similar to: KVM and bridge

Hi. Im setting up a web farm test lab. I have a number of machines in the test last on a dmz zone on network 10.20.30.0. The test lab firewall has two NICS. One (eth0) has two ip addresses, eth0 10.161.101.40 and eth0:0 10.161.10.49. The other one, eth1 is on a private network, 10.20.30.0. I want to use DNAT to allow test engineers to ssh into the machines in the web farm. I have

Hello all, It''s my first letter on this list, and, my English is not very well. Please take me indulgence for grammar/syntax and over erorrs :)) I have trouble for acl''s of ip range. But, acl for one host (with ip adress) work fine. Please help me for make work acl/find erorr in acl. Becouse I''m new shorewall user, I maked test configuration on Virtual Mashine

Hi, I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it

RC 1 is now available for testing. Problems corrected: 1) All sample .conf files have been changed to specify FORWARD_CLEAR_MARK= rather than FORWARD_CLEAR_MARK=Yes That way, systems without MARK support will still be able to install the sample configurations and FORWARD_CLEAR_MARK will default to Yes on systems with MARK support. 2) The install scripts in the

RC 1 is now available for testing. Problems corrected: 1) All sample .conf files have been changed to specify FORWARD_CLEAR_MARK= rather than FORWARD_CLEAR_MARK=Yes That way, systems without MARK support will still be able to install the sample configurations and FORWARD_CLEAR_MARK will default to Yes on systems with MARK support. 2) The install scripts in the

Hi all... I have configure a Shorewall gateway to my little lan im my home. The shorewall work fine here... However, when I try to use Limewire, I can download nothing.... On fact, I can''t get any high connection on Limewire.. What can I do to make Limewire work properly behind a Shorewall gateway???? May be I have to open all port (both tcp and udp), but how? Thanks a lot... Best

Hi All, I''m using shorewall 4.0.15-1 on debian 5.0.5 and It works fine. I want to start using rules based on users. This is supported in the shorewall-rules file, However it seems that each rule can only be associated with one user or group. Does this mean that I cannot have a rule apply to several users which belong to several groups? Will creating duplicate rules for each user

Hello, This is using version 4.4.11.3 (Debian). The following error occurs: ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : The configuration is a test config. Commented lines removed to keep it clear: # cat zones fw firewall loc ipv4 # cat interfaces loc eth1 - # cat hosts loc eth1:10.128.23.34/16 # cat policy all all ACCEPT

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

Hi, I have a simple question. I have my firewall with 2 external Ip and 1 lan. For example ISP1 FW LAN----Mail Server ISP2 Ok, when i DANT the smpt port to my mail server, I can see that the conection in my mail server comes from the external IP of my ISP. I need to change this so the conection to my mail server cames from the LAN IP from my firewall Is this possible?

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

Hi all, I´m running a server that frecuently needs to open a pptp session with a remote server outside my Company. This server is running behind a Shorewall firewall and I don´t find information in Shorewall web page because there is no information in the link http://www.shorewall.net/PPTP.htm#ClientsBehind Nowadays I can connect this server with the remote one but te session is closed after

We often find ourselves reading through all sorts of contests on the Internet that never seem to echo our own personal skill set or interests. Perhaps you've even fantasized about a type of contest with the types of prizes and goodies that YOU'D actually enjoy. Maybe you've wished there were something along the lines of a asterisk phone system diagram contest? With prizes ranging from

Hello - I am a little problem trying to find what dependency I need to up date - This is what I see when trying to install: rpm -Fvh shorewall-* error: Failed dependencies: rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-common-4.2.0-0Beta3.noarch rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by shorewall-perl-4.2.0-0Beta3.noarch I am using Centos 5.2 with the following RPM

Hi, I have a few questions about the inner workings of netfilter (a graphical layout of my network setup @ https://aequorin.homeunix.net:62389/local/media/network-graph.png) 1) These are the syslog entries for some simple connection tests. Shorewall/netfilter has been set to record all stateful connections SSH is recognized as phys(eth0) -> $FW traffic. This is because PHYSIN is

Hi, Shorewall version -4.0.12-2 (EL5 rpm version) OS : Centos 5.2 I have shorewall successfully running on Linux with multi ISP. Trying to make services such as "rsync, ftp" go through my secondary ISP. For which I did the following eth0 : Internal LAN eth4 : DSL (Second ISP) => x.x eth5 : T1 (First ISP) => y.y Created the following entries in

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi. I set, for example, a rule with a host server: Macro.http accept fw net:www.google.es I restart shorewall and it works, but when i stop the firewall for disabling Internet (for any reason), and i want start the firewall it says: Failed to start firewall : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... WARNING: Support for the detectnets interface

Hi, I am trying something so easy but doesnt work for me. I want to have more than once zone in my lan, for example my lan es 192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs. etc here is my conf: Interfaces: -------------- #ZONE INTERFACE BROADCAST OPTIONS - eth3 detect net eth1 detect norfc1918 net eth0