similar to: A short netiquette request: trimming irrelevant material

Hi folks, I know this isn''t a shorewall question, but i''m hoping someone can point me to the right place to look for answers on this (since, as Tom suggests, search engines are useless for some things): Here is my firewall setup: ADSL1 ADSL2 dialup \ | / firewall | DMZ It''s a fairly simple setup. ADSL1 has a static IP, ADSL2 is

Robin Lynn Frank wrote: > We have Shorewall 2.1.9 , squid and dansguardian (a filter for squid) on > the same box. I want to require one group of computers to connect their > browsers via squid on port 3128. The other group, I want to require to > use dansguardian on port 8080 and it , in turn hands off to squid on > 3128. I think I have this figured out, but I thought

Hi folks, A while back we had some discussions about integrating heartbeat and shorewall. Thanks to your help and the excellent state of Linux failover clustering, i''ve managed to install my high-availability firewall. I know there''s already a howto for it at http://www.xenos.net/library/hafirewall.html, but i thought i would document my setup for others, since it''s

Hi folks, Has anyone out there done port forwarding or DNAT for UDP packets that are normally sent to the broadcast address (255.255.255.255)? I have to support a nasty database application called FileMaker Pro (those of you who know it are probably groaning about now), which uses broadcasts to locate the database server. Theoretically, i can get around this requirement by using LDAP lookups

So, now I see why I was doing the fw 2 fw rule. It was for my YP/NIS usage. Does anyone know how I get that to work?

Hi folks, Last night and this morning i''ve hacked up a quick web site for coordinating our development work based on Drupal (http://drupal.org). You can find it at: http://shorewall.dyndns.org I''ve put a few ideas in there - feel free to use the comments or sign up for an account and create your own pages (particularly in the two books about development and web site work).

Hi folks, I''m conducting a straw poll for your opinions on whether we should send CVS commit logs (probably with diffs) to the shorewall-devel list, or to another (new) list? I can see advantages to both ways: separate lists mean that people who aren''t contributing code don''t get flooded with code noise, but a single list will help keep everyone involved in the

Since you''ve started signing your email, Tom, my machine can''t verify your sig. Where are you publishing your key? -- John Andersen - NORCOM http://www.norcomsoftware.com/

I''m going to start being rude with people if I don''t take a break from the list for a while. I''ll be back in a couple of days after I cool off..... --Tom -- Tom Eastep \ Off-list replies are cheerfully ignored Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

hello I''m using the 2.6 series 5 vservers on eth1 running on debian unstable and I wanted two of them to be used as "proxies". One of the proxies has 3 interfaces (well 4 if you count the ath0 interface whose traffic I''d like to pass through the "vproxy"); one facing the hosts''/out interface, one facing the "dmz" where two vservers

Anyone else seeing this?? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None fw net ACCEPT None None net Any DROP info None Any Any REJECT info None I have done NAT on eth0 and I am running squid proxy on the server. I am not able send or

Been trying to track down an issue where when I issue a restart on shorewall it stalls for maybe 5 minutes. I have tracked it down to the removing of the rules portion but have not been able to get any closer yet. Some place after "strip_file rules" and echo "Deleting user chains..." It seems to fix itself after a reboot of the system for an unknown time then it resurfaces

I was wondering if i could stick a certain ip in the blocklist, but at the same time have an allow rule for http in the rules section. In other words i would like to block pretty much all access from a certain internet address except for http from the internal network. So does the rules file get parsed before the blacklist in the firewall to make this possible?

Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 186 bytes Desc: OpenPGP digital signature Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050604/bee263f3/signature.bin

Hello, I have read the getting started guides, FAQ, etc, so if your response to the following is RTFM, please at least refer me to the appropriate one :) I have shorewall set up as follows: zones: net Net Internet loc Local Local networks dmz DMZ Demilitarized zone policies: loc net ACCEPT dmz net

After a fresh install, I noticed that shorewall 2.4.0 wasn''t starting automatically under FC4. The startup script installs properly from the rpm: /etc/rc.d/init.d/shorewall ... but the post install "/sbin/chkconfig --add shorewall" produces this in the runlevel symlink directories: /etc/rc.d/rc5.d/S-1shorewall /etc/rc.d/rc0.d/K-1shorewall /etc/rc.d/rc6.d/K-1shorewall

 Hello, everybody.  This one''s got me stumped.  What I''m trying to do is have two networks--192.168.1.0 and 192.168.2.0--with SMB and WINS running between them.  So far I can mount SMB shares allright, but I can''t browse by WINS names across the router.  I''ve posted this question on Linuxquestions.org; you''ll find the details there.  Here are my

FreeBSD Architect required to lead team at a well known ISP. Strong Linux/Solaris skills are required and some Windows experience would be beneficial. Some Perl/C development experience a must. You will be building complex infrastructures, processes and procedures. Degree educated and with 4+ years as an SA for a similar company you will looking for new challenges in a hands on role. Location:

Perhaps someone can help me understand why this is happening. I''m trying to write a script using ''shorewall iprange'' to parse some ip ranges into subnets so that i can place them into the blocklist. I keep getting an error when i run the script though. Here is the script: #!/bin/csh foreach i (`cat ipranges`) shorewall iprange $i >>