
now here''s my dump file as .zip attachment, but named .txt, because the
list-server rejected the .zip,
then my second try (uncompressed) was rejected because of the size.
What I was doing is connecting from remote side of an ipsec tunnel
(behind gw 212.168.178.226), from
a windows machine with 192.168.246.20 to the firewall-system (remote ip
217.19.188.182 / internal ip
is