similar to: Docs - QSG & Samples Issues

I just installed Shorewall for the first time and had no working knowledge of iptables other than a couple magazine articles prior to this time. The use of the QSG is fresh in my mind. It was the single most helpful guide of any on the site. Comments: 1) The /etc/shorewall/masq section shows the use of the third column but then says you don''t need it if you have a dynamic ip. Its

At Tom Eastep''s request, an informal Shorewall Documentation Support = Group (DSG) is hoping to relieve some of the writing and editing burdens = that come with maintaining and improving the Shorewall documentation. = The DSG welcomes and needs your suggestions and contributions about all = aspects of the documentation, including structure, content, references, = style, grammar --

IMHO, our big picture challenge is that multiple explanations for several topics are spread out over several different docs and pages One parameter is frequently discussed in four or more places (QSG, files reference pages, file comments, main documentation, etc.) That gives multiple perspectives, which can be good, but can also lead to at least the appearance, especially to a beginner, of

Hi, I am wondering if it is possible to do the following with shorewall. I operate a network with some additional IP''s that are SNAT''d to various server machines on my network. One of my machines is a Terminal server. I need to be able to RDP to various servers for clients, that are IP locked for RDP on my PtP address, not the SNAT address of my Terminal server. Can I

More than one of our docs issues revolve around some confusion between "IP masquerading" and "SNAT" -- a confusion I might share, or if contagious, I may be catching. <g> I think of SNAT more or less as a special case of IP masquerading, applicable when, for example, the external interface has multiple IP''s and you choose to _explicitly_ set the address through

-----BEGIN PGP SIGNED MESSAGE----- Hi everyone - Someone I''m working with has a requirement to map ethernet card addresses to unique IP addresses, and then have a Linux IP masquerade server know of this mapping list and not allow any data to pass from any ethernet card that a) it doesn''t know about, or b) isn''t assigned the right IP. Ideally it would also log this

I''ve kept this one on the back burner for a while, waiting for it to mature before attempting to use it, and now having seen OpenBSD ship with IPSec I''m getting a bit impatient =). What is the status of IPSec for Linux (and more specifically RedHat)? By this I mean I just did some www browsing/etc and found about a half dozen different implimentations, ranging from NRL, to a

Hello all, I have a problem with external access to a postfix mailserver running on my firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows: eth0 is zone isf - this is an intranet to other companies eth1 is zone loc - local network eth2 is zone net - internet, fix ip adress eth0 and eth1 are bridged shorewall version 2.2.0-RC4 ip addr show 1: lo: <LOOPBACK,UP> mtu

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

Hello, I''ve successfully gotten Shorewall 2.0.7 configured and working. However, I am confused about how I can setup the interface "ppp1" in the file masq to allow the masquerading of my local LAN over a L2TP tunnel. It works without a hitch if the ppp interface is up, but if I reboot my machine without the interface being, shorewall refuses to load because the interface is

hi list, i got a small problem. here is my setup: WAN | | | bridged $FW-------DMZ | | masqueraded | LOCAL my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 * eth0 is connected to the WAN * eth1 is connected to my DMZ * eth2 is connected to LOCAL network i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 * my router

I am getting ready to set up a RedHat 5.1 Box to be located at a remote site hooked up by modem. It is going to be running IP Masq for about 3 Win 95 machines. It will also be running as a Samba server for these machines, using server auth through the WinNT PDC at the main site. User files will be stored at the Samba server then copied onto tape at the main site at about 4 in the morning. I am

Hello, > My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN. I am little confused about NAT. I have a static IP from ISP I want to do a NAT on eth0. What should I use in shorewall masquerading or static nat ? Thanks Varun

Hi I wonder if you can help... I have setup shorewall(2.2.3) under debian on a machine that has 4 network ports... the idea is that there is 1 WAN port, 1 DMZ port, and 2 LAN ports, 1 LAN port has static NAT setup for selected incoming connection from trusted sources, and the second LAN port I am trying to setup using masq NAT as it only requires outgoing connections, no incoming. the static NAT

Hi !, I have this problem. On a Mandrake 10.0 server with all the updates (Kernel 2.6.3-15mdk, iptables-1.2.9-7mdk and shorewall-2.0.3a-1mdk), one of our internal users have to FTP some files to our external web server. I think we have the correct configuration and rules in shorewall, and have read the http://www.shorewall.net/FTP.html document. Still, our users can''t FTP to the

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Hi all! I try to make port based routing, because a have two connections to the internet. My router is a "one disk floppy router for linux". It is a big router project www.fli4l.de. I try also to make a opt, it is like a plugin for this router. This project uses Kernel 2.2.19 compiled with libc5 (because it is small and you can use one floppy disk). At the moment, iproute2 is not

Hi All, I''m using the Mandrake Linux MultiNetwork Firewall which is a web based interface to the shorewall firewall. I have an internal ip address of 172.25.38.1 which I am try to nat to a public address so that the client pc can ftp to the internet I have add the following in the nat file: 168.10.10.1 eth3 172.25.38.1 No No And this to rules: ACCEPT lan:172.25.38.1 wan tcp

I've read a number of articles, googled the web for a few months and now attempting at turning my CentOS box into a gateway for the third time. Configured my dhcpd.conf and other related files and all seems to be working, I can have my M$ desktop leasing an ip address and all. The problem is when I want to go out to the internet I keep on getting the Request Timed out error. I'm pretty

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html