Displaying 20 results from an estimated 20000 matches similar to: "Question about setting up in a colo environment"
2010 Apr 16
3
Route availability check
Hi list,
is it true that Shorewall is not willing to forward traffic from a source-ip
which is not reachable by a static route from Shorewall itself? To say it on
another way. If Shorewall´s routing interface is neither connected nor able
to reach that source ip does it forward or deny it?
So the situation is the following. I send from an ip which is not part of
interface nor hosts file. But
2010 Apr 12
21
Using the limit action on a DNAT rule to prevent DoS attackson a specific port
Hi there.
I''m reading and reading through the doc''s and previous posts, but cannot
seem to find what I''m looking for. I want to create a rule that prevents DoS
and maybe even DDoS attacks against a specific port. The current rule looks
like this (the PORT''s and IP''s are dummies of course):
#ACTION SOURCE DEST
2010 Mar 19
6
noob question
Hi list,
thank you for Shorewall :)
I''m trying to get a simple config to work but i can''t seem to work out how
to gain access via ssh to the protected remote machine. But that doesn''t
surprise me really as i have just spend well over an hour to find how to
limit the lograte AND fill in the logburst in shorewall.conf.
I have specified a logfile (not messages) in
2010 Mar 03
5
Applications running on the Firewall (MultiISP)
Hello,
it seems I am hit by http://shorewall.net/MultiISP.html#Local :
"Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP
2010 Mar 08
4
Shorewall Development Schedule
As Shorewall reaches maturity, it seems unlikely that the pace of
development typical of the past 9 years will be sustained. Over that
time, major releases have occurred approximately once per year; the last
major release (4.4) was in August 2009.
I do not currently have an active 4.5 development branch so it is very
unlikely that we will see a 4.6 release this year.
Going forward, I would
2010 Mar 08
4
Shorewall Development Schedule
As Shorewall reaches maturity, it seems unlikely that the pace of
development typical of the past 9 years will be sustained. Over that
time, major releases have occurred approximately once per year; the last
major release (4.4) was in August 2009.
I do not currently have an active 4.5 development branch so it is very
unlikely that we will see a 4.6 release this year.
Going forward, I would
2005 Mar 01
11
Simple question about zones (haven''t found in FAQ)
Hello everybody:
Here is my "network layout":
ISP1 ISP2
| |
| |
+-----eth0---------eth1------+
| |
| FC 3 box |
| |
+-----eth2---------eth3------+
|
2010 Feb 27
3
Port Redirection
Hi Everyone!
I''m having problems to redirect an UDP port to an external server. My
firewall have 4 interfaces: NET, LOC (192.168.0.0/24),
DMZ(192.168.1.0/24), CMTC(10.0.0.0/24). On CMTC interface I have a
direct connection to another network using a VPN link.
I need to redirect an UDP port to on server (10.1.0.2) on CMTC zone
using my local IP (192.168.0.1) for gateway. I will use
2010 Mar 07
3
DNAT not working
Hi I am having a problem with a DNAT rule where the packets being REJECT''d:
DNAT:info net priv:192.168.6.15 udp 5060
With the following appearing in the log:
Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT=
MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25
DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000
2010 Apr 15
3
Please help: Shorewall 4.4.8 captures all traffic as "world" on both loc & net on a bridge firewall
Hello All,
I¹ve installed the vanilla shorewall F12, I¹ve got it installed on a couple
of other servers with no problems. no matter how I define the zones and
interfaces, shorewall logs and allows, rejects or drops only traffic to
world.
ACCEPT:info net:<myip>/32 $FW icmp
Shorewall:world2fw:REJECT:IN=br0
ACCEPT:info world:<myip>/32 $FW icmp
2010 Apr 19
2
Http redirect page in the first connection.
First I would like to apologize if my English is not good ...
For me I think it''s possible but still have not found how to do despite
spending the day looking at the documentation site.
The wanted to do was this: do the whole first http connection to a
machine inside the network were redirected to a warning page, and then
it occurred to navigate normally.
I imagine that this would be
2010 Mar 17
2
DNAT Problem
Hi everyone!
I''m having time out problems when using a DNAT rule.
Rule:
DNAT:info cmtc loc:192.168.0.158 tcp 8011
Log:
Mar 17 17:50:17 gw kernel: [1583997.524924]
Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60
TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011
WINDOW=5840 RES=0x00 SYN URGP=0
Telnet:
root@emudar:~# telnet
2010 Feb 24
3
Using NFLOG in shorewall6
Dear all,
I have configured both shorewall and shorewall6 on my firewall. Shorewall is
using ULOG as logging target and since that did not seem to work I tried using
NFLOG in shorewall6. However, nothing is logged in the /var/log files.
Three questions:
- What am I doing wrong? I just use LOG=NFLOG in the params file.
- Can I use NFLOG for shorewall too?
- Do I need ulogd when setting the
2004 Sep 02
5
DNAT and ping
I have the following
interfaces
loc eth0
net0 eth1
net1 eth2
(net0 and net1 are the two ISP networks)
policy
loc net0 ACCEPT
loc net1 ACCEPT
net0 all DROP info
proxyarp
209.189.103.204 eth0 eth1 no no
params
Pellucidar=192.168.124.232
rules
DNAT net0 loc:$Pellucidar tcp 22,80,1950,50005 - 209.189.103.204
ACCEPT all all icmp
2005 Mar 28
3
Allowing RIP broadcasts?
This is kind of an odd request so I''ve got the asbestos undies on. I
have a client who currently has a layer 3 switch plugged into a cisco
pix. Routing is handled via RIP and now the client wants to insert a
linux box running shorewall behind the PIX and in front of the switch
to act as a content filter+backup firewall. The immediate problem I
forsee happening is that RIP broadcasts to
2010 Mar 19
1
snat
Hi,
I have two public ip''s and i want to dedicate one ip for incoming and
outgoing to one server. I followed
http://www.shorewall.net/shorewall_setup_guide.htm and used the example of
the daughter system. I have a machine connected on vmbr0 with address
10.10.10.1 listening on port 80 www. Still I can''t connect to this system.
I''m forgetting something?
Sincerely,
2010 Apr 17
1
NAT-PMP and Shorewall
Is there support for NAT-PMP in shorewall? If so, where can I RTFM?
Thanks.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
2005 Mar 01
3
Problem with multiple ISP''s
I have a setup with two Internet providers. One circuit (net0 == eth1) is
used primarily for employees and tunnels to other sites. The other (net1 ==
eth2) is for the production machines that customers access. Everythung works
in teh sense that packets get to where they are sent (mostly) but I recently
I had a sniffer on the system and noticed a problem I cannot solve. traffic
coming in
2007 May 23
3
creating a static route (SUSE 10)
Hi,
We have a shorewall firewall running on SUSE 10. We have three nic''s, Lan, DMZ and Internet. We also have a Cisco Pix 506e. We moved from sending all our traffic through the pix to using the Suse box yesterday. The PIX is in the DMZ, with a connection to the LAN switch, the idea being that VPN users can connect to the pix to the lan.
The Pix is on the 10.0.1.x subnet, the lan is
2010 Mar 01
1
WG: NAT Issue
Forget about my part to nat file. I was wrong. Try my masq configuration.
_____
Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de]
Gesendet: Dienstag, 2. März 2010 00:17
An: ''Shorewall Users''
Betreff: AW: [Shorewall-users] NAT Issue
Try
1.1.1.198 eth0 172.16.1.23 no no
INTERFACE - interfacelist[:[digit]]
Interfacees that