Displaying 20 results from an estimated 7000 matches similar to: "rules and nat"
2010 Feb 05
16
DNAT Problem
Hi,
I have a client behind shorewall which has 2 IP:
192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP.
I have added DNAT rules into shorewall:
DNAT net loc:192.168.8.35 tcp 11008 - 1.2.3.4
DNAT net loc:192.168.8.37 tcp 55000 - 1.2.3.5
1.2.3.4 and 1.2.3.5 is virtual IP
2009 Jul 17
1
Problem with Email at same network
Hello,
My firewall is a Shorewall 4.2.5
I''ve a webserver and a mailserver runnig at same internal network.
The DNAT instruction runnig okay (DNAT rule has to map smtp port). I receive
mail from externals senders. But, when my webserver sents any mail to my
domain (my mailserver), the message doesn''t receives.
Is there a rule that I need to make to running ? DNAT
2009 Jul 03
5
Return to sender
Hi everyone!
I need to create a rule that return back the packages sender.
For example, if the IP 200.xxx.xxx.xxx tries to connect to my firewall
in one specific port, the rules turns back the connection to
200.xxx.xxx.xxx.
With this rule the Engineers Department will test some equipments with
GSM chips.
One point to observe is that we don''t know witch IP will connect to
this rules.
2010 May 04
7
Packet Not 100% Received
I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.
2009 May 03
12
DNAT Question
Hi list,
I have a shorewall installed on 2 interfaces which also has multiple
static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned
nat with:
1.2.3.4 eth0 11.22.33.4 no no
But then I have a situation where I need 11.22.33.44 to connect to a
host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4.
How to do it? TIA
Willy
2009 Jul 12
2
Shorewall 4.4.0 Beta 4
Beta 4 is now ready for testing.
http://www.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/
ftp://ftp.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 Beta 4
2010 Oct 21
10
KVM and bridge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM
virtual servers on the default libvrt virbr0 bridge at the default
vnet+ bridge ports. The bridge and ports are on a separate private
subnet (192.168.122.0/24). Each bridge port and the bridge itself are
in the dmz, there are two physical interfaces and private local
subnets in loc, and
2009 Oct 23
1
macro for dnat through alternate public ip (alias)
Hi,
I have a rule:
DNAT net dmz:a.b.c.d tcp 25 - k.l.m.n
The problem:
I want to DNAT port 25, 143, 110
k.l.m.n is alternate public ip (using vrrp, just like alias)
Can I abridge the above line using macro, instead of writing 3 separate lines?
I can do:
MailPorts/DNAT net dmz:a.b.c.d
But this refer to the physical public ip
I have more elaborate requirement to forward around 20
2010 May 22
12
[ASK]How Many Interfaces Supported?
Hi,
I have 8 ethernet cards installed. Is it possible to use eth0-eth6 as the net interface for shorewall and eth1 as the lan network? Thanks.
sangprabv
sangprabv@gmail.com
------------------------------------------------------------------------------
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
Hello all,
I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using
pppoe with a dynamic ip that changes frequently.
The problem is when the line drops the sip/iax registrations drop as well,
and they don''t register thereafter. When I check the conntrack entries, I
noticed the entries still have the old wan ip address and because of
keepalive (i''m
2008 Oct 13
7
Open all from one machine....
Hi all...
I have configure a Shorewall gateway to my little lan im my home.
The shorewall work fine here...
However, when I try to use Limewire, I can download nothing....
On fact, I can''t get any high connection on Limewire..
What can I do to make Limewire work properly behind a Shorewall
gateway????
May be I have to open all port (both tcp and udp), but how?
Thanks a lot...
Best
2011 Aug 03
6
Dual ISP config: How to forward DNS requests to the proper server?
I''m using Shorewall with a load-balanced muti-ISP config along with LSM for
failover. It''s working great, except for DNS requests. I''d appreciate some
advice on how to best configure this.
The WAN connections are a T1 through XO and a cable connection through
Comcast. About 80% of the traffic is routed out the Comcast connection
under normal connections. I would
2008 Sep 05
5
PPTP Client Behind a Shorewall Firewall
Hi all, I´m running a server that frecuently needs to open a pptp
session with a remote server outside my Company. This server is running
behind a Shorewall firewall and I don´t find information in Shorewall
web page because there is no information in the link
http://www.shorewall.net/PPTP.htm#ClientsBehind
Nowadays I can connect this server with the remote one but te session is
closed after
2008 Oct 01
2
DNAT Issue
Hi.
Im setting up a web farm test lab. I have a number of machines in the
test last on a dmz zone on network 10.20.30.0.
The test lab firewall has two NICS. One (eth0) has two ip addresses,
eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is
on a private network, 10.20.30.0.
I want to use DNAT to allow test engineers to ssh into the machines in
the web farm. I have
2010 Nov 23
4
ERROR: Duplicate Host Group
Hello,
This is using version 4.4.11.3 (Debian).
The following error occurs:
ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc :
The configuration is a test config. Commented lines removed to keep
it clear:
# cat zones
fw firewall
loc ipv4
# cat interfaces
loc eth1 -
# cat hosts
loc eth1:10.128.23.34/16
# cat policy
all all ACCEPT
2011 Sep 17
4
Shorewall DNAT to IPSET
I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the
contents of an ipset (lan:+serviceshost or similar) where the ipset is
ensured to contain only one host, but can be changed dynamically when
services are in maintenance mode and go to the "services are down"
message on another server. Will this work, or am I barking up a fish here?
2010 Apr 12
21
Using the limit action on a DNAT rule to prevent DoS attackson a specific port
Hi there.
I''m reading and reading through the doc''s and previous posts, but cannot
seem to find what I''m looking for. I want to create a rule that prevents DoS
and maybe even DDoS attacks against a specific port. The current rule looks
like this (the PORT''s and IP''s are dummies of course):
#ACTION SOURCE DEST
2013 Oct 08
5
Shorewall dropping packets that should be forwarded
I had to restart one of my routers tonight and since then shorewall on
it has been dropping SIP packets coming in from one machine instead of
forwarding them to the freebpx server.
Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network
external ip> DST=<server network external ip> LEN=575 TOS=0x00
PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060
2010 Jun 15
4
TPROXY configuration
I''m trying to get TPROXY / Squid running and I have a few questions...
I found this page:
http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY
However, it doesn''t explain what I''m seeing in the configuration.
For the zone file, do I keep my loc and net configurations and just add
the following to the file?
- lo - -
or do I remove the loc and net zones and
2009 Jun 10
6
Shorewall + IPsec Tunnel
Hi everyone!
First of all, sorry about my bad English and the e-mails extension.
I need some help to implement a VPN connection using shorewall and openswan
as IPSec Tunnel.
My network map:
CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
(DMZ)
I have two VPN connections with two different subnets to the other end. The
two of then are correctly established.