Displaying 20 results from an estimated 800 matches similar to: "long rule action names with logging cause iptables errors"
2004 Jul 15
3
slight simplification to firewall log_rule_limit code
I think you can change the existing firewall logging code for
log_rule_limit (where you have one case for for LOGRULENUMBERS and
another almost identical case without) down to this slightly shorter
version with no duplication (excerpt):
if [ -n "$LOGRULENUMBERS" ]; then
eval rulenum=\$${chain}_logrules
[ -z "$rulenum" ] && rulenum=1
fi
case
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
Hi all,
I was trying to test ROUTE specific code with a multi-isp serviced box.
There is a bug somewhere, but I''m not able to understand what the real
problem is:
when I issue a "shorewall show capabilities" I get:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has
2004 Sep 21
1
squid on DMZ using proxyarp
sorry, i''m confuse where to post my problem..
i was post to shorewall-users, but must read to
support.html
this''s my problem
-----------
i have squid running on DMZ zone
and my network using ProxyARP on eth1 and eth2
mylinuxbox slackware 9.2
my network can access to internet normal, but can''t
redirect to squid server from firewall.
sometimes my network can connect
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2005 Feb 02
1
Masq errors?
Hi all,
I have a problem with a new Shorewall box I''m trying to migrate from
iptables rules to shorewall 2.2.0.
I have a 3 interfaces setup:
- eth0 ---> internet (ip address)
- eth1 ---> remote office (10.0.0.0/8)
- eth2 ---> lan (192.168.16.0/24)
I''m using a very simple and common setup, with just a few DNAT rules in
my /etc/shorewall/rules file, and about twenty
2006 Apr 02
1
Two ISP
Hello all.
First of all, please be a bit indulgent to my poor English :-).
Second, this message is "kinda" BIG, so if you don''t like BIG
messages, simply don''t read it :-).
I''ve read http://shorewall.net/2.0/Shorewall_and_Routing.html
and http://shorewall.net/MultiISP.html, however I still a bit confused how
to organize what I need :-).
I''ve a
2004 Sep 13
5
Config problems
Hi,
I have a working test install of Shorewall 2.0.7 on a
32 bit install of Gentoo, it''s working like a champ,
so i am making an install on a nice new Opteron
server, using 64bit Gentoo.
I have run into a problem which going by your FAQ
might be due to a missing module, but after a couple
of hours of fiddling I''m stumpted - I can''t see any
options in the 2.6.8 kernel
2004 Aug 12
1
SMTP, IP, WHM news problems....
Hi,
I install shorewall firewall on my server and after that I have big
problem with SMTP, I can send messages with outlook to server but that
messages don`t go out from server (Currently I have over 800 messages
in the mail queue)
My server is on WHM/cPanel and EXIM....
When I click on "Delivery Now" for some message in WHM I get error:
Message 1BtoLi-00033G-RN is not frozen
LOG: MAIN
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
2003 Oct 08
2
Problem with /bin/ash
I have /bin/ash from rh8 installation and I have following error when I
tried to change using ash instead of sh with shorewall-1.4.7:
+ eval options=$tap0_options
+ options=
+ list_search newnotsyn
+ local e=newnotsyn
+ [ 1 -gt 1 ]
+ return 1
+ run_user_exit newnotsyn
+ find_file newnotsyn
+ [ -n -a -f /newnotsyn ]
+ echo /etc/shorewall/newnotsyn
+ local user_exit=/etc/shorewall/newnotsyn
+ [
2005 Oct 06
4
Problems with ipp2p
Hello every body:
I have RedHat fedora core 2 machine, using iptables and squid. I am having a
lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have
installed ipp2p from rpm.
Every thing was ok until I use iptables rules. I get this error.
[root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP
iptables: No chain/target/match by that name
sames
2005 Jun 24
9
WINS across two networks and a router
Hello, everybody. This one''s got me stumped. What I''m trying to do is have
two networks--192.168.1.0 and 192.168.2.0--with SMB and WINS running between
them. So far I can mount SMB shares allright, but I can''t browse by WINS
names across the router. I''ve posted this question on Linuxquestions.org;
you''ll find the details there.
Here are my
2004 Jun 11
5
help with rules / log entries
Hello,
I''m working in configuring a very restrictive firewall to stick between our
techroom and our internal network. Basically nothing should be allowed into
the techroom and only a limited amount of traffic is to leave the techroom.
Below are a few log entries I looking to get explained.
DHCP is handled by the firewall, DNS is handled by servers side our
techroom.
my rules file
2004 Aug 30
6
Shorewall upgrade messed up my firewall
Hi all,
I''m using Gentoo Linux Distribution and I''ve upgraded my firewall
from Shorewall 1.4 to 2.0.4, however my LANs stop having internet
access.
I have a server with shorewall 2.0.4 installed and 3 interfaces.
eth0 and eth1 are interfaces to a LAN and to my laptop and eth2
is the net interface.
I have masq like:
eth2 eth0
eth2 eth1
2005 Jun 27
5
Bridging problem with Shorewall and OpenVpn
Hello All,
I am trying to implement OpenVPN on Fedora core Linux 3 with the latest
pathces
installed. This server is used only as firewall/internet gateway/proxy/VPN
server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP
It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12)
connected to the local network.
I use shorewall 2.4 on this machine.
I like to test
2004 Feb 10
22
Re: [Shorewall-newbies] specific log-prefix ... patch
Let''s move this to the Shorewall Development list....
On Tuesday 10 February 2004 03:14 pm, xavier wrote:
> here is a patch to allow this :
> |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp
>
> a problem with the patch is that now the logprefix is mandatory.
> i''m trying to debug it, but i can''t find the flaw.
Also, with
2004 Aug 13
2
Problem setting up Shorewall with 2 public IP''s
Greetings.
I run an Amateur Radio system (ampr.org) that requires 2 public ip''s on a RH 9.0 box. The primary one is 209.52.173.97 and is used for connections to the normal linux system and the usual apps such as web, ssh, smtp, etc. The secondary address is 209.52.173.98 and is routed via a pseudoslip link to the systems ampr address of 44.135.163.21. This setup takes place in the
2009 Apr 22
2
purge-empty-dirs and max-file-size confusion
I want to use --min-size to copy just large files (and their necessary
parent directories), but everything I've tried copies *all* the source
directories, and creates them empty on the destination even if they
don't have any big files in them. I only want the minimal directory
hierarchies that contain the big files. This doesn't work:
$ rm -rf /tmp/foo
$ rsync -ai --min-size
2005 May 18
3
odd line in current CVS for firewall
>From a diff of my current shorewall firewall script with the new one
from the CVS today :
$ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall
[...]
673c910
< for network in $networks; do
---
> for networks in $networks; do
I don''t think that "for networks in $networks" works well.
--
-IAN! Ian! D. Allen Ottawa, Ontario,
2004 Nov 26
6
Help! AllowPing not working
Sorry for the frantic nature of this message, but we need to allow pings on
our firewall so our ISP can test things. I''ve done this, and it still doesn''t
work: (I am now at v.2.0.10)
rules:
AllowPing net fw
AllowPing sls fw
show indicates some matches, so where are they?
Chain AllowPing (4 references)
pkts bytes target prot opt in out source