similar to: Lost Connection 15~20 Minutes after starting Shorewall - Shorewall really culprit?

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

Hello, My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu 10.04, This installation is for controlling the access into the local Network, My question is if it is possible to make a conecction WAN to LAN using Terminal Name?? i have been searching in goolge but i didnt find an answer!!!! For example we have IP Public into shorewall with 2 interfaces, and in the LAN we have 3

Hi I''m trying to monitor my multi ISP shorewall with swping, the script works fine, i can see in log when an ISP is down, the script restart shorewall and /etc/shorewall/isusable is called, however in the swping log after the shorewall restart i see again a route by ISP (even the ISP down), is it normal ? should i not see one route less? shorewall version 4.4.5.4-1. ****

I want to use lastest version of Shorewall in my fresh debian squeeze instalation, so I follow http://www.shorewall.net/Install.htm#Debian but, modify preferences file was not enough for me, I have to modify/add some other files in /etc/apt/ directory: 1.) include testing repo to source.list 2.) add APT::Default-Release "stable"; to apt.conf and pinning all other packages to stable

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

There are massive attacks on specific port, I want to trap and log just the ip source to this port. Is there anyway to do so with shorewall? Thanks. Willy Mularto sangprabv@gmail.com ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev

hello before asking my question I come My name is Santiago and I''m from Spain but I''m in Colombia I followed this guide: https://www.doas.montanalinux.org/proxmox-ve-with-shorewall.html but when I run shorewall check, this error occurs: Checking... Initializing... Determining Zones... IPv4 Zones: net loc Firewall Zone: fw Validating interfaces file... ERROR: Invalid

Hi all, The first couple of xen machines we setup used the default xen bridging setup for dom0. I am sure there are many other people out there with this setup. Now that I know a bit more there are probably better ways out there to configure the xen box for firewalling, most notably assigning the red card to a domU and running shorewall in there. But in the meantime I would like to further

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel

On 28/07/2010 15:45, shorewall-users-request@lists.sourceforge.net wrote: > On 7/28/10 1:50 AM, Andrea Perdicchia wrote: > >> > Hi all, >> > Is possible log mac address in shorewall? >> > I try all configuration "debug,info..." in /etc/shorewall/shorewall.conf >> > but in /var/log/messages the log show only few information and not mac

Hello all, I''m using shorewall on a linux machine that has two interfaces, eth0 being connected on the internal network (10.10.10.0/24) and eth1 being connected to the external network. On eth0 the IP is statically configured to 10.10.10.254 and there is a dhcp server running for the machines in the private network. On eth1, the IP is dynamically assigned by my ISP modem that acts as

I''ve set up a simple 2-interface Linux router using shorewall-perl 4.0.8 (and upgraded to 4.0.9). Everything works flawlessly. One small exception I have noticed (since I''m a new shorewall user I assume this is probably an error on my part). 1. Problem: With no "logmartians" entries in /etc/shorewall/interfaces, shorewall-perl sets

Hi, I''ve been having a really strange thing happen. I can''t remember when it happened, or if it coincided with a shorewall update, but if I have shorewall "running", my 100mbps connection is limited to about 1-6mbps per connection. This is with TC/Shaping/QoS disabled or enabled. I have no idea if its shorewall doing something funky or ipables or what, but if I

I have been working really hard configuring and researching very extensively, trying to figure why we are getting "Shorewall:FORWARD:DROP" packets. IPSEC works just fine without the iptable rules created by our shorewall configs but when starting shorewall and creating the iptables I noticed the packets are dropped. I know it is a config situation but I am totally racking my brain as

Hi all, Consider the following. a<-list(c("MHsub","MHsub","SFD","Duplex")) b<-list(c("MHsub","MHsub","SFD")) c<-list(c("MHpark","SFD","SFD")) d<-list(c("MultiFam","MultiFam","MultiFam","Duplex")) all<-list(a,b,c,d)

I have a server that runs shorewall lite. This server has a custom configuration of the semaphore setting. The configuration is set in /etc/sysctl.conf . It works fine most of the time. We have a daemon that crashes, we found that is a semaphores config issue. After the crash we found that semaphore parameters are reseted to defaults. The only event we found is a reload of firewall rules. I

Hi, on my system (Linux 2.6.18.8 - ia64), if a domain write on the xencons before xenconsole is initialized the domain gets back what it wrote. This patch fixes this issue by making raw the pty slave very early. (I suppose it doesn''t happen with linux as a guest because it takes a little bit of time before writing to xencons). Tristan. _______________________________________________

Hello, My hoster updated its kernel packages... It contained some old problems that should have been fixed. My servers have now a wonderful 2.6.21.5 kernel + grsec running. Both are running Debian 4.0 (stable release). mx:/etc/shorewall# iptables --version iptables v1.3.6 mx:/etc/shorewall# uname -a Linux mx.network-hosting.com 2.6.21.5-grsec-xxxx-grs-ipv4-32 #1 SMP Fri Jul 27 17:18:23 CEST

I've seen a couple of these in the log while testing the proxy too. Do you know what would cause this? Aug 10 23:30:29 director5 dovecot: imap-login: fcntl(-1, F_GETFL) failed: Bad file descriptor Aug 10 23:30:29 director5 dovecot: imap-login: fd_set_nonblock(-1) failed: Bad file descriptor Aug 10 23:30:29 director5 dovecot: child 14016 (login) returned error 89