similar to: Re: How to block forwarding by port 25? (John Morris)

Hi all... I have configure a Shorewall gateway to my little lan im my home. The shorewall work fine here... However, when I try to use Limewire, I can download nothing.... On fact, I can''t get any high connection on Limewire.. What can I do to make Limewire work properly behind a Shorewall gateway???? May be I have to open all port (both tcp and udp), but how? Thanks a lot... Best

Hi, I have a simple question. I have my firewall with 2 external Ip and 1 lan. For example ISP1 FW LAN----Mail Server ISP2 Ok, when i DANT the smpt port to my mail server, I can see that the conection in my mail server comes from the external IP of my ISP. I need to change this so the conection to my mail server cames from the LAN IP from my firewall Is this possible?

Hi all, I´m running a server that frecuently needs to open a pptp session with a remote server outside my Company. This server is running behind a Shorewall firewall and I don´t find information in Shorewall web page because there is no information in the link http://www.shorewall.net/PPTP.htm#ClientsBehind Nowadays I can connect this server with the remote one but te session is closed after

Hi, I am trying something so easy but doesnt work for me. I want to have more than once zone in my lan, for example my lan es 192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs. etc here is my conf: Interfaces: -------------- #ZONE INTERFACE BROADCAST OPTIONS - eth3 detect net eth1 detect norfc1918 net eth0

Hello - I am a little problem trying to find what dependency I need to up date - This is what I see when trying to install: rpm -Fvh shorewall-* error: Failed dependencies: rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-common-4.2.0-0Beta3.noarch rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-perl-4.2.0-0Beta3.noarch I am using Centos 5.2 with the following RPM

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

In the docs at http://www.shorewall.net/Shorewall-perl.html, "Your ipsets must be loaded before Shorewall starts. You are free to try to do that with the following code in /etc/shorewall/start" implies that code in /etc/shorewall/start is executed BEFORE Shorewall starts. In the default /etc/shorewall/start # /etc/shorewall/start # # Add commands below that you want to be

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in

On by eth1 does nothing, I tried configuring Shorewall and just ignoring it, but Shorewall errors with "Unable to determine the routes through interface ''eth1''", searching high low seems to reveal I am either the first person ever to see this error, or it is so trivially overcome that it is not documented or commented upon anywhere on the internet. I tried all sorts

Hi. Im setting up a web farm test lab. I have a number of machines in the test last on a dmz zone on network 10.20.30.0. The test lab firewall has two NICS. One (eth0) has two ip addresses, eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is on a private network, 10.20.30.0. I want to use DNAT to allow test engineers to ssh into the machines in the web farm. I have

Hi, I currently connect to my ISP via my adsl modem in bridge mode and PPPoE. I am due to put a second PPPoE ISP onto my firewall box which will give me ppp0 (general) and ppp1 (static leased line). The static leased line will run a number of services on its static IP and it is therefore imperative to make sure rules defined for the static line are assigned to the correct interface. I need this to

Hi, I have a few questions about the inner workings of netfilter (a graphical layout of my network setup @ https://aequorin.homeunix.net:62389/local/media/network-graph.png) 1) These are the syslog entries for some simple connection tests. Shorewall/netfilter has been set to record all stateful connections SSH is recognized as phys(eth0) -> $FW traffic. This is because PHYSIN is

Hello all, It''s my first letter on this list, and, my English is not very well. Please take me indulgence for grammar/syntax and over erorrs :)) I have trouble for acl''s of ip range. But, acl for one host (with ip adress) work fine. Please help me for make work acl/find erorr in acl. Becouse I''m new shorewall user, I maked test configuration on Virtual Mashine

Hi all, I am looking for an easy shorewall log analyzer, nothing too fancy, just the most blocked traffic on a firewall by IP and port, preferably in daily reports or so. Which tool are you using? Thanks in adv, Erwin ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the

Tom & others, Two suggestions for small improvements in shorewall-interfaces.man. 1. Option dhcp, criterion 3., change "you have a static IP but are on a LAN segment with lots of DHCP clients." to "the interface has a static IP but is on a LAN segment with lots of DHCP clients." 2. Can the effect of the dhcp option be described briefly in one or

On September 5, Tom wrote: > In Shorewall 4.2, you can leave the ''loc:'' out of the DNAT- rule. I tried that just now (shorewall-perl 4.2.1), and I got an error: Checking... WARNING: Destination zone (172.29.0.29) ignored : /etc/shorewall/rules (line 38) ERROR: Unknown Host (0.0.0.0/0) : /etc/shorewall/rules (line 38) where 172.29.0.29 is the destination address on

I get this enabling the option "routestopped" in my interface (eth0, net, one interface): Failed to apply configuration : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... ERROR: Invalid Interface option (routestopped) : /etc/shorewall/interfaces (line 11) Means that routestopped don''tt work, is it? Then, what could i do? Thank you very