similar to: Question about setting up in a colo environment

Displaying 20 results from an estimated 20000 matches similar to: "Question about setting up in a colo environment"

2010 Apr 16
3
Route availability check
Hi list, is it true that Shorewall is not willing to forward traffic from a source-ip which is not reachable by a static route from Shorewall itself? To say it on another way. If Shorewall´s routing interface is neither connected nor able to reach that source ip does it forward or deny it? So the situation is the following. I send from an ip which is not part of interface nor hosts file. But
2010 Apr 12
21
Using the limit action on a DNAT rule to prevent DoS attackson a specific port
Hi there. I''m reading and reading through the doc''s and previous posts, but cannot seem to find what I''m looking for. I want to create a rule that prevents DoS and maybe even DDoS attacks against a specific port. The current rule looks like this (the PORT''s and IP''s are dummies of course): #ACTION SOURCE DEST
2010 Mar 19
6
noob question
Hi list, thank you for Shorewall :) I''m trying to get a simple config to work but i can''t seem to work out how to gain access via ssh to the protected remote machine. But that doesn''t surprise me really as i have just spend well over an hour to find how to limit the lograte AND fill in the logburst in shorewall.conf. I have specified a logfile (not messages) in
2010 Mar 03
5
Applications running on the Firewall (MultiISP)
Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP
2010 Mar 08
4
Shorewall Development Schedule
As Shorewall reaches maturity, it seems unlikely that the pace of development typical of the past 9 years will be sustained. Over that time, major releases have occurred approximately once per year; the last major release (4.4) was in August 2009. I do not currently have an active 4.5 development branch so it is very unlikely that we will see a 4.6 release this year. Going forward, I would
2010 Mar 08
4
Shorewall Development Schedule
As Shorewall reaches maturity, it seems unlikely that the pace of development typical of the past 9 years will be sustained. Over that time, major releases have occurred approximately once per year; the last major release (4.4) was in August 2009. I do not currently have an active 4.5 development branch so it is very unlikely that we will see a 4.6 release this year. Going forward, I would
2005 Mar 01
11
Simple question about zones (haven''t found in FAQ)
Hello everybody: Here is my "network layout": ISP1 ISP2 | | | | +-----eth0---------eth1------+ | | | FC 3 box | | | +-----eth2---------eth3------+ |
2010 Feb 27
3
Port Redirection
Hi Everyone! I''m having problems to redirect an UDP port to an external server. My firewall have 4 interfaces: NET, LOC (192.168.0.0/24), DMZ(192.168.1.0/24), CMTC(10.0.0.0/24). On CMTC interface I have a direct connection to another network using a VPN link. I need to redirect an UDP port to on server (10.1.0.2) on CMTC zone using my local IP (192.168.0.1) for gateway. I will use
2010 Mar 07
3
DNAT not working
Hi I am having a problem with a DNAT rule where the packets being REJECT''d: DNAT:info net priv:192.168.6.15 udp 5060 With the following appearing in the log: Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT= MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25 DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000
2010 Apr 15
3
Please help: Shorewall 4.4.8 captures all traffic as "world" on both loc & net on a bridge firewall
Hello All, I¹ve installed the vanilla shorewall F12, I¹ve got it installed on a couple of other servers with no problems. no matter how I define the zones and interfaces, shorewall logs and allows, rejects or drops only traffic to world. ACCEPT:info net:<myip>/32 $FW icmp Shorewall:world2fw:REJECT:IN=br0 ACCEPT:info world:<myip>/32 $FW icmp
2010 Apr 19
2
Http redirect page in the first connection.
First I would like to apologize if my English is not good ... For me I think it''s possible but still have not found how to do despite spending the day looking at the documentation site. The wanted to do was this: do the whole first http connection to a machine inside the network were redirected to a warning page, and then it occurred to navigate normally. I imagine that this would be
2010 Mar 17
2
DNAT Problem
Hi everyone! I''m having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: root@emudar:~# telnet
2010 Feb 24
3
Using NFLOG in shorewall6
Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the
2004 Sep 02
5
DNAT and ping
I have the following interfaces loc eth0 net0 eth1 net1 eth2 (net0 and net1 are the two ISP networks) policy loc net0 ACCEPT loc net1 ACCEPT net0 all DROP info proxyarp 209.189.103.204 eth0 eth1 no no params Pellucidar=192.168.124.232 rules DNAT net0 loc:$Pellucidar tcp 22,80,1950,50005 - 209.189.103.204 ACCEPT all all icmp
2005 Mar 28
3
Allowing RIP broadcasts?
This is kind of an odd request so I''ve got the asbestos undies on. I have a client who currently has a layer 3 switch plugged into a cisco pix. Routing is handled via RIP and now the client wants to insert a linux box running shorewall behind the PIX and in front of the switch to act as a content filter+backup firewall. The immediate problem I forsee happening is that RIP broadcasts to
2010 Mar 19
1
snat
Hi, I have two public ip''s and i want to dedicate one ip for incoming and outgoing to one server. I followed http://www.shorewall.net/shorewall_setup_guide.htm and used the example of the daughter system. I have a machine connected on vmbr0 with address 10.10.10.1 listening on port 80 www. Still I can''t connect to this system. I''m forgetting something? Sincerely,
2010 Apr 17
1
NAT-PMP and Shorewall
Is there support for NAT-PMP in shorewall? If so, where can I RTFM? Thanks. ------------------------------------------------------------------------------ Download Intel&#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta.
2005 Mar 01
3
Problem with multiple ISP''s
I have a setup with two Internet providers. One circuit (net0 == eth1) is used primarily for employees and tunnels to other sites. The other (net1 == eth2) is for the production machines that customers access. Everythung works in teh sense that packets get to where they are sent (mostly) but I recently I had a sniffer on the system and noticed a problem I cannot solve. traffic coming in
2007 May 23
3
creating a static route (SUSE 10)
Hi, We have a shorewall firewall running on SUSE 10. We have three nic''s, Lan, DMZ and Internet. We also have a Cisco Pix 506e. We moved from sending all our traffic through the pix to using the Suse box yesterday. The PIX is in the DMZ, with a connection to the LAN switch, the idea being that VPN users can connect to the pix to the lan. The Pix is on the 10.0.1.x subnet, the lan is
2010 Mar 01
1
WG: NAT Issue
Forget about my part to nat file. I was wrong. Try my masq configuration. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. März 2010 00:17 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] NAT Issue Try 1.1.1.198 eth0 172.16.1.23 no no INTERFACE - interfacelist[:[digit]] Interfacees that