Displaying 20 results from an estimated 20000 matches similar to: "Shorewall 1.2.10"
2003 Jan 24
6
icmp: w.x.y.z unreachable need to defrag (mtu 296)
Hi,
I have a setup that consist of 2 firewalls connected over dialup and
PPP. Each side of the ppp are protected by shorewall. One side of the
PPP masquerades everything not addressed to the local network to its
eth0 (the net).
fw1 <---- ppp (dialup) -----> fw0 <----- NET
When making an http request to a site on the Internet from the machine
not directly connected to the net (fw1), the
2003 Jan 26
7
Bug in shorewall
I just added 802.1Q VLAN support to redhat initscripts. And after
support was ready, I tried to restart shorewall. Well it blew into
pieces. Seems like shorewall can''t handle device names like:
eth0.3 very properly. That''s default naming of vlan devices. eth1 is
master device and 3 is id of my test vlan.
So when I added to interfaces line:
home eth0.3 detect
seems like
2003 Jan 08
3
Access to internet execpt some subnets
Hello Shorewall users
I have a firewall based on RedHat 8.0 and Shorewall.
I have 2 interfaces, with 2 ip address on the loc interface, the connection
to the internet runs through my company''s network with an ADSL/MPLS line. I
need to configure my Shorewall with the possiblity to deny some users''
access to the ''net'' for some subnet.
Ex. my son''s
2002 May 17
19
Shorewall 1.3 Beta 1
The 3.1 Beta is now available -- check the Shorewall home page.
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Apr 13
2
Shorewall 1.2.11 Available
In this release:
1. The ''try'' command now accepts an optional timeout. If the timeout is
given in the command, the standard configuration will automatically
be restarted after the new configuration has been running for that
length of time. This prevents a remote admin from being locked out
of the firewall in the case where the new configuration starts but
prevents
2002 Aug 30
1
3 NICS config
To all,
I have a firewall with 3 NICS.
eth0 connects to the Internet
eth1 connects to a wired lan
eth2 connects to a wireless lan
In my rules, I would like to create a zone loc which encompassed eth1
and eth2 and create 2 sub-zones: lan for eth1 and wlan for eth2.
Because I only want to open what I need on that firewall and because
that firewall is also used for different services (I know
2003 Jan 29
5
A suggestion
Tom,
I was upgrading a remote firewall, when upon restart, shorewall found a
rule with a wrong zone and decided to not continue and stop itself.
The problem now, is I cannot access that firewall over ssh anymore. One
suggestion would be to instead of "shorewall stop" to have a basic
emergency rule with only ACCEPT:info all all tcp ssh rule instead with
DROP all policy. Shorewall could
2002 Aug 06
8
converting MASQ from ipchains
Hello,
on my old system I''m using ipchains. Can anyone help me with converting rule
/sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp
to shorewall. I know that I can write
eth0 source_addr
to /etc/shorewall/masq file
but I can''t found where I can specify the destination address.
The reason for this is to allow one user (computer) access only to
2002 Jan 19
1
Another feature request
--=-97YF284NV6yShaPqFwb/
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
I have to say Shorewall is the closest in my mind to a perfect iptables
firewall generation script. Thanks Tom for a great product.
2 things that could make it even better in my mind:
- instead of using service acronym (don''t know how to call it
differently) for rules, it would be great to be able to
2002 Jun 05
4
Docs Issue - IP Masq vs. SNAT
More than one of our docs issues revolve around some confusion between
"IP masquerading" and "SNAT" -- a confusion I might share, or if
contagious, I may be catching. <g>
I think of SNAT more or less as a special case of IP masquerading,
applicable when, for example, the external interface has multiple IP''s
and you choose to _explicitly_ set the address through
2002 Apr 26
9
port forward from local net to local machine
Hi!
I have a Linux shorewall firewall that is the default gw of the network.
I want to redirect all localy originating traffic to port 80 into another
machine on port 8002 into the local network.
This machine is a WIN2000 machine running a commercial software (proxy,
content filtering) that only runs into Windows... :-(
I tried something like this but this doesn''t seem to work:
local
2003 Jan 06
3
ADSL PCI cards
Does anyone have any information or recommendations for ADSL PCI Cards
for Linux boxes? E.g. which ones are supported? How much are they? etc.
Dirk
--
Please Note: Some Quantum Physics Theories Suggest That When the
Consumer Is Not Directly Observing This Product, It May Cease to
Exist or Will Exist Only in a Vague and Undetermined State.
2002 Sep 29
3
Shorewall 1.3.9
Shorewall 1.3.9 is available.
In this release:
1. DNS Names are now allowed in Shorewall config files (I still recommend
against using them however).
2. The connection SOURCE may now be qualified by both interface
and IP address in a Shorewall rule.
3. Shorewall startup is now disabled after initial installation until
the file /etc/shorewall/startup_disabled is removed.
4. The
2002 Jun 15
4
Serious Bug found in Shorewall 1.3.x
Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0
and 1.3.1. In both versions, where an interface option appears on multiple
interfaces, the option may only be applied to the first interface on which
it appears.
A corrected firewall script for 1.3.1 is available at:
http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall
and
2002 Nov 22
3
ftp on 80 port
Still not working
I really have to change 21 port on 80 port, my friend has only www and mail
on his netwok. He has rigorous admin.
I have done :
!! in proftpd.cof :
# Port 21 is the standard FTP port.
Port 80
!! in /etc/shorewall/modules:
loadmodule ip_conntrack_ftp ports=21,80
loadmodule ip_nat_ftp ports=21,80
AFTER THAT AND RESTARTTING PROFTP AND
2004 Nov 20
5
Differences in masq from 1.4 -> 2.0?
In the panic of replacing our firewall(s) earlier in the week, we ended up
moving our original shorewall 1.4 config onto a machine with 2.0.10
already installed, overwriting all the 2.0.10 config files.
Most things seem to work fine, except for our masq entries. I''ve examined
the default 2.0.10 files compared with our 1.4 files, and can''t spot the
problem. What am I missing?
2002 May 15
4
Your opinion please
The 1.2 firewall contains messy logic to support the old sample
configurations in that any rule that contains "none" in any of its columns
is ignored.
I''m considering removing that messiness in 1.3 and seek the opinion of the
list.
Thanks,
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Apr 08
22
Parameterized Samples Withdrawn
Although the parameterized samples have allowed people to get a firewall
up and running quickly, they have unfortunately set the wrong level of
expectation among those who have used them. I am therefore withdrawing
support for the samples and I am recommending that they not be used in new
Shorewall installations.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \
2003 Jun 20
7
NAT PAT & SNAT
Hi!
I''ve been searching the net for information about this topic, but I can''t
find anything relevant to my problem or I don''t understand the answer
completely. Please enlighten me... :-)
I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today
the users behind the Cisco FW is on a NAT-network and in the same network
there are a couple of
2002 Apr 17
3
not quite a shorewall question but..
does anyone know how to enable the "udp loose" function in kernel 2.4.x? one
of my fave games requires this to work on the net and i''d really like to
move away from the 2.2 series kernels.
tia