similar to: Problems with routing to VPN appliance

Hi everybody. I''m trying to configure shorewall folowing this manual: http://www.montanalinux.org/proxmox-ve-with-shorewall.html But with shorewall check it tells me thah: Checking /etc/shorewall/interfaces... ERROR: Unknown zone (dmz) : /etc/shorewall/interfaces (line 16) How can I define it in the zone file? thanks for the help. best regards, Santiago.

This one is a bit complex so if no help is forthcoming, I understand. I have 2 shorewall firewalls (1.3.13) up and running. (both machines running Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have squid setup as a caching/filtering server on each of them. Each of them was originally setup using the Two-interface Quick Start Guide. Then the Squid guide and then the IPSEC

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

RC 2 is ready for testing. Problems corrected: 1) The 4.5.1 Shorewall Lite and Shorewall6 Lite installers install the wrong SysV init script on Debian and derivatives. That has been corrected. 2) The getparams program now reads the installed shorewallrc file rather than ~/.shorewallrc. 3) The ''load'' and ''reload'' now copy the

Hi, my dhcp configuration seems to be somewhat off 1) I don''t put dhcp on any interface, however, there is no problem starting dhcp client on my net interfaces eth0, eth1 2) shorewall isn''t "started" on eth0 because it detected there was no IP 3) When I plug in the network cable I guess netfilter isn''t fully limiting eth0? 4) At some point during the

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to

Beta 3 is now available for testing. Problems Corrected: 1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The

Beta 3 is now available for testing. Problems Corrected: 1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of tcinterfaces and tcrules, and causes no ingress policing to be configured. 2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when $FW:<address> is entered in the SOURCE column of the tcrules file. New Features: 1) The

Has any had any experiences with Watchguard Firebox 1000 and Asterisk. I have asterisk on public side and phones on the private side. I am able to get the phones to register and make outbound calls but the inbound calls are intermittent. I have NAT enable in asterisk and on the Cisco 7960. Any insight would be appreciated. Thanks

I have registered a project with Sourceforge to produced a Webmin module for Shorewall. http://sourceforge.net/projects/webmin-shorewal/ Anyone interested in participating please email me at enemyofthestate at users.sourceforge.net I am still learning the interface but I think I need your Sourceforge Nym to add you as a developer. -- Stephen Carville Unix and Network Adminstrator

Has anyone here used Asterisk inside a WatchGuard firewall, talking via the WatchGuard SIP Application Layer Gateway to an outside SIP service? I have a customer doing just that, and I am 100% convinced there is a bug in the ALG regarding the media port number it inserts into the SDP when it rewrites it. However, either they or WatchGuard will not accept there is a bug, despite my very detailed

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

Hi List, I have a new install of CentOS 6.2 and shorewall 4.5.1-2. I usually have no issues with shorewall until now. When I execute < #shorewall start > I get the following error. root@poweredge > /etc/shorewall# shorewall start Compiling... Can''t locate Shorewall/Compiler.pm in @INC (@INC contains: /usr/share/shorewall /usr/local/lib/perl5 /usr/local/share/perl5

We are trying to setup a sip connection behind a Watchguard Firebox 1000 and it is simply put...not working. The ports are all forwarded but the packets are not going out. It is as if the firewall simply ignores SIP packets. Has anyone seen this or have any idea what the issue could be? Watchguard so far has been of zero help. Kerry Garrison Director of Technical Services Tech Data Pros -

I tried to the new GATEWAY option in /etc/shorewal/interfaces file but it didnt work. My network setting consists of 2 ISPs line and i would like to have eth0 to connect to for example, 192.168.15.254 while eth1 connected to 192.168.33.254. I restarted shorewall and nothing is wrong. However, the traffic still goes to the default gateway as shown in "route -n" command. For example, i

I have been approached with a question that I am not sure about... A Shorewall system has only one interface, with a public IP-adress. The same system is the endpoint for a few OpenVPN-tunnels. Is it possible to add an aliased IP to the interface, and NAT traffic to a OpenVPN-endpoint? The endpoint is on 10.4.2.3 and the Shorewall-box has an interface of 10.4.2.1.

Hello, I am trying to use WINE (20050725-r1 on Gentoo Linux) to install/run Watchguard's Firebox Management Software (WFS). The WFS installer uses an installshield installer of course.. I've been looking thru the FAQ, wiki, etc and have found info about DCOM98 needing to be installed. I've tried a bunch of things so far, and here's where I stand: First, I tried getting

I've actually been thinking about it almost since the beginning. It's just been annoying waste of space on my screen. And more importantly nowadays it's also breaking DKIM/DMARC signatures. So if somebody still uses Subject-based filtering it's about time to switch to List-ID header based filtering now. Another thing I'm wondering about is if I should allow text/html parts,

Hi Timo/everyone, Currently we are logging the remote IP, but is there a way to show the IP address that the NAT connection is coming from? The reason I ask is, we are changing ISPs, and I would like to see in the logs when an external connection is coming from our OLD ISP connection, and when it is coming through our new one. We have a Watchguard firewall, and I have both External

I am trying to install the WatchGuard VPN client that works on my WinXP system on to Ubuntu 7.04 Feisty Fawn. Here are the errors that happen half way thru the install. tfrench at tfrench-desktop:~$ winefile fixme:rpc:alloc_serverprotoseq protseq "mswmsg" not supported fixme:rpc:I_RpcServerStopListening (): stub fixme:rpc:I_RpcWindowProc (0x20054,00000002,00000000,00000000): stub