similar to: long rule action names with logging cause iptables errors

I think you can change the existing firewall logging code for log_rule_limit (where you have one case for for LOGRULENUMBERS and another almost identical case without) down to this slightly shorter version with no duplication (excerpt): if [ -n "$LOGRULENUMBERS" ]; then eval rulenum=\$${chain}_logrules [ -z "$rulenum" ] && rulenum=1 fi case

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has

sorry, i''m confuse where to post my problem.. i was post to shorewall-users, but must read to support.html this''s my problem ----------- i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

Hello all. First of all, please be a bit indulgent to my poor English :-). Second, this message is "kinda" BIG, so if you don''t like BIG messages, simply don''t read it :-). I''ve read http://shorewall.net/2.0/Shorewall_and_Routing.html and http://shorewall.net/MultiISP.html, however I still a bit confused how to organize what I need :-). I''ve a

Hi, I have a working test install of Shorewall 2.0.7 on a 32 bit install of Gentoo, it''s working like a champ, so i am making an install on a nice new Opteron server, using 64bit Gentoo. I have run into a problem which going by your FAQ might be due to a missing module, but after a couple of hours of fiddling I''m stumpted - I can''t see any options in the 2.6.8 kernel

Hi, I install shorewall firewall on my server and after that I have big problem with SMTP, I can send messages with outlook to server but that messages don`t go out from server (Currently I have over 800 messages in the mail queue) My server is on WHM/cPanel and EXIM.... When I click on "Delivery Now" for some message in WHM I get error: Message 1BtoLi-00033G-RN is not frozen LOG: MAIN

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

I have /bin/ash from rh8 installation and I have following error when I tried to change using ash instead of sh with shorewall-1.4.7: + eval options=$tap0_options + options= + list_search newnotsyn + local e=newnotsyn + [ 1 -gt 1 ] + return 1 + run_user_exit newnotsyn + find_file newnotsyn + [ -n -a -f /newnotsyn ] + echo /etc/shorewall/newnotsyn + local user_exit=/etc/shorewall/newnotsyn + [

Hello every body: I have RedHat fedora core 2 machine, using iptables and squid. I am having a lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have installed ipp2p from rpm. Every thing was ok until I use iptables rules. I get this error. [root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP iptables: No chain/target/match by that name sames

 Hello, everybody.  This one''s got me stumped.  What I''m trying to do is have two networks--192.168.1.0 and 192.168.2.0--with SMB and WINS running between them.  So far I can mount SMB shares allright, but I can''t browse by WINS names across the router.  I''ve posted this question on Linuxquestions.org; you''ll find the details there.  Here are my

Hello, I''m working in configuring a very restrictive firewall to stick between our techroom and our internal network. Basically nothing should be allowed into the techroom and only a limited amount of traffic is to leave the techroom. Below are a few log entries I looking to get explained. DHCP is handled by the firewall, DNS is handled by servers side our techroom. my rules file

Hi all, I''m using Gentoo Linux Distribution and I''ve upgraded my firewall from Shorewall 1.4 to 2.0.4, however my LANs stop having internet access. I have a server with shorewall 2.0.4 installed and 3 interfaces. eth0 and eth1 are interfaces to a LAN and to my laptop and eth2 is the net interface. I have masq like: eth2 eth0 eth2 eth1

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Let''s move this to the Shorewall Development list.... On Tuesday 10 February 2004 03:14 pm, xavier wrote: > here is a patch to allow this : > |ACCEPT<10/sec:20>:debug fw lan:$ntp_servers udp 123 - - - - ntp > > a problem with the patch is that now the logprefix is mandatory. > i''m trying to debug it, but i can''t find the flaw. Also, with

Greetings. I run an Amateur Radio system (ampr.org) that requires 2 public ip''s on a RH 9.0 box. The primary one is 209.52.173.97 and is used for connections to the normal linux system and the usual apps such as web, ssh, smtp, etc. The secondary address is 209.52.173.98 and is routed via a pseudoslip link to the systems ampr address of 44.135.163.21. This setup takes place in the

I want to use --min-size to copy just large files (and their necessary parent directories), but everything I've tried copies *all* the source directories, and creates them empty on the destination even if they don't have any big files in them. I only want the minimal directory hierarchies that contain the big files. This doesn't work: $ rm -rf /tmp/foo $ rsync -ai --min-size

>From a diff of my current shorewall firewall script with the new one from the CVS today : $ diff -w /usr/share/shorewall/firewall /usr/src/shorewall/s/firewall [...] 673c910 < for network in $networks; do --- > for networks in $networks; do I don''t think that "for networks in $networks" works well. -- -IAN! Ian! D. Allen Ottawa, Ontario,

Sorry for the frantic nature of this message, but we need to allow pings on our firewall so our ISP can test things. I''ve done this, and it still doesn''t work: (I am now at v.2.0.10) rules: AllowPing net fw AllowPing sls fw show indicates some matches, so where are they? Chain AllowPing (4 references) pkts bytes target prot opt in out source