Displaying 20 results from an estimated 6000 matches similar to: "shorewall and snort inline"
2004 Dec 16
9
Some help for a beginner please: terser logging
Dear newfound friends,
please be patient. For me reading and writing in English is more painful
than dissecting IP traces :)
I have tried reading through the FAQ but could not quite understand:
I would like the logs to be terser. I think I can live without MAC, LEN,
TOS, PREC, TTL, ID fields normally (maybe need them only in special
situations). Could not understand if/how I can achieve this.
2004 Dec 29
9
Shorewall rpm failed dependency: iproute (ip is working)
Hello Shorewall gurus, as outlined on the shorewall site I have done the
following after failure to install shorewall via the rpm:
I have read all of the FAQ.
I have read the quickstart guide with particular attention directed at
the Mandrake solution.
I have searched the mailing list archives (all old replies).
I have studied the documentation index.
I have previous experience using shorewall
2005 Mar 30
7
RE: Shorewall and an inline IDS (snort-inline orhogwash)
I made an atempt to run snort_inline and shorewall on the same system
but I could not get snort to see the packets.
Maybe someone with a little more iptables knowledge could tell me what
I''m doing wrong or if its possible to have the systems setup so that it
places packets that the firewall would allow into QUEUE.
After setting up and starting shorewall I then issue the following
2005 Mar 30
1
RE: Shorewall and an inline IDS(snort-inlineorhogwash)
Plus I would like to let you know that it works like a charm.
Snort can now see those packets.
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of
Thibodeau, Jamie L.
Sent: Wednesday, March 30, 2005 9:25 AM
To: Mailing List for Shorewall Users
Subject: RE: [Shorewall-users] Shorewall and an inline
2003 Feb 27
6
Shorewall 1.4.0 Beta 2
The second Beta is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Function from 1.3 that has been omitted from this version includes:
1) The ''check'' command is no longer supported.
2) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4 behavior is the same as 1.3 with
MERGE_HOSTS=Yes.
2005 Mar 29
4
Shorewall and an inline IDS (snort-inline or hogwash)
Is anyone using an inline IDS like hogwash or snort-inline to drop
packets in a system running shoreline? I _think_ I see how to
configure it, but I''d be really interested in finding a howto or
something...
Thanks!
Mike-
--
Mornings: Evolution in action. Only the grumpy will survive.
--
Please note - Due to the intense volume of spam, we have installed site-wide spam
filters at
2005 Mar 30
1
RE: Shorewall and an inline IDS (snort-inlineorhogwash)
You are awesome!!!!
-----Original Message-----
From: shorewall-users-bounces@lists.shorewall.net
[mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of Tom
Eastep
Sent: Wednesday, March 30, 2005 9:11 AM
To: Mailing List for Shorewall Users
Subject: Re: [Shorewall-users] Shorewall and an inline IDS
(snort-inlineorhogwash)
Tom Eastep wrote:
> Thibodeau, Jamie L. wrote:
>
2005 Feb 20
5
is this configuration possible using shorewall ?
Is this possible using shorewall ?
here is the setup that I need:
many client computers C1 to C30 connect to the
internet using ONE
gateway computer server running shorewall proxy S1
client C1 connects to local LAN /shorewall proxy S1
and authenticates using
username U1
S1 connects to SSH server external server ES1
authenticates using
username EU1.
client C1 can transfer files, upload and
2004 Sep 22
3
2.6 kernel ipsec and shorewall
I set up an ipsec/racoon vpn tunnel test environment. The gateway machines
are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and
10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10.
The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice
versa and they can both use the net via NAT, however 192.168.0.30 and
192.168.0.31 cannot directly
2004 Aug 06
9
how to define a dozens of interface as one zone
hi,
we use openvpn as for our vpn endpoints and we''ve got about 70-80 vpn
connections which means we have tun0 - tun80 interface. i''d like to
define one zone for all of our vpn connections how can I do that?
actualy our local zone is 192.168.0.0/17 (not 16) and all of the vpn''s
are in 192.168.128.0/17. our should i define somehow the local zone as
192.168.0.0/16? but in
2004 Dec 09
6
Can''t allow ICMP to firewall?
Hello,
I am stumped on a problem I am having with Shorewall 2.0.1 on Mandrake 10.
My setup is as follows. I have a /28 and have assiigned all ip addresses to
my firewall using aliases. I am able to setup rules to allow specific
traffic to specfic ip addresses on the firewall like so:
ACCEPT net:w.x.y.z $FW:w.x.y.z tcp 22
This works great for TCP and UDP traffic. I can
2004 Oct 25
4
enquiry on shorewall functions
hi all,
shorewall claim that support stateful connection. But I read the
document, I can''t found any configuration on it like in iptables e.g.
-m -state NEW, ESTABLISHED
something like like.
Is shorewall by default is staeful connection for any connectione.g. web, http
2013 Aug 29
2
shorewall and snort - recommendation
Dear all,
I''m setting up a new gateway for a small network (under 30 users)Gw will host the following services:shorewalldnsproxy
i''m considering installing snort.can i do so on the same exact box ? is there any security risk of doing so ?
box would have 4 ISPs and two internal interfaces.
Any recommendation about the optimal setup of snort and shorewall (or if you suggest
2005 May 29
17
Plans for 2.4.0
Hi folks,
Has anyone tested the changes to multiple ISPs/load balancing or
routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we
will use for determining whether 2.4.0 is ready for release.
I''ve started configuring a firewall at work with the multiple ISPs
support, but its kernel doesn''t have connection marking support, so it''s
going to be a couple of
2004 Oct 08
3
TCP 9200 Port Scans
Is it just me, or have there been an excessive number of TCP port 9200
port scans ?
Port 9200 seems to be associated with WAP & Lexmark printers, but what
else ?
I know Tom does not like identification, but most sources seem to resolve
to Asia. Is there a new Trojan loose ?
An example:
Oct 7 19:16:18 mybox kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
2004 Dec 01
5
PPTP connections through Shorewall - WinXP Workstation to Win2003 Server
The problem scenario I describe was reported previously in the Shorewall
lists but its resolution does not seem to have made it into the lists.
Scenario:
Windows XP client seeking to establish a VPN connection to a Windows 2003
Server located behind a Shorewall firewall (running on Mandrake kernel 2.4.22-37mdk).
The connection cannot be made, the client reports error code 721.
Discussion:
2004 Jul 06
1
Squid - Load Balancing Multihomed Linux Router
Hi All,
In a scenario, where a LAN is being provided internet connectivity
through multiple ISPs terminated at a Load Balanced Multihomed Linux
Router as described in LARTC HowTo, how would the traffic distribution
affected if there is a squid based transparent proxy for the LAN''s web
traffic on the same system (i.e. the load balanced router itself). The
recent squid versions have
2004 Nov 30
2
RFC1918 all of a sudden?
Is my RFC1918 file obsolete? I have been assigned an ip in the
83.0.0.0/8 range, and of cource a lot of Shorewall systems drop me with
a RFC1918 error.
So, is my ISP actually giving me a RFC1918 IP, or am I missing
something?
.
2004 Sep 21
2
(no subject)
i have squid running on DMZ zone
and my network using ProxyARP on eth1 and eth2
mylinuxbox slackware 9.2
my network can access to internet normal, but can''t
redirect to squid server from firewall.
sometimes my network can connect to squid and sometimes
bypass this squid server. i dont know what going on.
now.. my network bypass redirect to squid server.
my config file follow document
2003 Mar 23
0
Shorewall and snort-inline
Hi, I''m new to the list, but have been through the documentation,
archives, etc. looking for more info...
I''ve been using shorewall 1.3.14 for a few months now, has been working
well from day one. I''m also using it with dshield (submitting logs and
using the block list).
I''m thinking of adding snort-inline to the mix (I run apache and postfix
on the same box,