Displaying 20 results from an estimated 6000 matches similar to: "Return to sender"
2010 Feb 27
3
Port Redirection
Hi Everyone!
I''m having problems to redirect an UDP port to an external server. My
firewall have 4 interfaces: NET, LOC (192.168.0.0/24),
DMZ(192.168.1.0/24), CMTC(10.0.0.0/24). On CMTC interface I have a
direct connection to another network using a VPN link.
I need to redirect an UDP port to on server (10.1.0.2) on CMTC zone
using my local IP (192.168.0.1) for gateway. I will use
2009 Jul 03
5
rules and nat
Hi,
I just add these file rules:
DNAT net loc:192.168.8.35 tcp - - 202.158.70.38
DNAT net loc:192.168.8.36 tcp - - 202.158.70.38
DNAT net loc:192.168.8.37 tcp - - 202.158.70.38
And these on file nat:
202.158.70.38 eth0 192.168.8.35 no no
202.158.70.38 eth0 192.168.8.36 no no
202.158.70.38 eth0 192.168.8.37 no no
I try to connect to the internet and check the IP and all hosts returns
2009 Jun 10
6
Shorewall + IPsec Tunnel
Hi everyone!
First of all, sorry about my bad English and the e-mails extension.
I need some help to implement a VPN connection using shorewall and openswan
as IPSec Tunnel.
My network map:
CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
(DMZ)
I have two VPN connections with two different subnets to the other end. The
two of then are correctly established.
2009 Jul 12
2
Shorewall 4.4.0 Beta 4
Beta 4 is now ready for testing.
http://www.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/
ftp://ftp.shorewall.net/pub/shorewall/development/4.4/shorewall-4.4.0-Beta4/
----------------------------------------------------------------------------
P R O B L E M S C O R R E C T E D I N 4 . 4 . 0 Beta 4
2009 Jul 17
1
Problem with Email at same network
Hello,
My firewall is a Shorewall 4.2.5
I''ve a webserver and a mailserver runnig at same internal network.
The DNAT instruction runnig okay (DNAT rule has to map smtp port). I receive
mail from externals senders. But, when my webserver sents any mail to my
domain (my mailserver), the message doesn''t receives.
Is there a rule that I need to make to running ? DNAT
2010 Mar 17
2
DNAT Problem
Hi everyone!
I''m having time out problems when using a DNAT rule.
Rule:
DNAT:info cmtc loc:192.168.0.158 tcp 8011
Log:
Mar 17 17:50:17 gw kernel: [1583997.524924]
Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60
TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011
WINDOW=5840 RES=0x00 SYN URGP=0
Telnet:
root@emudar:~# telnet
2009 Oct 23
9
sip/iax problem - udp conntrack entries not getting destroyed
Hello all,
I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using
pppoe with a dynamic ip that changes frequently.
The problem is when the line drops the sip/iax registrations drop as well,
and they don''t register thereafter. When I check the conntrack entries, I
noticed the entries still have the old wan ip address and because of
keepalive (i''m
2008 Sep 23
3
Outgoing service always on a certain external address
Hi,
Shorewall version -4.0.12-2 (EL5 rpm version)
OS : Centos 5.2
I have shorewall successfully running on Linux with multi ISP.
Trying to make services such as "rsync, ftp" go through my secondary
ISP. For which I did the following
eth0 : Internal LAN
eth4 : DSL (Second ISP) => x.x
eth5 : T1 (First ISP) => y.y
Created the following entries in
2008 Oct 24
6
routing packet from/to source/destination
Hi all and specially Mr. Tom....
(Please, do not be acid with me please! I am only a newbie, trying learn
more about shorewall)
I get involved with a Firewall Project in a customer here in my city...
In this customer, he has two Internet Providers.
So, he ask me how make certain connection following one routing path (like
RT_1) and others connections type, following the other routing path
2011 Jan 10
12
Multi-provider halp
Hi to the list,
I configured a multi-provider setup with /etc/shorewall/providers:
Orange 1 1 main eth1 81.255.74.150
track,balance=1 eth0
Free 2 2 main eth2 88.180.116.254
track,balance=3 eth0
and /etc/shorewall/tcrules:
2:P 192.168.2.0/24 0.0.0.0/0
tcp 143
2:P 192.168.2.0/24
2010 Jun 15
4
TPROXY configuration
I''m trying to get TPROXY / Squid running and I have a few questions...
I found this page:
http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY
However, it doesn''t explain what I''m seeing in the configuration.
For the zone file, do I keep my loc and net configurations and just add
the following to the file?
- lo - -
or do I remove the loc and net zones and
2010 Nov 23
4
ERROR: Duplicate Host Group
Hello,
This is using version 4.4.11.3 (Debian).
The following error occurs:
ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc :
The configuration is a test config. Commented lines removed to keep
it clear:
# cat zones
fw firewall
loc ipv4
# cat interfaces
loc eth1 -
# cat hosts
loc eth1:10.128.23.34/16
# cat policy
all all ACCEPT
2010 Mar 03
5
Applications running on the Firewall (MultiISP)
Hello,
it seems I am hit by http://shorewall.net/MultiISP.html#Local :
"Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP
2013 Mar 31
1
Can't match DSCP CS6 and CS7
Hi,
DSCP match in /tcrules/ doesn''t work with CS6 and CS7, it provides an
error "invalid value" for string and hexa values.
It seems that it comes from /Chain.pm/, in the function /do_dscp/:
fatal_error( "Invalid DSCP ($dscp)" ) unless defined $value && $value < 0x2f && ! ( $value & 1 );
I dont understand why "$value < 0x2f", but
2009 May 29
5
CONNMARK target and connmark match support in Ubuntu kernel
Hi,
as per the shorewall MultiISP documentation ( http://www1.shorewall.net/MultiISP.html
), it says
"Use of this feature requires that your kernel and iptables include
CONNMARK target and connmark match support (Warning: Standard Debian™
and Ubuntu™ kernels are lacking that support!)."
it means MultiISP wont work properly if i am using Ubuntu server. if
yes whats the
2013 Mar 16
23
Shorewall 4.5.15 Beta 1
Beta 1 is now availablew for testing.
Problems Corrected:
1) Previously, the Shorewall and Shorewall6 install.sh scripts did two
things wrong with respect to the /etc/shorewall[6]/routes file:
- The existing file was unconditionally removed.
- A skeleton file was not installed when SPARSE was not set in
the shorewallrc file.
Additionally, the installer would remove
2013 Mar 16
23
Shorewall 4.5.15 Beta 1
Beta 1 is now availablew for testing.
Problems Corrected:
1) Previously, the Shorewall and Shorewall6 install.sh scripts did two
things wrong with respect to the /etc/shorewall[6]/routes file:
- The existing file was unconditionally removed.
- A skeleton file was not installed when SPARSE was not set in
the shorewallrc file.
Additionally, the installer would remove
2010 Oct 21
10
KVM and bridge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM
virtual servers on the default libvrt virbr0 bridge at the default
vnet+ bridge ports. The bridge and ports are on a separate private
subnet (192.168.122.0/24). Each bridge port and the bridge itself are
in the dmz, there are two physical interfaces and private local
subnets in loc, and
2011 Aug 02
5
selinux issues
Please see https://bugzilla.redhat.com/show_bug.cgi?id=727648 for more info.
Shorewall executes some bash code like the following:
while read address interface external haveroute; do
qt $IP -4 neigh del proxy $address dev $external
[ -z "${haveroute}${g_noroutes}" ] && qt $IP -4 route del
$address/32 dev $interface
2013 Jun 13
3
"Multiple Internet Connections" with four interfaces
Hi,
I was reading document http://shorewall.net/MultiISP.html#idp3634200.
Inspired by the document I was trying to establish the following changes:
* one additional interface: COMA_IF
* COM[A,B,C]_IF interfaces request IP address via DHCP
* all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF
* all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default
* non-RFC 1918