similar to: shorewall + openvpn: address rewriting

Dear All, I have been using -- shorewall-4.0.14-1 on Centos 5.2 and its been working just great. i would like to monitor shorewall traffic ( i mean the allowed and dropped traffic passing through my firewall )with a browser from any location apprecite if someone could help me or advice me which software or add on utility would do the above. really apprecite thanks nd regards simon

Hi I have a routing problem with the OpenVPN service running directly on the firewall itself. I have two DSL connections, one with a static IP (and my default route), the other with a dynamic IP. The first is called ISBD in the configs, the second is called SAIX. Connecting to the OpenVPN via ISBD works well, the packets route perfectly. Connecting via SAIX does not. In the attached status.txt,

Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.

Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:

Hello! I''ve the following set-up RemoteClient1 (Win Vista), RemoteClient2 (Win XP) do both connect to my OpenVPN box. They can talk to each other, using their 172.16.1.x tun0 Address on the server. The server itself (Ubuntu gutsy, OpenVPN: 2.0.9-8, shorewall:3.4.4-1) has 1 NIC that connects the machine to a) a DSL-router (forwards several ports to this linux machine, including the

Ok. I''m knocking down one problem at a time. I''ve managed to figure out how to bridge my tap0 and my eth1 with br0. This is good stuff. But if I have shorewall running, I can''t ping the local network at all. If I have shorewall not running, I can ping the local network. Here is my setup. Firewall/NAT box: eth0 - DHCP from cable provider eth1 -

Tom, While reading the Shorewall OpenVPN doc, I found that you have to many "7" in the example 77777 instead of 7777 in the text. Jim This entry in /etc/shorewall/tunnels opens the firewall so that OpenVPN traffic on the default port 5000/udp will be accepted to/from the remote gateway. If you change the port used by OpenVPN to 7777, you can define /etc/shorewall/tunnels like

Hi, We''re using openvpn on our firewall box to contact several networks. The idea is to use it for approx 10-15 vpn''s.. But.. Do we have to define a tunX device and an interface + zone for ''each'' VPN connection? It seems to me yes, but .. Doesn''t that make the interfaces/zones file a little bit complex or overpopulated? Just wondering because in my

Hi, I don''t know any other group of routing gurus like the members of this list, so may be you can give me some hints. I do have a shorewall firewall up and running, openvpn is installed on this server too and is working fine so far except one new situation: I have set up a new local vlan, which I can access from my other local vlans, but not from the opnevpn-vlan. All "old"

Dear list, I am having a problem with openvpn. I have the following arrangement, running two instances of openvpn on "home fw". I want to protect my WLAN in back of the home fw and that works fine. I can see "Peer connection initiated with 192.168.1.3:5000" in daemon.log on homefw. Nothing gets initiated with officefw, nor can I ping the other end of the tunnel at officefw.

I am trying to make the following connection: WindowsXP(OpenVPN-Client)->shorewall->Internet->LinksysWRTG->OpenVPN-Server ...of course the reverse path too. The OpenVPN server is running in bridge mode. When the openVPN client is launched it looks like a successful connection is made. The openVPN client gets assigned an address from the openVPN server pool. The OpenVPN

Hello Tom, On the page 'http://lwn.net/Articles/313328/' i found info about changes in 'cls_flow.c' in kernel-2.6.29: net/sched/cls_flow.c | 4 +- and may be now it will work properly to everyone's entertainment. Thank you, Alex --- Прогноз погоды ТУТ - http://pogoda.tut.by

Hello List, I tried to set up openvpn with the shorewall on my openwrt box but failed! I am not able to access the "loc"al Network from my vpn. I followed the roadwarrior setup. I define a vpn zone, that should be able to access the firewall and the local network: vpn fw ACCEPT info fw loc ACCEPT info vpn

I''ve been digging through the various manuals and am a bit irritated with limitation on the rules system Why do I have to specify a source zone to allow a source IP range on all zones? There is no iptables requirement for anything more than a source address, so I don''t understand why all:<ip> does not just add an accept rule into the head of the INPUT chain or even simply

Hi, I have a Linux firewall based on shorewall with 2 NIC and ADSL (ppp0). My ppp0 ip is fixed. The internal NIC, eth1, is bridged with tap0, tap1 and tap2 to form br0. br0 subnet is 192.168.2.0/24. The firewall is configured to masq internal traffic and block whatever needs to be blocked. It is also configured to tunnel openvpn v1.6. I have a roaming laptop running XP. I can create a tunnel

When using shorewall with a road warrior openvpn setup, how can I get the tun interface to masq through a lan interface? Example Setup: Machine A (tun0 10.0.0.1) -----------VPN---------(tun0 10.0.0.2)---------Machine B(10.10.10.1) When I ping Machine B from Machine B, Machine B is receiving the echo request, but it doesn''t know the route back to the 10.0.0.0/24, and there

Guys, i know i saw this somewhere but i cant seem to locate that info now... Scenario: ............... I have a simple two interface firewall. The firewall machine also provides some services to the LAN and to the NET. What i would like to do is allow only a particular range of IPs frm the internet to access those services. What do i need to do with my ''rules'' file. Ideally

Hello, I have the need to connect 2 remote site with vpn, the windows pc of the 2 site it can share the HD and printer. This is my configuration : LOCAL NETWORK A : ip from 192.168.10.2 to 192.168.10.99 | | | | eth0: 192.168.10.1 FIREWALL A : ( with debian ; openvpn ver. 2.0.beta15 ; shorewall ver 2.0.11 ) eth1 : xxx.xxx.xxx.xxx ( pubblic ip address ) | | | | INTERNET | | | eth1 :

log message : Jun 21 17:22:04 antares kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:04:23:b6:f4:68:00:0f:cc:0c:55:00:08:00 SRC=213.41.177.48 DST=192.168.1.11 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=23492 DF PROTO=TCP SPT=50859 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 The server listening on 192.168.1.11 port 80 receives nothing. Is there any explanation?????? Thanks in advance for your help

Good day, I have gone through a couple of the HOWTO''s on how to get this to work, but I am still sitting with a very strange (for me) issue. If two clients connect via OpenVPN (bridged), they can access each other without any problems, but neither of them can access the server, nor any system behind it. I am fairly sure it is a Shorewall issue, but I am very new to Shorewall, having