similar to: Shorewall 1.3 Beta 1

The ''firewall'' script currently in the /Shorewall CVS project: a) Is approximately 15% faster starting/restarting on my configuration -- please report your experiences with it. b) Reloads Traffic Control/Shaping as part of "shorewall refresh" c) Turns off the shell trace after an error has occured (except when the command being traced is "stop" or

Hi, I''m trying to get RAdmin [uses tcp 4889] access to my Windows machine which is behind my firewall. I have zones: gbl : the world loc : my lan fw : firewall I placed the following in my rules file DNAT gbl loc:192.168.0.2 tcp 4889 - When trying to RAdmin I get a cannot conect to server error. 192.168.0.2 is my Windows Machines IP address. Can anyone help me? Shorewall 1.3.9b

Good day, I have tried to forward port 8888 on the firewall to port 80 on an internal IP of 10.40.0.202. Please advise which rule to add to the rules file to achieve this. I have tried to add DNAT net loc:10.40.0.202:80 tcp 8888 But still no luck TIA for you assistance Quentin

Still not working I really have to change 21 port on 80 port, my friend has only www and mail on his netwok. He has rigorous admin. I have done : !! in proftpd.cof : # Port 21 is the standard FTP port. Port 80 !! in /etc/shorewall/modules: loadmodule ip_conntrack_ftp ports=21,80 loadmodule ip_nat_ftp ports=21,80 AFTER THAT AND RESTARTTING PROFTP AND

I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net

Helo to all, I am attempting to establish an IPSEC tunnel to a remote freeswan G/W with my laptop. My laptop sits in behind shorewall at home. From the documentation, this is what I Modified in Shorewall: /etc/shorewall/tunnels: ipsec loc 24.65.x.x /etc/shorewall/policy vpn loc ACCEPT loc vpn ACCEPT My question is, have I left anything out?

I am trying to move from MS Windows (of which I am a std user) to Linux and, 10 days ago, I installed Mandrake 9.0, everything is OK except for WEB navigation: even if surely connected, I cannot navigate and the browser answer is always:...host unknown.. Apparently the problem is the firewall (Shorewall) installed by default that rejects all comunication, infact looking in the Firewall settings

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped

This is a minor release of Shorewall. In this release: 1. A "shorewall try" command has been added. This command attempts to restart Shorewall using an alternate configuration and if that attempt fails, Shorewall is automatically started with the default configuration. This is useful for remote administration where a failed restart of Shorewall can leave you isolated from

Hi, I have a cisco sdsl modem to connect to internet via eth1 (192.168.1.2) local is eth0 (192.168.2.254) default gw is 192.168.1.1 the cisco forwards all incoming ports to 192.168.1.2. I connect from outside on port 24562, login is successfull, the ftpserver gives back the external Ip of the cisco as pasv IP to the client (its a setting in the ftpserver). It gives an ip from the pasv range I

Hi, Before I go any further, I''m no networking expert, and the sheer volume of documentation on the Shorewall website makes my brain hurt.. Some time ago I moved from an area with cable internet to an ADSL only area. While on cable, I''d set up an old P3 box running Gentoo as a firewall/gateway/file server, running shorewall (currently v2.2.3) and dnsmasq. I''d

Hi all, I needed to have a kind of MAC support for rule servers as I do DNAT to hosts that are served by a DHCP server. So I did the following : When Shorewall script find a MAC address as a server, it tries to get his IP thru the arp table and then "resolve" the ARP address to the IP address of the client. Of course the main limitation of this is that you''ll have to

Hi I am using a small script that monitors my webservers from inside. If it does not find the test page on the primary webserver it flips DNAT to point to the hot backup webserver. This is the command that it uses: iptables -t nat -D PREROUTING -i eth0 -p tcp -d 65.211.35.209 -j DNAT --to 192.168.1.151 iptables -t nat -A PREROUTING -i eth0 -p tcp -d 65.211.35.209 -j DNAT --to 192.168.1.30

Hi all wondered if you could help me with this little problem I have. I''m wanting to connect my Xbox to the net for gaming and have the following set-up 3 interfaces on my Linux box eth0 :net (connected to my cable modem) eth1 :me (IP range 192.168.3.0) eth2 :loc (IP range 192.168.0.0) My Xbox is connected through a hub to eth2 I need to forward TCP and UDP packets to my PC which is

Hi! I have a Linux shorewall firewall that is the default gw of the network. I want to redirect all localy originating traffic to port 80 into another machine on port 8002 into the local network. This machine is a WIN2000 machine running a commercial software (proxy, content filtering) that only runs into Windows... :-( I tried something like this but this doesn''t seem to work: local

I want to talk with my friend with microfon with program speak freally. He has firewall (shorewall) on his linux serwer and has other computer as a client and I have the same network connected winh internet. This program use port 2074 to communicate. We have done something like this : DNAT net local:192.168.1.6 tcp 2074 DNAT net local:192.168.1.6 udp 2074 on linux serwer with shorewall (rules

My logs show thats: A internal client search my proxy (192.168.0.3) Oct 12 12:40:33 massayo kernel: Shorewall:all2all:REJECT:IN=3Deth1 OUT=3D MAC=3D00:e0:7d:82:0f:fe:00:04:75:99:28:63:08:00 SRC=3D192.168.0.215 DST=3D192.168.0.3 LEN=3D63 TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D25902 PROTO=3DUDP SPT=3D3028 DPT=3D53 LEN=3D43 Why OUT is empty? From: Server (DMZ) Oct 12 12:40:34 massayo kernel: