similar to: rules and nat

Displaying 20 results from an estimated 7000 matches similar to: "rules and nat"

2010 Feb 05
16
DNAT Problem
Hi, I have a client behind shorewall which has 2 IP: 192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP. I have added DNAT rules into shorewall: DNAT net loc:192.168.8.35 tcp 11008 - 1.2.3.4 DNAT net loc:192.168.8.37 tcp 55000 - 1.2.3.5 1.2.3.4 and 1.2.3.5 is virtual IP
2009 Jul 17
1
Problem with Email at same network
Hello, My firewall is a Shorewall 4.2.5 I''ve a webserver and a mailserver runnig at same internal network. The DNAT instruction runnig okay (DNAT rule has to map smtp port). I receive mail from externals senders. But, when my webserver sents any mail to my domain (my mailserver), the message doesn''t receives. Is there a rule that I need to make to running ? DNAT
2009 Jul 03
5
Return to sender
Hi everyone! I need to create a rule that return back the packages sender. For example, if the IP 200.xxx.xxx.xxx tries to connect to my firewall in one specific port, the rules turns back the connection to 200.xxx.xxx.xxx. With this rule the Engineers Department will test some equipments with GSM chips. One point to observe is that we don''t know witch IP will connect to this rules.
2010 May 04
7
Packet Not 100% Received
I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.
2009 May 03
12
DNAT Question
Hi list, I have a shorewall installed on 2 interfaces which also has multiple static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned nat with: 1.2.3.4 eth0 11.22.33.4 no no But then I have a situation where I need 11.22.33.44 to connect to a host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4. How to do it? TIA Willy
2009 Jul 12
2
Shorewall 4.4.0 Beta 4
Beta 4 is now ready for testing. http://www.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/ ftp://ftp.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/ ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 Beta 4
2010 Oct 21
10
KVM and bridge
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and
2009 Oct 23
1
macro for dnat through alternate public ip (alias)
Hi, I have a rule: DNAT net dmz:a.b.c.d tcp 25 - k.l.m.n The problem: I want to DNAT port 25, 143, 110 k.l.m.n is alternate public ip (using vrrp, just like alias) Can I abridge the above line using macro, instead of writing 3 separate lines? I can do: MailPorts/DNAT net dmz:a.b.c.d But this refer to the physical public ip I have more elaborate requirement to forward around 20
2010 May 22
12
[ASK]How Many Interfaces Supported?
Hi, I have 8 ethernet cards installed. Is it possible to use eth0-eth6 as the net interface for shorewall and eth1 as the lan network? Thanks. sangprabv sangprabv@gmail.com ------------------------------------------------------------------------------
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
Hello all, I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using pppoe with a dynamic ip that changes frequently. The problem is when the line drops the sip/iax registrations drop as well, and they don''t register thereafter. When I check the conntrack entries, I noticed the entries still have the old wan ip address and because of keepalive (i''m
2008 Oct 13
7
Open all from one machine....
Hi all... I have configure a Shorewall gateway to my little lan im my home. The shorewall work fine here... However, when I try to use Limewire, I can download nothing.... On fact, I can''t get any high connection on Limewire.. What can I do to make Limewire work properly behind a Shorewall gateway???? May be I have to open all port (both tcp and udp), but how? Thanks a lot... Best
2011 Aug 03
6
Dual ISP config: How to forward DNS requests to the proper server?
I''m using Shorewall with a load-balanced muti-ISP config along with LSM for failover. It''s working great, except for DNS requests. I''d appreciate some advice on how to best configure this. The WAN connections are a T1 through XO and a cable connection through Comcast. About 80% of the traffic is routed out the Comcast connection under normal connections. I would
2008 Sep 05
5
PPTP Client Behind a Shorewall Firewall
Hi all, I´m running a server that frecuently needs to open a pptp session with a remote server outside my Company. This server is running behind a Shorewall firewall and I don´t find information in Shorewall web page because there is no information in the link http://www.shorewall.net/PPTP.htm#ClientsBehind Nowadays I can connect this server with the remote one but te session is closed after
2008 Oct 01
2
DNAT Issue
Hi. Im setting up a web farm test lab. I have a number of machines in the test last on a dmz zone on network 10.20.30.0. The test lab firewall has two NICS. One (eth0) has two ip addresses, eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is on a private network, 10.20.30.0. I want to use DNAT to allow test engineers to ssh into the machines in the web farm. I have
2010 Nov 23
4
ERROR: Duplicate Host Group
Hello, This is using version 4.4.11.3 (Debian). The following error occurs: ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : The configuration is a test config. Commented lines removed to keep it clear: # cat zones fw firewall loc ipv4 # cat interfaces loc eth1 - # cat hosts loc eth1:10.128.23.34/16 # cat policy all all ACCEPT
2011 Sep 17
4
Shorewall DNAT to IPSET
I would like to dnat certain protocols (HTTP, HTTPS, SSH) to the contents of an ipset (lan:+serviceshost or similar) where the ipset is ensured to contain only one host, but can be changed dynamically when services are in maintenance mode and go to the "services are down" message on another server. Will this work, or am I barking up a fish here?
2010 Apr 12
21
Using the limit action on a DNAT rule to prevent DoS attackson a specific port
Hi there. I''m reading and reading through the doc''s and previous posts, but cannot seem to find what I''m looking for. I want to create a rule that prevents DoS and maybe even DDoS attacks against a specific port. The current rule looks like this (the PORT''s and IP''s are dummies of course): #ACTION SOURCE DEST
2013 Oct 08
5
Shorewall dropping packets that should be forwarded
I had to restart one of my routers tonight and since then shorewall on it has been dropping SIP packets coming in from one machine instead of forwarding them to the freebpx server. Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network external ip> DST=<server network external ip> LEN=575 TOS=0x00 PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060
2010 Jun 15
4
TPROXY configuration
I''m trying to get TPROXY / Squid running and I have a few questions... I found this page: http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY However, it doesn''t explain what I''m seeing in the configuration. For the zone file, do I keep my loc and net configurations and just add the following to the file? - lo - - or do I remove the loc and net zones and
2009 Jun 10
6
Shorewall + IPsec Tunnel
Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.