similar to: rules with multiple users/groups

Hello, This is using version 4.4.11.3 (Debian). The following error occurs: ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : The configuration is a test config. Commented lines removed to keep it clear: # cat zones fw firewall loc ipv4 # cat interfaces loc eth1 - # cat hosts loc eth1:10.128.23.34/16 # cat policy all all ACCEPT

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and

Togan Muftuoglu has just informed me that Shorewall is now available in the following repositories: <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.2> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.3> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_Factory> Thanks Togan!! -Tom -- Tom Eastep

Now I step by step to configure Shorewall to match my school environment, the following error when I restart the Shorewall. ..End Macro iptables v1.2.11: Unknown arg `--sports'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports !

Hi all, I have a VPN setup but it only works once in a while. It seems my firewall (shorewall 3.0.8) is blocking protocol 47. Here is what I have: eth0: internet eth2: dmz - my pptp server My entry In the rules file: pptp/ACCEPT fw dmz:192.168.253.2 My pptp macro ############################################################################### #ACTION SOURCE

Hello All, I know that this should be a trivial issue, but I''m stuck. I''m totally new to Shorewall and although I''ve read all about the zones, they''re still a bit confusing for me. What I''m attempting to do is run an FTP server on an internal machine. I''ve read the example guide and troubleshooting guide, but I can''t figure it

Hi all, I am having an issue with a multiple ISP setup. I have followed the docs online and I think I have everything setup correctly but I can get the desired traffice to go out my secondary ISP. A quick run down on what I am trying to acomplish. I want to send all sip/iax traffic out one ISP in the net zone and then send all other traffic out my secondary ISP in the dsl zone. Attached is

I just setup the Shorewall in my school, but now all clients can''t through to internet, all servers can through to internet with NAT, when I disabled NAT that all servers can''t through to internet. Below is my school network: internet ---> shorewall ----> loc ---> ciso router ---> loc1 Below is my config files: policy: # If you want to force clients to

hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or

Hi, How can only allow http,ftp,smtp define on outgoing rules ? Thanks _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and

Hi When I start shorewall, the multicast stream is stopped. My config: Windows VLC Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux VLC Streaming server 192.168.254/24 lan wan (but it''s really a internal lan !) 191.168.1.21/16 on the FW/shorewall route add -net 224.0.0.0 netmask

I have a couple of firewalls that are rather complicated - one has 21 interfaces, and the other has about 50 (there''s some heavy use of 802.1q, they only have half a dozen network cards). They work okay, but - compiling the rules takes a long time even on the faster servers, and restarting shorewall-lite takes between 5 and 10 minutes (during which time, only the routestopped stuff will

I'm planning to upgrade my asterisk 1.4.4 to 1.4.6. usually for asterisk upgrade i delete modules directory and include, then compile the new version. Since i have couple of G729 Licenses on this server installed, would i need to call Digium to reactivate these Licenses? Is there any better and faster way of upgrade asterisk? Possibly without losing G729 License? Thanks!

I''m having troubles with my outbound VOIP connection. I''m convinced that I don''t have QOS/traffic shaping configured properly in my shorewall linux firewall, which serves as my Asterisk VOIP server and Internet router/gateway. I don''t have a separate router box. I''ve been using VOIP for about a year now, but just recently realized that I need to

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

Hello everyone! How are you? Hope you''re well :) Here''s my setup at home: Internet -> (eth1) Comp1 (shorewall, DHCP, dns server, Internet sharing) (eth0) -> Linksys (wireless) ~~~~~~~~~~~~ (wlan0) Comp2 (eth0) -> IP Phone My computer1 is well confiugred, everything was working right and well. I decided to move the IP Phone to the COmputer 2. I was able to make this

Hello, I changed the log path in shorewall.conf, LOGFILE=/var/log/messages to LOGFILE=/var/log/shorewall, and then I touched the shorewall file in /var/log, permission root:root 600, after shorewall restart, no logging messages appear in /var/log/shorewall. so how can I fix this problem ? Thanks !! _______________________________________ YM - 離線訊息

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking