Displaying 20 results from an estimated 2000 matches similar to: "Remapping port below 1024 on the firewall"
2013 Oct 03
7
TCCLASSES vs Providers
Hi, I want to configure QoS in my shorewall conf but I have a doubt.
Now I am using tcrules with prerouting and with the file providers, like
this.
2:P 192.168.0.11 0.0.0.0/0 tcp 25
So, with this way I route my smtp traffic with my provider number 2.
Well, now I want to configure QoS with tcclasses and tcdevices, but if I do
that I need to use the MARK in the tcclasses
So, how
2013 Oct 10
3
Detect dhclient leases file in centos
Hello,
I''m using shorewall-4.5.16 with centos5. The dhclient stores the lease information on
the /var/lib/dhclient/dhclient-<DEVICE>.leases file.
The /var/lib/shorewall/firewall script has the function detect_dynamic_gateway that
detects the gateway based on the leases file. The code in the function is:
detect_dynamic_gateway() { # $1 = interface
local interface
2013 Oct 07
4
AutoBL issues on CentOS 6
Hi Tom and all,
I started to play a bit with the AutoBL action on a CentOS 6 box and ran
into the following problems:
1) The action.AutoBL doesn''t work for me until I patch it like so:
--- /usr/share/shorewall/action.AutoBL.orig 2013-10-01
00:59:42.000000000 +0200
+++ /usr/share/shorewall/action.AutoBL 2013-10-07 14:44:31.530841099 +0200
@@ -22,6 +22,9 @@
DEFAULTS
2013 Oct 08
5
Shorewall dropping packets that should be forwarded
I had to restart one of my routers tonight and since then shorewall on
it has been dropping SIP packets coming in from one machine instead of
forwarding them to the freebpx server.
Shorewall:net2all:DROP:IN=eth0 OUT= MAC=<removed> SRC=<my home network
external ip> DST=<server network external ip> LEN=575 TOS=0x00
PREC=0x20 TTL=78 ID=230 PROTO=UDP SPT=5061 DPT=5060
2013 Nov 05
8
Forwarding external traffic to another external server?
I''m trying to use my VPS server (single interface of course) as
somewhat of a VPN gateway to my other location (which is not
accessible directly from some places) where the openvpn server is
running, and am kind of lost as to what to try next.
I tried a redirect rule, but apparently shorewall didn''t like that (it
just failed to start).
I tried adding the rules via
2013 Oct 03
2
Packetfence
Hi
Has anybody tried to combine shorewall (instead of iptables) with
packetfence?
/Göran
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and
2013 Oct 27
4
shorewall stop
hi, while stopping shorewall 4.5.21.2 on a debian7 box with the
ADMINISABSENTMINDED set to no in shorewall.conf, the connections on
vlan tagged interfaces that were active before the shorewall stop
command was executed are not terminated as it is for the firewall and
other interfaces!
when the firewall is stopped as expected new connections on vlan
tagged interface are refused but even
2013 Sep 30
4
strange problem
Hi,
In log I get:
-----------------------------------------------------------
Sep 30 16:19:03 host kernel: Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth0 SRC=ip1 DST=ip2 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=27279 DF PROTO=TCP SPT=51501 DPT=25 WINDOW=8192 RES=0x00 SYN URGP=0
----------------------------------------------------------
Even in /etc/shorewall/rules I have
2013 Sep 23
3
Custom iptables rules to drop DNS Amplification Attacks
Hi all, I need an help to implement this kind of rules on shorewall:
iptables --insert INPUT -p udp --dport 53 -m u32 --u32 "0x28&0xFFDFDFDF=0x055a5a47 && 0x2c&0xDFDFFFDF=0x53540343 && 0x30&0xDFDFFFFF=0x4f4d0000" -j DROP
This kind of rules need to block a DNS Amplification Attack.
I found this file
2013 Sep 08
5
shorewall-lite
Hi I''m running on a debian box shorewall-4.5.17.
My main gateway is a router running on openwrt and I want to use the
shorewall-lite packet provided by openwrt. The openwrt''s provided
shorewall-lite packet is 4.5.7.
So my questions would be:
1: Do I need to make some modifications before installing
shorewall-core-4.5.7/shorewall-4.5.7 on my debian box?
2: if I have both
2013 Oct 08
2
Bug with H323 helper? Shorewall 4.5.16.1 as packaged up for Debian.
Hi all.
I can''t seem to get the h323 connection tracking configured correctly for Shorewall.
I am using the Debian Shorewall 4.5.16.1 package.
I am running a Debian 3.9 kernel like so:
# uname -a
Linux gw 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux
My version of iptables is:
# iptables -V
iptables v1.4.20
If I add the following rule in the /etc/shorewall/tcrules file to
2013 Sep 10
6
lsm configuration issues...
Hi,
I use shorewall-4.5.4 + lsm-0.143 and it does not seem to work as expected...
When all providers are up, everything seems fine.
When one goes down, lsm says "link <provider> down event"... and it seems
ok but we then experience some problems such as a few unreachable sites,
DNS problems...
If I remove the downed provider from all confs and restart, everything works again.
2013 Sep 06
3
Shorewall OpenVPN, routing back from a LAN
When using shorewall with a road warrior openvpn setup, how can I get the
tun interface to masq through a lan interface?
Example Setup:
Machine A (tun0 10.0.0.1) -----------VPN---------(tun0
10.0.0.2)---------Machine B(10.10.10.1)
When I ping Machine B from Machine B, Machine B is receiving the echo
request, but it doesn''t know the route back to the 10.0.0.0/24, and there
2013 Nov 19
7
IPv6 connections won't be rejected nor logged
Hi,
I have servers where shorewall6 won''t reject nor log:
# cat /etc/shorewall6/zones
fw firewall
net ipv6
# cat /etc/shorewall6/interfaces
net eth1 tcpflags
(I also tried without "tcpflags", but no changes)
# cat /etc/shorewall6/policy
$FW all ACCEPT
all all REJECT info
# cat /etc/shorewall6/rules
SECTION NEW
(for testing, I removed all the rules)
I am testing from
2013 Nov 21
14
openvpn restart fails with dual entry in conntrack and wrong sourceport
the establishment of an openvpn link sometimes fails.
I tracked it down to network traffic with wrong Sourceport in the answer
packet (should be 1300 not 1024):
2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300
Destination port: 1300
3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024
Destination port: 1300
and a collateral entry in the connection tracking table
2013 Sep 30
1
Problem SIP
Good afternoon Tom, okay?
See if you can help me ...
I have some users that connect via Softphone (SIP) outside my network.
I''ve done a DNAT rule correctly.
When these users connect, they can hear, but the other side can not hear.
My telephony server receives connections by an alias eth0: 4 which is the
same IP output.
See my rules file and my nat file:
rules:
DNAT net
2013 Sep 16
7
Rsync rules for Shorewall
Hi folks,
I''m having an issue with rsync between my firewall and an internal
box. It seems to be a shorewall issue (or correctly speaking, an
issue with my shorewall config) because if I disable shorewall my
rsync works fine.
And I just can''t find it documented anywhere what I need to do.
I have rules like this :
root@userver:/etc/shorewall# grep -i Rsync rules
2013 Aug 31
23
ERROR: Log level INFO requires LOG Target in your kernel and iptables
Hi,
I have 2 Debian testing boxes running a very similar setup (both running
the latest aptosid kernel); on one of them, since the
iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to
1.4.20-2, shorewall-init can''t start shorewall anymore and for this
reason ifupdown also fails triggering firewall up.
Shorewall can be successfully started later on, and ifupdown starts
2013 Aug 19
4
squid on a dual ISP cenario
Hi to all
For is just az concept question :
There are a need to change something in Squid3 config when it are running
in the same box as shorewall with 2 ISP ?
I''ve been thinking in do this at home, as a proof of concept for future
implememtations ...
I allways use Roberto''s Debian package to implement Shorewall .
Fábio Rabelo
2013 Sep 12
25
shorewall-lite error at start
Hi,
My main gateway is a router running on OpenWrt Barrier Breaker
r37816/ Kernel Version3.10.4.
I installed shorewall-lite from openwrt''s repo using opkg but while
trying to start shorewall-lite I get the folowing errors:
The first error i got was "scp: /var/lib/shorewall-lite: No such file
or directory" simply resolved by making the folder "shorewall-lite"