similar to: Expanding SSHKnock shell script, a few questions please

I have several computers connected to the internet through a DSL router that assigns rfc1918 (192.168.1.x) addresses to the systems connected. I have a server where shorewall is installed with one interface eth0, with a static ip (192.168.1.3). The router is configured to forward all connections from the internet to the linux server. I''d like to know how I can configure shorewall to

Hi, I have a linux box with vpn client. shorewall version 3.4.0 I can connect to a remote vpn network with the nortel vpn client. Can I allow local machines on my network to access remote vpn using Linux box as a gateway? Thanks and Regards Anuj ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges.

Hi, I''ve attached a patch which fixes a logging problem with log_rule_limit in custom actions. E.g. this action: ,----[ Whitelist ] | if [ -n "$LEVEL" ]; then | run_iptables -N ${CHAIN}Add | log_rule_limit $LEVEL ${CHAIN}Add WhitelistAdd DROP "$LOG_LIMIT" $TAG | run_iptables -A ${CHAIN}Add -j DROP | run_iptables -N ${CHAIN}Del | log_rule_limit

Hi list, thank you for Shorewall :) I''m trying to get a simple config to work but i can''t seem to work out how to gain access via ssh to the protected remote machine. But that doesn''t surprise me really as i have just spend well over an hour to find how to limit the lograte AND fill in the logburst in shorewall.conf. I have specified a logfile (not messages) in

Hello, Can anyone tell me my shorewall is get hacked ? or local Lan computers got Virus ? please see the following log. http://www.wilson-kwok.com/shorewall.txt Please help --------------------------------- 現在你可輕易阻擋垃圾郵件，立即使用Yahoo! Mail 你就會相信! ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express

Hi, How can only allow http,ftp,smtp define on outgoing rules ? Thanks _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and

Hi, I have a very simple server setup, using shorewall as my firewall. I have a line like this at the top of my rules file to allow ssh connections, but limited to 3 connection per minute with a burst rate of 3: SSH/ACCEPT net $FW - - - - 3/min:3 - Now when I have that in place, and from a remote machine run scp server:/some/file ., I find

> > ---------- Mensaje reenviado ---------- > From: Roberto C. Sánchez <roberto@connexer.com> > To: shorewall-users@lists.sourceforge.net > Date: Fri, 4 Jul 2008 18:52:36 -0400 > Subject: Re: [Shorewall-users] Shaper > On Fri, Jul 04, 2008 at 04:47:31PM -0500, RokeFeler wrote: > > Saludos, Tengo 3 inferfaces eth0, eth1, eth2 > > eth0 - Net > > eth1 -

Hello, Is it possible to split a port direction so it goes to one server or another? For example, I want abc.com to be routed to server X and def.com to go to server Y. Is it also possible to have e-mail addresses going to one server or another in the same concept so joe@abc.com will to server E and jane@abc.com goes to server F? If any of this is possible, what is the name of the

------------------------------------------------------------------------ Shoreline Firewall http://www.shorewall.net/ January 9, 2009 press@shorewall.net ------------------------------------------------------------------------ Subject: Public unveiling of logo design competition submissions The Shorewall developers are pleased to

------------------------------------------------------------------------ Shoreline Firewall http://www.shorewall.net/ January 9, 2009 press@shorewall.net ------------------------------------------------------------------------ Subject: Public unveiling of logo design competition submissions The Shorewall developers are pleased to

Hi, I have a machine with a Debian Stable installation that runs OpenVSwitch to connect a virtual machine on the same box. The machine is also running shorewall. The problem that I''m having is that shorewall try to run before openvswitch, this makes that shorewall fails because it can''t determine the IP of the virtual interface generated by openvswitch that start after

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

Package: xen-utils-common Version: 3.0.? debian etch : "i forgot to send a bugreport before doing an upgrade so i don't know exactli the version" when i do a shutdown of xen0 (halt or reboot system) by default it saves all my domUs, but if i don't have enough harddrive space to save the domUs' RAM xen doesn't detect it. And he try 1minute before writing a none

Hy guy's, thank you for the fantastic job you are doing. I need to know if xen 3.1 will ever included in etch, basically for the suspend/live migration issue for HVM guest's in Xen 3.0.X. Best Regards Christian Grassi -------------- next part -------------- An HTML attachment was scrubbed... URL:

I want to use lastest version of Shorewall in my fresh debian squeeze instalation, so I follow http://www.shorewall.net/Install.htm#Debian but, modify preferences file was not enough for me, I have to modify/add some other files in /etc/apt/ directory: 1.) include testing repo to source.list 2.) add APT::Default-Release "stable"; to apt.conf and pinning all other packages to stable

This problem probably has a simple solution, so I''m hoping the experienced shorewall users can help me. I''ve got a 3-interface (net,dmz, & loc) firewall and have several apache2 virtual web sites in the dmz. They come into 1 apache server in the dmz, and are redirected with the directive "ProxyPass" and "ProxyPassReverse" in my Apache

Hello people. I'm going to maintain a setup of several "big-resource" machines (>= 4 CPUs, >=8 Gb of ram), which should host large number of "small" systems in xen domains. As far as I understand, using "big machines" is not currently possible within debian xen packages, because there is no kernel with pae support to use in domain 0, which in turn

Package: xen-hypervisor-3.0.3-1-i386-pae Version: 3.0.3-0-2 Severity: minor The package description reads: This version of the hypervisor is built with PAE enabled, in order to support systems with more than 4GB of memory. If you have less than that you should probably choose the non -pae version. That's not entirely true. I tried installing the non-pae version on my ProLiant