Displaying 20 results from an estimated 1000 matches similar to: "Re : DMZ and LOG"
2007 Jul 26
2
DMZ and LOG
Hello !!
I ve just install shorewall-common and shorewall-shell
I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts
fast eth2:172.17.0.0/16
epac eth2:172.18.0.0/16
fsa eth2:172.19.0.0/16
bu eth2:172.20.0.0/16
recto eth2:172.21.0.0/16
dmz eth1:81.91.225.224/27
I receive this error:
ERROR: Invalid zone definition for
2007 Nov 10
2
Access Point with Ethernet.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi:
I have a small infrastructure of network of local area, that are based on a
computer, with computer and with a Point Access, with Debian Etch 4.0r1.
With Shorewall 3.2.6-2.
Well. Since I have two cards of network, which of which, I have left like that:
Internet --> Router (217.126.221.65) --> eth1 (217.126.221.117) --> eth0
(LAN
2013 Jan 08
4
Splunk Module Development Recommendations
Good morning,
We''ve been testing PE and beginning developing modules for our
infrastructure. One of the modules I''m looking to create is an installation
for Splunk, with the primary focus at this time, on the Forwarder. I
already have the splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb package
being fetched from the Master and also performing the installation via
dpkg. I
2007 Aug 06
3
how do I use shorewall to protect server from ARP spoofing attack ?
My firewall is using shorewall 3.0.x and CentOS
Recently, I found that firewall is attaching from ARP spoofing..
There are a lot of "out of socket memory" in messages log
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and
2007 Aug 23
4
Monthly traffic limit
Hi Shorewall Users :)
I have found shorewall firewall and seems to be interesting.
I need to setup a configuration my my network users because i only have 50gb
of traffic per month.
I want to know if the shorewall can make a 48gb per month limit, but
everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count.
Can shorewall do that ?
--
Sem Mais
Rui Oliveira
351 - Portugal
2007 Oct 11
5
Web log viewer
Hi.
What system or software are you using to show the iptables log files
(for example the dropped packages tagged as LOG in the Shorewall
rules)?
Thank you very much!
Bye.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files
2007 Jul 22
4
[Patch] Support embedded systems better
Hi,
I am one of the developers of the FreeWRT project and I want to give
you some feedback. Shorewall runs quite fine on our supported devices,
but we need to patch Shorewall to get it
running as expected. The problem is the ip command and busybox 1.4.2.
Some words about busybox:
BusyBox is a multi-call binary that combines many common Unix
utilities into a single executable.
2007 Aug 20
6
have to restart shorewall after a dynamic IP change
Hi,
I''ve to restart shorewall when my dynamic IP was changed from my ISP.
Of course i can with a shell script do it automatically, but the
question is still there.. why ?
mess-mate
--
"I understand this is your first dead client," Sabian was saying. The
absurdity of the statement made me want to laugh but they don''t call me
Deadpan
2007 Nov 07
3
Blacklist questions ...
This mail goes mainly to Tom, as he sent some Laptop configurations files
to the list.
I checked the files you had sent to the list as answer to
[Shorewall-users] Shorewall on a laptop
Now - Is there a specific reason why you actually lock/blacklist the
following ports ?
- udp 1024:1033,1434
- tcp 57,1433,1434,2401,2745,3127,3306,3410,4899,5554,6101,8081,9898
These should IMHO be blocked by
2007 Aug 13
4
Problem with iprange in shorewall 4.0.2
Hi,
I have the following problem while activating this rule entry using shorewall-shell:
ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535
"-m iprange" in front of "--dst-range" is missing in the activation command.
The logging entry (above) is set correct.
Below is the debug output.
Thanks
Regards
Günter
+ case $level in
+
2007 Nov 09
3
Shorewall + Squid transparent + Apache
I remember to see something about that in shorewall.net some time ago,
but I could not find it today ...
The case :
Debian Etch, Shorewall 3.2.6, squid3 and Apache 2 .
The first 3 where already running fine for some time ...
Now I need to setup an Apache server to allow some web mannagement,
things like PHPsysinfo, phppgadmin, just for internal net, no web access .
but port 80 is redirected to
2007 Oct 23
2
Is it possible to stop ARP broadcast with Bridge shorewall ?
Dear shorewall list enthusiasts,
I recently set up a dedicated linux box running shorewall
in order to isolate my network from the "evil other side" :)
It works so well that I first have to thank and congratulate
everybody that took part in this project !
Then, I have a question, that separates my setup from "wonderful"
to "heaven" : I activated the
2007 Aug 15
8
Shorewall and printing problems in the LAN ( loc ) zone
Guys,
Just a quick check. From what i have read in the
shorewall site, intrazone traffic is allowed
completely by shorewall i.e. there is no filtering or
packet size limiting ,etc,etc.
I ask this becos after getting shorewall up and
running well, someone has complained that they cannot
print pdf files larger than 100k at one go but that
they have to print one page at a time.
Some details;
2007 Oct 26
10
Port problem.
Hello,
We have a video conference server using tcp and udp 3001 prot in internal,
external user said that can''t connect to video server and held on 3001 fail,
the following is file configuration,
nat: 1.2.3.4 eth1:3 192.168.0.18
rule: video/ACCEPT net loc:192.168.0.18
marco.video:
PARAM - - tcp 3000
PARAM - -
2007 Aug 04
3
CONNMARK and CentOS4
Hi All,
It''s an old problem and still isn''t fixed :( I need the connection
marking support to enable the triplet of ISP''s we use. However, I
downloaded the latest 2.6.22.1 kernel, made an RPM and installed it. I
see the following kernel modules (which looks promising):
/lib/modules/2.6.22.1/kernel/net/netfilter
xt_connmark.ko
xt_CONNMARK.ko
Which yields the
2007 Nov 07
5
shorewall compile as non-root user
Hello,
please excuse me if this has been discussed or even solved before, but
I could not find it in the archives.
I''m in the process of migrating several gateways to shorewall-lite,
keeping the configfiles on one central adminstrative machine,
basically following the guide at
http://www.shorewall.net/CompiledPrograms.html .
As I understand it, the local /etc/shorewall directory on the
2007 Jul 29
3
Integrating QoS and Traffic Shaping from HowToForge Article
Hi !
I found an excellent article about QoS and traffic shaping for VoIP (Asterisk
IAX protocol), which is designed to improve sound quality even over very busy
lines.
http://www.howtoforge.com/voip_qos_traffic_shaping_iproute2_asterisk
Should I just cut and paste all that to shorewall''s tcrules (replacing 4569
with 5060)?
Additionally, author of this article uses IAX protocol,
2007 Aug 24
13
Shorewall 3.4.x - Error when (re) starting - segmentation fault
Shorewall 3.4.6 running on SuSE Linux 10.2
Compiling Rule Activation...
Shorewall configuration compiled to /var/lib/shorewall/.restart
Processing /etc/shorewall/params ...
Restarting Shorewall....
/sbin/shorewall: line 665: 6782 Segmentation fault
$SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart
got this with V3.4.4, updated to 3.4.6 this morning, but that didn''t help.
2007 Nov 06
1
Shorewall and Multiple Internet Connections
I set up a firewall following:
http://www.shorewall.net/MultiISP.html
Using shorewall 4.0.5 and a 2.6.22 kernel
Attached a dump from shorewall.
It''s setup for testing.
I have an internal host set to it as the default route.
The ipsec.conf file is renamed to keep it from messing up the vpns.
Most things are working OK.
I''m a bit concerned that all the outgoing nat traffic is
2007 Aug 21
10
Bug in Multi-ISP support
In helping a user on IRC today, I was dismayed to find that a bug that
was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I
found that the bug is present as far back as 3.2.6 (I didn''t look back
further since 3.2.6 was the release where the user (re-) discovered the
bug.
If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are
behaving as if TC_EXPERT=Yes was