similar to: Problem with "routeback, blacklist, tcpflags" in Shorewall 4.2.4-2

Hi, usually my shorewall inst. uses compiler=perl. While some tests I changed my config to compiler=shell, and in this case I get an error like this: -------------------------------------------------------- Setting up TCP Flags checking... iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0'' not found Try `iptables -h'' or ''iptables --help'' for more

Hi, I have the following problem while activating this rule entry using shorewall-shell: ACCEPT:notice:rul WAN:139.x.x.226 INT:139.x.x.153-139.x.x.156 udp 1024:65535 1024:65535 "-m iprange" in front of "--dst-range" is missing in the activation command. The logging entry (above) is set correct. Below is the debug output. Thanks Regards Günter + case $level in +

I have had to replace an existing setup which has a bunch of IPs Proxy-NAT''ed onto the loc segment. While I do eventually want to move them to their own segment, I have to deal with this for the next few weeks. My problem is that from a loc system I can ping the public IP of a system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being blocked according

I am trying to setup a 2 ISP shorewall box and I have 1 question. Does the routeback option replace the steps in FAQ 32 or do I need both? Thanks Jim

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

Hello, I have started playing around with docker (https://www.docker.io/) and am having trouble to integrate the "docker0" bridge it creates on the fly into my shorewall setup (version 4.5.16.1) on debian testing. IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces has an entry like so, > doc docker0

Hello, I have the need to connect 2 remote site with vpn, the windows pc of the 2 site it can share the HD and printer. This is my configuration : LOCAL NETWORK A : ip from 192.168.10.2 to 192.168.10.99 | | | | eth0: 192.168.10.1 FIREWALL A : ( with debian ; openvpn ver. 2.0.beta15 ; shorewall ver 2.0.11 ) eth1 : xxx.xxx.xxx.xxx ( pubblic ip address ) | | | | INTERNET | | | eth1 :

Hello, I have a problem with simple traffic shapping in shorewall, my current configuration is: zones vlan10 ipv4 # interfaces vlan10 vlan10 detect tcpflags,routeback shorewall.conf TC_ENABLED=Simple tcinterfaces vlan10 Internal 1mbit:50kb shorewall show tc Device vlan10: qdisc prio 5: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1

We switched over from a bordermanager firewall to a shorewall firewall. Some stuff is not working now. I realized that I had not created the route for the network that is not working however once I created it, it still didn''t work. Most of our network is fine however some pieces are not working. [Net] - [Shorewall] - [LAN] - [Cisco] - [Clients and servers not working] The firewall

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''m running Shorewall 4.4.0/Debian Lenny and I''m trying to setup OpenVPN with a mild degree of success so far. My ultimate end goal is to basically have an extension of my home lan to my laptop as well as my wife''s when we are away from home, and have all of my normal network resources available as if I were sitting at home

hallo everybody, i googled a lot of time, looking for PV-drivers for Windows- domUs. I found a few things about that, but nothing about download an installation. Do anybody know, where I can get it and how to install? My configuration: Dom0: CentOS 5.1 DomUs: Windows XP and 2003 Server Thanks for any help, Guenter _______________________________________________ Xen-users mailing list

Hey folks; I have been happily using shorewall for quite some time so this problem _may_ not be easy to resolve but I am interested in any information regarding your experience with the same setup. I was using FC3 with shorewall 2.2.3 and two NICs setup as a bridge without any issue until I upgraded to FC4. My production system would pass traffic through the bridge but local usage would not

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Dear Shorewall Users :-) I''ve been playing with shorewall for some time now - I found it really interesting and easy tool to organise all the rules and so on (beforethat I''ve been using simple iptables rules in shell script ;-) Generally it''s quite easy to be used, but anyway found one problem which I cannot handle myself - or in other words - cannot find appropriate

Hi, please, excuse my poor English Exist any tool for upgrade kernel automatically in DomU machines? Because I have the following problem: After upgrade the kernel package from linux-image-2.6.24-21-xen to linux-image-2.6.24-22-xen in Dom0 (an Ubuntu Server), I modified the config files in /etc/xen/domUmachine.cfg for all my VM. Later a restarted its, but i found the following error // DomU //