similar to: Bridging and Shorewall.

Hi folks, Has anyone out there done port forwarding or DNAT for UDP packets that are normally sent to the broadcast address (255.255.255.255)? I have to support a nasty database application called FileMaker Pro (those of you who know it are probably groaning about now), which uses broadcasts to locate the database server. Theoretically, i can get around this requirement by using LDAP lookups

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Greetings to all of the Shorewall community! We''d like to find out a little more about the environments in which Shorewall runs, and to this end i''ve created a survey. It is mostly designed to allow Shorewall users to see how their environment compares with that of the average Shorewall user (if such a thing exists!), but the results may be used by the Shorewall team to assist

Hi Tom,  I´m very glad using Shorewall I proud to say that use it in my whole network (215 Real IP´s over ProxyArp) I can filter everyone have mac-control of then etc etc. Well I´m like a child playing with it :) But now, have a question there is any way to filter or use an Anti-virus in this network ? To drop packets with virus ?? To scan HTTP request ?? Or maybe use Dansguardian ? Did you

I''m beginning to think again about what will be different in 2.0. Here are some thoughts. a) User-defined actions will be emphasized. - A library of actions will be available with names such as: AcceptSSH AcceptDNS DropWindows (drops all SMB noise) DropBroadcasts (Silently drop all Broadcast traffic) ... The possibilities are nearly endless but should

Hello, I have been running Shorewall for quite some time at an ISP client of mine to protect his LAN. We have just upgraded to 2.2.4 and he now wants to put his servers in a DMZ. The servers have public IPs in two classes xxx.xxx.79.0 and xxx.xxx.242.0. The public IP on the router for each class is xxx.xxx.79.126 and xxx.xxx.242.126. I am using masq and 192.168.1.0 on eth0 LAN I have tried

Hello, With reference to the problems listed below. I too am having incredibly long start up times. I''m talking minutes here (around 5 minutes). My configuration is not complex I don''t think. We are you using ldap too and the settings are bellow. The network is up as I''m restarting shorewall whilst the machine is running. Any suggestions? Is there no way to

Hello, I leave for a couple days .. (Well months) and look at what has happened. :-) I would throw my support in behind Xoops .. to be honest .. If a portal is what we are trying to achieve here. I just happen to think that sometimes .. More work goes into web design etc than goes into actual Code. But thats because I am a lamer at web design :-) I am coming in here a bit late .. But tell

I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net

The params file appears to be simply "sourced" by the firewall script, which means one can put any Bourne shell code into it and it will execute it. This feature isn''t documented, so I''m wondering if it can be documented and thus guaranteed to always work. I''d like to dig out the IP parameters of my interface cards from the ifcfg-eth? files and set shorewall

Hi folks, Last night and this morning i''ve hacked up a quick web site for coordinating our development work based on Drupal (http://drupal.org). You can find it at: http://shorewall.dyndns.org I''ve put a few ideas in there - feel free to use the comments or sign up for an account and create your own pages (particularly in the two books about development and web site work).

As 2.2.0 is nearing release, I''ve begun to think about what I''ll do for 2.3 and I think that it is time for Shorewall to add support for IPV6. Because of parsing ambiguities, the need to maintain upward compatibility with both Shorewall and 6Wall, and different available functionality in IPV4 and IPV6 Netfilter, I believe that it is going to be necessary for some files to be

Anyone know how/where we can get some? It has been raised before: http://lists.shorewall.net/pipermail/shorewall-users/2004-July/013594.html I''d like to see an IRC or Jabber service for both support and development. -- Paul <http://paulgear.webhop.net> -- Did you know? OpenOffice.org has built-in PDF creation. Better yet, it''s compatible with Microsoft Office, and

Hello, Usually when i''ve a hole to poke through firewalls, i have many hosts to update : workstation firewall, lan firewall, the other lan firewall, and the server behind the last firewall. all of them are managed with shorewall... Is there a smart way to update them all at once ? What you guys do on your firewalls ? thanks. -- xavier

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems corrected since RC1: 1) The documentation of the USERSETS column in the rules file has been corrected. 2) If there is no policy defined for the zones specified in a rule, the firewall script previously encountered a shell syntax error: [: NONE: unexpected operator Now, the absence of a

The 1.2 firewall contains messy logic to support the old sample configurations in that any rule that contains "none" in any of its columns is ignored. I''m considering removing that messiness in 1.3 and seek the opinion of the list. Thanks, -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

I''m using Shorewall 2.4.0 under Fedora Core 4. I''m using ULOG to log my firewall''s dropped connections, but I want to drop a couple ports silently as they''re taking up too much log space. According to the rules file: "The ACTION may optionally be followed by ":" and a syslog log level (e.g, REJECT:info or DNAT:debug). This causes the packet to

Hi folks, When we first started talking about Shorewall post-Tom, a few people offered to help with testing. Would those people please raise their hands again? :-) I''m investigating Nicolas Helleringer''s recent message on shorewall-users (http://lists.shorewall.net/pipermail/shorewall-users/2005-June/018898.html), and a good test environment would come in really handy,

Hi All, Just wanted to announce that MyOSS Magazine - Edition 3 (We''re Edition 3!) is now officially hitting the street. This is a community driven project which aims to publish monthly. (Sorry if this is considered as spam). Securing your Network Connection using OpenSSL OpenSSL is a very important protocol in this day and age. The profilteration of the internet has made this

Guys, Just a quick check. From what i have read in the shorewall site, intrazone traffic is allowed completely by shorewall i.e. there is no filtering or packet size limiting ,etc,etc. I ask this becos after getting shorewall up and running well, someone has complained that they cannot print pdf files larger than 100k at one go but that they have to print one page at a time. Some details;