similar to: Why not allow any:<ip>?

Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.

Guys, i know i saw this somewhere but i cant seem to locate that info now... Scenario: ............... I have a simple two interface firewall. The firewall machine also provides some services to the LAN and to the NET. What i would like to do is allow only a particular range of IPs frm the internet to access those services. What do i need to do with my ''rules'' file. Ideally

Hi list, I''m struggling with this problem for a long time, hopefully someone can explain me what I''m doing wrong: I have a shorewall installation with interfaces net eth0 - eth1 hosts loc 10.0.10.0/24 loc 10.0.20.0/24 +some other zones and subnets there are aliases on eth1 for gateways for the two loc subnets eth1:1 10.0.10.1 eth1:2 10.0.20.1 Everything works fine, loc

Hi There, Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1) But the real web server is on another box (192.168.1.2) I tried to put rule: DNAT net loc:192.168.168.1 tcp 80 But everytime www connection coming in, it will hit my shorewall Any solution? Cheer Access Yahoo!7 Mail on your mobile. Anytime. Anywhere. Show me how:

While troubleshooting my MultiISP box, I suspect I might have found either a bug or an incompatibility with CentOS 5.2. In prog.header (function detect_dynamic_gateway), Shorewall tries to look for: /var/lib/dhcp/dhclient-${1}.lease However (at least under CentOS 5 - unknown about other OSes), this should be: /var/lib/dhclient/dhclient-${1}.leases (different path, and "leases"

I think we discussed this in the past and I floated a hack at the time, but I don''t recall any real resolution. I want to see if time has solved my problem or if it still exists. My scenario is that I have two ISPs, one of which uses DHCP. Because I have two ISPs, history has shown that allowing the provisioning script for the interface to plumb a default route is troublesome and

I have two sites connected via openvpn. Both routers are running shorewall. Behind Network A is a SIP Phone which tries to register with an Asterisk PBX in Network B. I see in the log of the SIP device, that it is sending SIP packets with its internal assigned address 192.168.1.11. The router at Network B logs these SIP packets coming from the external IP address of Router A, and not

Hi I have a routing problem with the OpenVPN service running directly on the firewall itself. I have two DSL connections, one with a static IP (and my default route), the other with a dynamic IP. The first is called ISBD in the configs, the second is called SAIX. Connecting to the OpenVPN via ISBD works well, the packets route perfectly. Connecting via SAIX does not. In the attached status.txt,

OK - I figured out what it is but maybe someone can give an explanation here. If I use he multiple zones configuration I have to do in addition Hosts v3005 vlan3005:0.0.0.0/0 And of course this seems to be very logic since this means all ip´s on the internet. But I am still confused a lot why this is the first time I have to do it after using Shorewall over years without to be forced to say

I''m following the document; <http://flurdy.com/docs/postfix/>, and SSH only By default Shorewall in Ubuntu has an empty set up. You can find the default values for Shorewall in /usr/share/doc/shorwall-common/default-config. And examples in /usr/share/doc/shorwall-common/examples. We will create a basic set up. First configure which network adapters we are accessing the net. cp

Hi, I''ve been working the past 8 hrs combatting DDoS attacks on websites and dedicated servers I host for clients. They''re hitting one specific IP address, but coming from thousands of external IP addresses. I use: shorewall-4.0.10-3.noarch How can I tackle this? I''ve blocked many subnets in the blacklist file but it''s made very little difference. If

I''m getting an error when shorewall is trying to add the default routes for my multi-isp configuration. I''ve attached a shorewall dump... If anyone can give some input I''d appreciate it. RTNETLINK answers: Invalid argument ERROR: Command "ip -4 route replace default scope global table 254 nexthop via 67.110.119.245 dev eth3 weight 1 nexthop via 66.29.181.113

Hi Tom and folks, Mandriva is shipping shorewall in its main distribution for some time now. It is built on a custom .spec, but I keep it in sync with latest versions of shorewall package. I heard that there were some issues with Mandriva''s package of shorewall, but it was before I started working on it, and the guys that were maintaining it before are no longer working on it.

Hi, I have setup a IPSEC VPN using Openswan to connect a Draytek router to a CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m getting a problem with packets from the left hand subnet getting masqueraded rather than routed down the IPSEC VPN as though they were going out onto the net. I''ve spent the last day searching Google and so far I''ve hit a

Hi, This subject has been brought up in the forum, but it''s a bit different. If I have a set of tun interfaces. I already defined tun+ as zone A, and I have excluded tun15 as zone B (a subset of zone A). I need to add tun16 to zone B. My config: /etc/shorewall/interfaces: A tun+ - routeback B tun15 /etc/shorewall/ A ipv4 B:A ipv4 I tried to define in

hi who can ever help me out with the shaping of torrent traffic? i have a pptp at ppp0 over eth0 (10.0.0.1/8) i would like to shape outgoing traffic of rtorrent on these two interfaces, assume rtorrent is running at port 6999 need 3mbit for ppp0 and 50mbit for eth0 i supposed: [tcclasses] ppp0 1 2mbit 3mbit 1 eth0 2 20mbit 50mbit 2 [tcrules] 1 0.0.0.0/0 0.0.0.0/0 tcp

Hi, my shorewall is version 4.0.15 on Debian Lenny. I have 3 following interfaces: eth0 net (4mbit/512kbit) eth1 loc (100mbit) eth2 loc (100mbit) I want to shape traffic from net on two lan interfaces like: - default is 2000mbit for each local interface - if is no traffic on eth1 is 4mbit for eth2 (and vice versa) My tcdevices eth0 4000mbit 512kbit eth1 -

Hello, I''m reading this guide on ipv6 (really just getting my "feet wet"): http://www.shorewall.net/6to4.htm In the section "Configuring IPv6 using my script" I can read that the IPv6 interfaces are: INTERFACES="eth2 eth4" and that correlates fine with the first diagram/figure. However, further down I read "You will notice that sit1, eth0 and eth2

Hi, I had installed squid with ntlm authentication and content filtering from this tutorial: http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch. Next to last point is firewall configuration by ipmasq but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the

Hi, I don''t know any other group of routing gurus like the members of this list, so may be you can give me some hints. I do have a shorewall firewall up and running, openvpn is installed on this server too and is working fine so far except one new situation: I have set up a new local vlan, which I can access from my other local vlans, but not from the opnevpn-vlan. All "old"