similar to: Route availability check

net dmz:192.168.0.1 tcp 80 I forgot to mention that this should be put to rules file, sorry. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. Februar 2010 17:37 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] Suddenly DMZ can''t access to internet No. For

OK - I figured out what it is but maybe someone can give an explanation here. If I use he multiple zones configuration I have to do in addition Hosts v3005 vlan3005:0.0.0.0/0 And of course this seems to be very logic since this means all ip´s on the internet. But I am still confused a lot why this is the first time I have to do it after using Shorewall over years without to be forced to say

Hello We are using old version ( shorewall-3.0.7-1) with Centos 5.3 The shorewall has three zones (net / loc / dmz). Loc can access to internet with no problem and can access to DMZ. DMZ can''t access to internet. Net can''t access to DMZ with NAT. I tried to restart the machine / check Lan card / check cable , they were work find. Is it DMZ Lan card problem? but it can

Hi there. I''m reading and reading through the doc''s and previous posts, but cannot seem to find what I''m looking for. I want to create a rule that prevents DoS and maybe even DDoS attacks against a specific port. The current rule looks like this (the PORT''s and IP''s are dummies of course): #ACTION SOURCE DEST

As Shorewall reaches maturity, it seems unlikely that the pace of development typical of the past 9 years will be sustained. Over that time, major releases have occurred approximately once per year; the last major release (4.4) was in August 2009. I do not currently have an active 4.5 development branch so it is very unlikely that we will see a 4.6 release this year. Going forward, I would

As Shorewall reaches maturity, it seems unlikely that the pace of development typical of the past 9 years will be sustained. Over that time, major releases have occurred approximately once per year; the last major release (4.4) was in August 2009. I do not currently have an active 4.5 development branch so it is very unlikely that we will see a 4.6 release this year. Going forward, I would

Hi, I have 8 ethernet cards installed. Is it possible to use eth0-eth6 as the net interface for shorewall and eth1 as the lan network? Thanks. sangprabv sangprabv@gmail.com ------------------------------------------------------------------------------

Forget about my part to nat file. I was wrong. Try my masq configuration. _____ Von: Michael Weickel - iQom Business Services GmbH [mailto:mw@iqom.de] Gesendet: Dienstag, 2. März 2010 00:17 An: ''Shorewall Users'' Betreff: AW: [Shorewall-users] NAT Issue Try 1.1.1.198 eth0 172.16.1.23 no no INTERFACE - interfacelist[:[digit]] Interfacees that

Hi Everyone! I''m having problems to redirect an UDP port to an external server. My firewall have 4 interfaces: NET, LOC (192.168.0.0/24), DMZ(192.168.1.0/24), CMTC(10.0.0.0/24). On CMTC interface I have a direct connection to another network using a VPN link. I need to redirect an UDP port to on server (10.1.0.2) on CMTC zone using my local IP (192.168.0.1) for gateway. I will use

Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the

Hi, I have a client behind shorewall which has 2 IP: 192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP. I have added DNAT rules into shorewall: DNAT net loc:192.168.8.35 tcp 11008 - 1.2.3.4 DNAT net loc:192.168.8.37 tcp 55000 - 1.2.3.5 1.2.3.4 and 1.2.3.5 is virtual IP

Hello All, I¹ve installed the vanilla shorewall F12, I¹ve got it installed on a couple of other servers with no problems. no matter how I define the zones and interfaces, shorewall logs and allows, rejects or drops only traffic to world. ACCEPT:info net:<myip>/32 $FW icmp Shorewall:world2fw:REJECT:IN=br0 ACCEPT:info world:<myip>/32 $FW icmp

Hello, it seems I am hit by http://shorewall.net/MultiISP.html#Local : "Experience has shown that in some cases, problems occur with applications running on the firewall itself. This is especially true when you have specified routefilter on your external interfaces in /etc/shorewall/interfaces (see above). When this happens, it is suggested that you have the application use specific local IP

Hi I am having a problem with a DNAT rule where the packets being REJECT''d: DNAT:info net priv:192.168.6.15 udp 5060 With the following appearing in the log: Mar 6 11:59:30 ipcop kernel: Shorewall:net2fw:REJECT:IN=eth3 OUT= MAC=00:09:6b:6e:48:e8:00:1d:20:fa:46:90:08:00 SRC=71.216.136.25 DST=67.138.129.66 LEN=629 TOS=0x10 PREC=0xA0 TTL=50 ID=28000

Hi list, thank you for Shorewall :) I''m trying to get a simple config to work but i can''t seem to work out how to gain access via ssh to the protected remote machine. But that doesn''t surprise me really as i have just spend well over an hour to find how to limit the lograte AND fill in the logburst in shorewall.conf. I have specified a logfile (not messages) in

Hello all, We are looking to retire our ancient PIX box at the colo and replace it with Shorewall, which we''ve been successfully using (along with OpenVPN) at the headquarters for quite a while. However, I''m missing something basic in the config. I have the base configuration set up, but cannot seem to get our routed IPs to be picked up. Here is the basic config: We have a

Hi everyone! I''m having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: root@emudar:~# telnet

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

Hi, I have two public ip''s and i want to dedicate one ip for incoming and outgoing to one server. I followed http://www.shorewall.net/shorewall_setup_guide.htm and used the example of the daughter system. I have a machine connected on vmbr0 with address 10.10.10.1 listening on port 80 www. Still I can''t connect to this system. I''m forgetting something? Sincerely,