similar to: Trap and Log With Shorewall

Hi list, I have a shorewall installed on 2 interfaces which also has multiple static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned nat with: 1.2.3.4 eth0 11.22.33.4 no no But then I have a situation where I need 11.22.33.44 to connect to a host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4. How to do it? TIA Willy

Hi, I just add these file rules: DNAT net loc:192.168.8.35 tcp - - 202.158.70.38 DNAT net loc:192.168.8.36 tcp - - 202.158.70.38 DNAT net loc:192.168.8.37 tcp - - 202.158.70.38 And these on file nat: 202.158.70.38 eth0 192.168.8.35 no no 202.158.70.38 eth0 192.168.8.36 no no 202.158.70.38 eth0 192.168.8.37 no no I try to connect to the internet and check the IP and all hosts returns

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hi, I have 8 ethernet cards installed. Is it possible to use eth0-eth6 as the net interface for shorewall and eth1 as the lan network? Thanks. sangprabv sangprabv@gmail.com ------------------------------------------------------------------------------

Hi, I have a client behind shorewall which has 2 IP: 192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP. I have added DNAT rules into shorewall: DNAT net loc:192.168.8.35 tcp 11008 - 1.2.3.4 DNAT net loc:192.168.8.37 tcp 55000 - 1.2.3.5 1.2.3.4 and 1.2.3.5 is virtual IP

I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

I am attempting to use the Knock.pm from http://www.shorewall.net/ManualChains.html I am not having much luck making the DNAT- knock work for some reason. Anyone else using this on 4.4.4 that can verify if this still works as documented? Thanks ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the

I want to use lastest version of Shorewall in my fresh debian squeeze instalation, so I follow http://www.shorewall.net/Install.htm#Debian but, modify preferences file was not enough for me, I have to modify/add some other files in /etc/apt/ directory: 1.) include testing repo to source.list 2.) add APT::Default-Release "stable"; to apt.conf and pinning all other packages to stable

Hello, This is using version 4.4.11.3 (Debian). The following error occurs: ERROR: Duplicate Host Group (eth1:10.128.23.34/16) in zone loc : The configuration is a test config. Commented lines removed to keep it clear: # cat zones fw firewall loc ipv4 # cat interfaces loc eth1 - # cat hosts loc eth1:10.128.23.34/16 # cat policy all all ACCEPT

Hi All, I''m using shorewall 4.0.15-1 on debian 5.0.5 and It works fine. I want to start using rules based on users. This is supported in the shorewall-rules file, However it seems that each rule can only be associated with one user or group. Does this mean that I cannot have a rule apply to several users which belong to several groups? Will creating duplicate rules for each user

Hi, i am using squid as a transparent proxy. i have added this 3 lines to my rules file ACCEPT $FW net tcp www ACCEPT loc $FW tcp 8080 REDIRECT loc 8080 tcp www - !192.168.100.2 i want to limit the number of connection that are made from every pc on the network to the proxy server. if i change the 2nd rule to ACCEPT loc $FW tcp 8080

Hi, I have recently installed shorewall with a very simple rules configuration, ---------------------------------- #SECTION RELATED SECTION NEW Ping/ACCEPT all $FW Trcrt/ACCEPT all $FW SSH/ACCEPT all $FW ACCEPT net $FW tcp http #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ----------------------------------------- and I have no

Hi, I'm using IPSEC in a multi-ISP configuration, lsm 0.131, Kernel 2.6.32, ipsec-tools 0.8.0 This worked fine with Shorewall/Shorewall-Lite 4.5.7. After updating Shorewall to 4.5.8 the routing of ESP packets doesn't work. If I change the Providers.pm file and add connmark => "! --mark 0/$mask" like before in Shorewall 4.5.7 than everything works fine. add_ijump

Hi I''m trying to monitor my multi ISP shorewall with swping, the script works fine, i can see in log when an ISP is down, the script restart shorewall and /etc/shorewall/isusable is called, however in the swping log after the shorewall restart i see again a route by ISP (even the ISP down), is it normal ? should i not see one route less? shorewall version 4.4.5.4-1. ****

Hello, I have a linux system running with 1 nic. (just local LAN) A Fritzbox is the DSL router, because of services of the Fritzbox (voip etc) I have to use the Fritzbox as the DSL router. Now I want to use the linux system as a VPN router so other devices on the local lan can use that VPN connection. I have setup shorewall but I cannot get it to work. I have monitored the traffic with

Hello, My name is Felipe I succesfuly installed Shorewall 4.4.20.3 in Ubuntu 10.04, This installation is for controlling the access into the local Network, My question is if it is possible to make a conecction WAN to LAN using Terminal Name?? i have been searching in goolge but i didnt find an answer!!!! For example we have IP Public into shorewall with 2 interfaces, and in the LAN we have 3

Hi! I have a strange problem with shorewall on one of our routers. When i configure a rule like ACCEPT loc:192.x.x.x net tcp 80 this rules will only work if i do a tcpdump -i all port 80 After doing the tcpdump the clientrules works. When i don''t use tcpdump before the connection will be refused. Best regards, Kai.

Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and