similar to: Net > DMZ > AllowFTP

I am trying to get the AllowFTP action to work for Net > DMZ traffic and FTP pasv. I know it is kind of working, as the user can log in, however, it fails at the port. I have had to open up some high ports for pasv to work. Now I know this aint cool, so does anyone know what a person has to do to get the AllowFTP action to work the same way it does if I was just ftp to the firewall, which does

Hello, I have a nwfilter that I'm using to ensure that libvirt domains can't spoof IPv6 traffic. It looks like this: <filter name='no-ipv6-spoofing' chain='ipv6-ip' priority='-710'> <rule action='return' direction='out' priority='500'> <ipv6 srcipaddr='$IPV6' srcipmask='$IPV6MASK'/> </rule>

I promise - this time all buffers in the editor are saved! Here mon shorewall # /etc/init.d/shorewall start * Starting firewall... Warning: default route ignored on interface eth0 iptables: No chain/target/match by that name ERROR: Command "/sbin/iptables -t mangle -A outtos -p tcp -d 0.0.0.0/0 --dpor t ssh -j TOS --set-tos 16" Failed /sbin/runscript.sh: line 532: 14701

I have, a machine running RHEL ES 4.7 with 2 physical interfaces. eth0 Link encap:Ethernet HWaddr 00:14:22:1C:B4:EA inet addr:10.7.13.61 Bcast:10.7.13.255 Mask:255.255.255.0 inet6 addr: fe80::214:22ff:fe1c:b4ea/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:590936429 errors:0 dropped:0 overruns:0 frame:0

Release candidate 1 is available at: http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta The ''releasenotes.txt'' file tells you about the release. -Tom PS to those of you on the Shorewall Announcement List: Feedback to this point is overwelmingly in favor of keeping Beta and Release Candidate announcements on this list. I have configured the list

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has

Ian has proposed that we change the way that logging interacts with defined actions. Currently, if logging is specified on the invocation of an action (e.g., "AllowFTP:info all all"), all traffic sent to the AllowFTP chain is logged. In most cases, this isn''t what the user intended and other people have expressed surprise about this behavior in the past. The way I see this

Goodday, First my network layout: dsl router (10.0.0.99) | server (eth0 10.0.0.1, eth1 10.0.1.10) | 3 times windows machine (10.0.1.2, 10.0.1.3, 10.0.1.4) (all with proxy settings 10.0.1.10:8080) Now on the server is mandrake 10 installed with shorewall as firewall. And a apache webserver (and no ftp server). When i turned internet sharing on it started squid which added a line in the

Looking at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/sect-virtual_networking-applying_network_filtering#sect-Applying_network_filtering-Usage_of_variables_in_filters, it sounds like the preferred approach is to use something like: <filter name='no-ipv6-spoofing' chain='ipv6-ip'

Hello, I''m working in configuring a very restrictive firewall to stick between our techroom and our internal network. Basically nothing should be allowed into the techroom and only a limited amount of traffic is to leave the techroom. Below are a few log entries I looking to get explained. DHCP is handled by the firewall, DNS is handled by servers side our techroom. my rules file

Hi there, Let me just start by saying that I am a bit of a Linux newbie, but that Shorewall seems an excellant product. The issue I''m reporting wont stop me from using it, it still does 99% of what I need. Anyway, I have a resonably simple two interface system. My server (HatMannz, P3-900MHz with a RAID-1 array of 80GB IDE drives running Red Hat 9.0) connects to a cable modem via eth1

Hello all. First of all, please be a bit indulgent to my poor English :-). Second, this message is "kinda" BIG, so if you don''t like BIG messages, simply don''t read it :-). I''ve read http://shorewall.net/2.0/Shorewall_and_Routing.html and http://shorewall.net/MultiISP.html, however I still a bit confused how to organize what I need :-). I''ve a

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

Hello, A bit of history ================ 1) I''ve got a normal 2.6.20 x64 Fedora 6 Linux server running several things 2) I''ve downloaded and installed the XenSource Administrator Console for Windows 3) I''ve added 2.6.20-1.2962.fc6xen kernel, xen and vnc packages on my Linux server 4) I rebooted the Linux server, and started xend as per user guide Configuration

Hello all, What I am doing seems fairly straight forward to me, I just am not sure how to put it into Shorewall''s config files. Here is what I have: I have a single router that takes 5 public IP addresses and routes them to internal IP addresses. In the past, I had control over that router and could port filter at the router, forwarding only the traffic I wanted. However, now, I

Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja

Hi, I plug my laptop in different networks and use the following hack to configure automatically shorewall for trusted/untrusted networks: In /etc/shorewall/params: # none is a dummy zone associated to the loopback interface NONE="none:0.0.0.0" # Network scheme, automatically detected by intuitively NETWORK_SCHEME="$(cat /etc/network/scheme 2>/dev/null)" case

sorry, i''m confuse where to post my problem.. i was post to shorewall-users, but must read to support.html this''s my problem ----------- i have squid running on DMZ zone and my network using ProxyARP on eth1 and eth2 mylinuxbox slackware 9.2 my network can access to internet normal, but can''t redirect to squid server from firewall. sometimes my network can connect

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.4 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.4 Problems Corrected: 1. The error message: Error: No appropriate chain for zone <z1> to zone <z2> has been changed to one that is more self-explanatory: Error: No policy defined for zone <z1> to zone <z2> 2. When only an