Displaying 20 results from an estimated 7000 matches similar to: "Docs - QSG & Samples Issues"
2002 May 10
1
QSG
I just installed Shorewall for the first time
and had no working knowledge of iptables other than
a couple magazine articles prior to this time.
The use of the QSG is fresh in my mind.
It was the single most helpful guide of any on
the site.
Comments:
1) The /etc/shorewall/masq section shows
the use of the third column but then says you don''t
need it if you have a dynamic ip.
Its
2002 May 10
2
Help Improve the Shorewall Docs
At Tom Eastep''s request, an informal Shorewall Documentation Support =
Group (DSG) is hoping to relieve some of the writing and editing burdens =
that come with maintaining and improving the Shorewall documentation. =
The DSG welcomes and needs your suggestions and contributions about all =
aspects of the documentation, including structure, content, references, =
style, grammar --
2002 Jun 06
1
Docs - Structure Musings
IMHO, our big picture challenge is that multiple explanations for
several topics are spread out over several different docs and pages One
parameter is frequently discussed in four or more places (QSG, files
reference pages, file comments, main documentation, etc.) That gives
multiple perspectives, which can be good, but can also lead to at least
the appearance, especially to a beginner, of
2010 May 10
4
Port Masquerading
Hi,
I am wondering if it is possible to do the following with shorewall.
I operate a network with some additional IP''s that are SNAT''d to various server machines on my network.
One of my machines is a Terminal server.
I need to be able to RDP to various servers for clients, that are IP locked for RDP on my PtP address, not the SNAT address of my Terminal server.
Can I
2002 Jun 05
4
Docs Issue - IP Masq vs. SNAT
More than one of our docs issues revolve around some confusion between
"IP masquerading" and "SNAT" -- a confusion I might share, or if
contagious, I may be catching. <g>
I think of SNAT more or less as a special case of IP masquerading,
applicable when, for example, the external interface has multiple IP''s
and you choose to _explicitly_ set the address through
1998 Jun 16
7
Ethernet card addr <-> IP
-----BEGIN PGP SIGNED MESSAGE-----
Hi everyone -
Someone I''m working with has a requirement to map ethernet card addresses
to unique IP addresses, and then have a Linux IP masquerade server know of
this mapping list and not allow any data to pass from any ethernet card
that a) it doesn''t know about, or b) isn''t assigned the right IP. Ideally
it would also log this
1998 Aug 05
6
IP Security for Linux (IPSec)
I''ve kept this one on the back burner for a while, waiting for it to
mature before attempting to use it, and now having seen OpenBSD
ship with IPSec I''m getting a bit impatient =).
What is the status of IPSec for Linux (and more specifically RedHat)?
By this I mean I just did some www browsing/etc and found about a
half dozen different implimentations, ranging from NRL, to a
2005 Jan 07
8
Problem with bridging/routing on three interfaces and DNAT
Hello all,
I have a problem with external access to a postfix mailserver running on my
firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows:
eth0 is zone isf - this is an intranet to other companies
eth1 is zone loc - local network
eth2 is zone net - internet, fix ip adress
eth0 and eth1 are bridged
shorewall version
2.2.0-RC4
ip addr show
1: lo: <LOOPBACK,UP> mtu
2006 Feb 17
3
dansguardian+squid masquerading not working
Hello Everyone!
I am using shorewall-3.0.5 on suse linux.
Recently we have implemented dansguardian running on 8080 and squid on
port 3128.
Previously (before dans guardian) masquerading was working fine but
after the implementation of dansguardian masquerading is not working.
My rules file has entry
Previous entry was
ACCEPT loc:192.192.192.3 net
REDIRECT loc 8080 tcp
2005 Jan 20
2
Masquerade for L2TP tunnel that may not be up 100% of the time
Hello,
I''ve successfully gotten Shorewall 2.0.7 configured and working.
However, I am confused about how I can setup the interface "ppp1" in the
file masq to allow the masquerading of my local LAN over a L2TP tunnel.
It works without a hitch if the ppp interface is up, but if I reboot my
machine without the interface being, shorewall refuses to load because the
interface is
2004 Oct 18
2
bridging and masquerading
hi list,
i got a small problem.
here is my setup:
WAN
|
|
| bridged
$FW-------DMZ
|
| masqueraded
|
LOCAL
my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2
* eth0 is connected to the WAN
* eth1 is connected to my DMZ
* eth2 is connected to LOCAL network
i manage a whole C class (public adresses) in my DMZ, let''s say
X.Y.Z.0/24
* my router
1998 Jul 14
1
Just a quick Q
I am getting ready to set up a RedHat 5.1 Box to be located at a remote
site hooked up by modem. It is going to be running IP Masq for about 3
Win 95 machines. It will also be running as a Samba server for these
machines, using server auth through the WinNT PDC at the main site. User
files will be stored at the Samba server then copied onto tape at the
main site at about 4 in the morning. I am
2005 Jan 07
3
masq or static nat
Hello,
> My server is on Mandrake 10.1 off.
> eth0 is WAN with static IP connected 512 DSL
> eth1 is LAN.
I am little confused about NAT.
I have a static IP from ISP
I want to do a NAT on eth0.
What should I use in shorewall masquerading or static nat ?
Thanks
Varun
2005 Nov 21
2
shorewall status
Hi
I wonder if you can help... I have setup shorewall(2.2.3) under debian on a
machine that has 4 network ports... the idea is that there is 1 WAN port, 1
DMZ port, and 2 LAN ports, 1 LAN port has static NAT setup for selected
incoming connection from trusted sources, and the second LAN port I am
trying to setup using masq NAT as it only requires outgoing connections, no
incoming.
the static NAT
2004 Aug 03
4
Mandrake 10 - Shorewall 2.0.3a problem
Hi !,
I have this problem. On a Mandrake 10.0 server with all the updates (Kernel
2.6.3-15mdk, iptables-1.2.9-7mdk and shorewall-2.0.3a-1mdk), one of our
internal users have to FTP some files to our external web server. I think we
have the correct configuration and rules in shorewall, and have read the
http://www.shorewall.net/FTP.html document. Still, our users can''t FTP to
the
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2002 Oct 09
7
ipchains iproute2 and port based routing
Hi all!
I try to make port based routing, because a have two connections to the
internet.
My router is a "one disk floppy router for linux". It is a big router
project www.fli4l.de. I try also to make a opt, it is like a plugin for this
router.
This project uses Kernel 2.2.19 compiled with libc5 (because it is small and
you can use one floppy disk).
At the moment, iproute2 is not
2005 Feb 25
6
nat problem
Hi All,
I''m using the Mandrake Linux MultiNetwork Firewall which is a web based
interface to the shorewall firewall.
I have an internal ip address of 172.25.38.1 which I am try to nat to a
public address so that the client pc can ftp to the internet
I have add the following in the nat file:
168.10.10.1 eth3 172.25.38.1 No No
And this to rules:
ACCEPT lan:172.25.38.1 wan tcp
2005 Mar 30
6
DHCPd Config
I've read a number of articles, googled the web for a few months and
now attempting at turning my CentOS box into a gateway for the third
time. Configured my dhcpd.conf and other related files and all seems
to be working, I can have my M$ desktop leasing an ip address and all.
The problem is when I want to go out to the internet I keep on getting
the Request Timed out error.
I'm pretty
2004 Jan 21
3
FW: DNAT and masq problem with kernel 2.4.23
Hi,
after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8
will not start / it fail on DNAT and/or masq with message: "iptables:
Invalid argument" /
I founded some similar problems description - see links bellow, but there is
no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel.
http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html