similar to: New Shorewall Doc

We switched over from a bordermanager firewall to a shorewall firewall. Some stuff is not working now. I realized that I had not created the route for the network that is not working however once I created it, it still didn''t work. Most of our network is fine however some pieces are not working. [Net] - [Shorewall] - [LAN] - [Cisco] - [Clients and servers not working] The firewall

Hello....I have a specific Requirement on a One Interface Setup...Help me guys 1.Allow ssh,dns and web request to the firewall.....Input Chain ACCEPT net fw tcp 22 ACCEPT net fw udp 53 ACCEPT net fw tcp 80 Are the above rules correct. 2. Allow 6 Pool of Ip''s to be forwarded thru this firewall....This Machine Stands as a gateway for 6

Version 1.0 of the Quick Start Guide and accompanying sample configurations is available at: http://www.shorewall.net/shorewall_quickstart_guide.htm. Comments and suggestions are most welcome. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Hi, I have a shorewall v4.0.7 installation on an older version of fedora. What is the proper way to add another network to the DMZ interface? Is it through virtual networks? If so, how is that done, given I''ve already designed the system around a single network on the DMZ? I have two physical interfaces on the firewall, with eth0 for external (192.168.1.0) and eth1 for the DMZ

Hi Folks! I''m new to shorewall (in the process of switching from Bastille), and I have a question as to how to address using Bluetooth enabled Palms with a BT dongle on a linux box protected by shorewall. Basically I followed the directions located at http://www.metacon.ca/bcs/view.php?page=bluetooth to get things working strictly with iptables, specifically: echo

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

I just setup the Shorewall in my school, but now all clients can''t through to internet, all servers can through to internet with NAT, when I disabled NAT that all servers can''t through to internet. Below is my school network: internet ---> shorewall ----> loc ---> ciso router ---> loc1 Below is my config files: policy: # If you want to force clients to

Everyone, Progress was slow today. I started out well, but then I ran into Documentation.htm. Progress slowed considerably, as I analyzed the document structure. I''m up to /etc/shorewall/hosts Configuration. I hope to finish Documentation.xml by tomorrow evening. Converted documents: 6to4.xml CorpNetwork.xml FAQ.xml Please post feedback, if you see any problems with the converted

hello need a little help i have 2 NIC router with shorewall client PCs goes to internet fine with shorewall help. but i need to reroute traffic for one net via other gateway not ISPs. Gateway is on LAN NIC. 192.168.1.0/24 LAN x.x.x.x WAN router(shorewall) IP 192.168.1.15 i need to reroute traffic for 192.168.2.0/24 network to 192.168.1.1 gateway I know how to do it via route and iptables, bu just

Hello, I cannot establish Xserver connection via wireless subnet, while telnet is working fine. There was a similar problem before in Shorewall over IPSEC that Tom had fixed. Also, ping is working, but traceroute is not. Finally, PuTTY gets a connectivity error after couple minutes of inactivity over wireless when connected to the firewall/gateway. Wireless is configured per instructions in

Thanks to Fabien Demassieux, French Language versions of the QuickStart Guides and the Setup Guide are now available: http://shorewall.net/shorewall_quickstart_guide.htm http://shorewall.sf.net/shorewall_quickstart_guide.htm These guides will be available shortly on the other Shorwall Mirrors -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \

Hello, I believe there may be a bug in shorewall version 2.0.8. I''ve been using shorewall for years without problems (last installed version was 1.4.6b-1). I''ve posted previously with the subject line "After upgrade people can no longer connect" dated on Sunday, September 19, 2004 which contains all the information for the upgrade. Today I uninstalled shorewall

Hi, I have a Linux firewall based on shorewall with 2 NIC and ADSL (ppp0). My ppp0 ip is fixed. The internal NIC, eth1, is bridged with tap0, tap1 and tap2 to form br0. br0 subnet is 192.168.2.0/24. The firewall is configured to masq internal traffic and block whatever needs to be blocked. It is also configured to tunnel openvpn v1.6. I have a roaming laptop running XP. I can create a tunnel

And it looks like there''s a bug. I have a "firewall" with a single ethernet interface that splits into a network zone and a local zone and as a consequence I have a hosts file with the following in it: net eth0:!192.168.0.0/24 loc eth0:192.168.0.0/24 When I run shorewall start, I get an error, running in debug mode and capturing the output give me: + run_iptables -A

Hello I''m new to the list. I installed a vserver (http://www.linux-vserver.org/) on my gentoo server As network interface is used an alias (eth1:0) eth1 is the card of my "loc" zone. eth1:0 has an address from the same subnet from the vserver I can connect to eth0 but not to the internet. From my local net everything works fine. I have an entry in "mask" for eth1

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command.

I am trying shorewall as my previous post With alisias on eth1 loc and 4 pptp client vpns. The odd thing is when I enter one of the vpns in interfaces such as vpn1 it works. But if I enter the vpn in the hosts file shorewall blocks the vpns. shorewall/hosts #ZONE HOST(S) OPTIONS loc eth1:192.168.25.0/24 loctw eth1:192.168.50.0/24 locsa eth1:192.168.75.0/24 vpntw

Hey all, I''m trying to setup roadwarrior connection to my internal network. So I''ve setup openvpn to create a tap0 connection and also have bridged the eth1 (leads to my internal computers 192.168.2.10-30 and tap0 which is the VPN connection. On my shorewall setup I have br0 maped to zone loc and eth0 to be my internet and I have masqing on my br0 to get my internal computers

My need: Considering a Sendmail relay running on the firewall (IP: 200.1.1.1), I need all TCP/SMTP outgoing connections to the Internet appers to be from another ISP allocated external IP (200.1.1.2), not the main FW''s IP. As stated in Docs (http://shorewall.net/shorewall_quickstart_guide.htm#id2485947), I read Setup Guide to try to solve my problem but I cannot figure out how to change