similar to: Shorewall under xen

Dear All, I try to upgrade, my old shorewall from 4.4.13-3 to 4.5.2.3-1 on CentOS, after upgrade i can''t start shorewall with this message: "/Shorewall: Address Ranges require the Multiple Match capability in your kernel and iptables/" I try to search on the net about this, but no still no light. Somebody can help me? Great appreciate for any help. Regards,

I want to test shorewall6 in a scenario with several virtual machines. Each virtual machine has the interface eth0. With IPv4, I would assign an IP-alias to eth0:1 and so would have eth0 and eth0:1 as interfaces for shorewall6. How is this done with IPv6? Viele Grüße Andreas Rittershofer -- ------------------------------------------------------------------------------ Live Security

Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid  with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the

I know someone who for the past 4 days has been having the heck ddosed out of him. He runs a gaming server, and ran a report on the ddos; he has 8 pages of that and a few hours ago there were 16 pages. They''re attacking his machine on random ports and he blocks UDP traffic on those ports, but they keep attacking on other ports. So far he''s banned over 800,000 IP''s.

Hi all: I see a lot of the errors below in /var/log/messages on my firewall: Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:49:44 munin kernel: [109128.257509] martian source 192.168.1.5 from 127.0.0.1, on dev eth1 Aug 1 00:50:44

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

4.5.4 Beta 3 is now available for testing. I apologize for the back-to-back Betas but I guess it''s better to find these problems during the Beta period rather than later. Problems corrected: 1) This release includes all defect repairs from Shorewall 4.5.3.1. 2) When EXPORTMODULES=No in shorewall.conf, the following errors were issued: /usr/share/shorewall/modules: line 19:

Hello all, I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ? Thanks Fred

Hi I have a default route to 192.168.1.1 as soon as I start shorewall the default route dissapear. What do I need to do to have it not disappear. Kind Regards My network setup /etc/network/interfaces: # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.17 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

Shorewall 4.5.8 Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes the defect repair from Shorewall 4.5.7.1. 2) The restriction that TTL and HL rules could

This may not necessarily be the best place to ask this, but I''ve tried the Admin Guide, LinuxQuestions and Debian forums and no one knows. Running Debian Testing, and I need to set up two profiles for my wifi adapter, one for home and one for any open AP. I''m using the manual method of configuring, editing the /etc/wpa_supplicant/wpa_supplicant.conf and /etc/network/interfaces

I''m using Roberto''s squeeze repository on an old lenny VM that I just updated from 4.5.2.something to 4.5.3. After the update I was seeing this during start/restart: Initializing... /usr/share/shorewall/modules: line 19: ?INCLUDE: command not found /usr/share/shorewall/modules: line 23: ?INCLUDE: command not found /usr/share/shorewall/modules: line 27: ?INCLUDE: command not

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

Hi, How can I tell shorewall to block any ip address if it generate x no of request within x no of seconds. I want to filter SYN, ICMP and HTTP Get floods etc. Is it possible have a minimum local level deterrence against ddos attacks at firewall level? -- AzfarHashmi Cloudways Your Managed Cloud e: azfar.hashmi@cloudways.com w: www.cloudways.com <http://www.cloudways.com> PGP

Hello Asterisk sits in a Vserver guest (192.168.3.9) on the firewall. I can''t seem to get the sip helper to mark the SIP packets though. I have an ftp client on a different Vserver guest on the firewall. If I put ftp in the HELPER column of tcrules I can mark those packets. With sip in the HELPER column though nothing happens. Attached is a "shorewall dump > dump.txt"

Hi, Hi, I get an error with TC Simple. System: shorewall 4.5.6.2 kernel 3.5.3 iptables 1.4.13 xtables 1.45 iproute2 3.5.1 OS: gentoo/linux amd64 when shorewall executes this command: tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 It fails with this error: RTNETLINK answers: No such file or directory We have an error

Hello, I am trying to set up traffic shaping/control for my voip connection. I am running 4.4.22.3. Here is my current configuration: --- tcdevices --- #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED #INTERFACE INTERFACES eth1 2048kbps 1500kbps -- tcclasses --- #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS # DMAX:UMAX eth1 1 100kbps

When Shorewall refreshes the config I get following in the log.. kernel: ip_tables: MARK target: only valid in mangle table, not filter logger: Shorewall refreshed Is that something I should worry about? Thanks P.S.  shorewall version 4.5.0.2 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the

Tom, There appears to be a broken link on the online manpage for shorewall.conf http://www.shorewall.net/manpages/shorewall.conf.html " *GEOIPDIR*=[/pathname/] Added in Shorewall 4.5.4. Specifies the pathname of the directory containing the /GeoIP Match/ database. See http://www.shorewall.net/ISOCODES.html. If not specified, the default value is