similar to: Re: Bug in shorewall auto start

In the docs at http://www.shorewall.net/Shorewall-perl.html, "Your ipsets must be loaded before Shorewall starts. You are free to try to do that with the following code in /etc/shorewall/start" implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts. In the default /etc/shorewall/start # /etc/shorewall/start # # Add commands below that you want to be

Hi all, I am looking for an easy shorewall log analyzer, nothing too fancy, just the most blocked traffic on a firewall by IP and port, preferably in daily reports or so. Which tool are you using? Thanks in adv, Erwin ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the

Tom & others, Two suggestions for small improvements in shorewall-interfaces.man. 1. Option dhcp, criterion 3., change "you have a static IP but are on a LAN segment with lots of DHCP clients." to "the interface has a static IP but is on a LAN segment with lots of DHCP clients." 2. Can the effect of the dhcp option be described briefly in one or

On September 5, Tom wrote: > In Shorewall 4.2, you can leave the ''loc:'' out of the DNAT- rule. I tried that just now (shorewall-perl 4.2.1), and I got an error: Checking... WARNING: Destination zone (172.29.0.29) ignored : /etc/shorewall/rules (line 38) ERROR: Unknown Host (0.0.0.0/0) : /etc/shorewall/rules (line 38) where 172.29.0.29 is the destination address on

Hello - I am a little problem trying to find what dependency I need to up date - This is what I see when trying to install: rpm -Fvh shorewall-* error: Failed dependencies: rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-common-4.2.0-0Beta3.noarch rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-perl-4.2.0-0Beta3.noarch I am using Centos 5.2 with the following RPM

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Beta 3 is now available for download. http://www.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-Beta3 ftp://ftp.shorewall.net/pub/shorewall/development/4.2/shorewall-4.2.0-Beta3 New Features: 1) Beginning with Shorewall 4.0.0, the -f option was no longer the default for ''/etc/init.d/shorewall start''. Beginning with 4.0.13 and 4.2.0-Beta3, this is also

Hi there, I''m total stuck in this. I have NO problems, with controlling port 80, 22, 21 and other TCP ports. But to open UDP port 27960 is very difficult for me, I''ve searched google, but can''t find a solution, therefore I ask the experts in here. My OS is Debian Etch 64 bit # uname -a Linux sauron 2.6.18-6-amd64 #1 SMP Fri Jun 6 05:24:08 UTC 2008 x86_64 GNU/Linux

Hi, I am trying something so easy but doesnt work for me. I want to have more than once zone in my lan, for example my lan es 192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs. etc here is my conf: Interfaces: -------------- #ZONE INTERFACE BROADCAST OPTIONS - eth3 detect net eth1 detect norfc1918 net eth0

On Fri, 2008-08-01 at 03:37 -0700, shorewall-users-request@lists.sourceforge.net wrote: > Re: How to block forwarding by port 25? (John Morris) Thanks, that helped to find out the infected pc in private network, also to stop sending spam without our knowledge. is there a good tutorial how to block p2p sharing and messengers with shorewall? i read some topics and posts in forums, but

Hi all, I´m running a server that frecuently needs to open a pptp session with a remote server outside my Company. This server is running behind a Shorewall firewall and I don´t find information in Shorewall web page because there is no information in the link http://www.shorewall.net/PPTP.htm#ClientsBehind Nowadays I can connect this server with the remote one but te session is closed after

I get this enabling the option "routestopped" in my interface (eth0, net, one interface): Failed to apply configuration : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... ERROR: Invalid Interface option (routestopped) : /etc/shorewall/interfaces (line 11) Means that routestopped don''tt work, is it? Then, what could i do? Thank you very

Hi. Im setting up a web farm test lab. I have a number of machines in the test last on a dmz zone on network 10.20.30.0. The test lab firewall has two NICS. One (eth0) has two ip addresses, eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is on a private network, 10.20.30.0. I want to use DNAT to allow test engineers to ssh into the machines in the web farm. I have

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in

Dear all, I have a multi-isp setup using DSL and leased line config for my firewall box using shorewall version 4.0.13. Clients behind the router can connect to the net without problem, they are always routed via the DSL (BusinessOne) provider. The problem i am having is that sometimes when the firewall tries to connect to the internet the connections time out (apt-get update, ping,

On by eth1 does nothing, I tried configuring Shorewall and just ignoring it, but Shorewall errors with "Unable to determine the routes through interface ''eth1''", searching high low seems to reveal I am either the first person ever to see this error, or it is so trivially overcome that it is not documented or commented upon anywhere on the internet. I tried all sorts

Hi, I have a simple question. I have my firewall with 2 external Ip and 1 lan. For example ISP1 FW LAN----Mail Server ISP2 Ok, when i DANT the smpt port to my mail server, I can see that the conection in my mail server comes from the external IP of my ISP. I need to change this so the conection to my mail server cames from the LAN IP from my firewall Is this possible?

Hi, I currently connect to my ISP via my adsl modem in bridge mode and PPPoE. I am due to put a second PPPoE ISP onto my firewall box which will give me ppp0 (general) and ppp1 (static leased line). The static leased line will run a number of services on its static IP and it is therefore imperative to make sure rules defined for the static line are assigned to the correct interface. I need this to

I am forwarding this post to the Shorewall Users mailing list. The email address ''support@shorewall.net'' is reserved for sending large or confidential attachments to the Shorewall support team. See http://www.shorewall.net/support.htm -Tom -------- Original Message -------- Subject: Question Date: Mon, 20 Oct 2008 11:30:04 +0000 From: Raul <rfunez@polar.es> To: