similar to: Shorewall protection?

Hi, i''m a shorewall users and i have the following problem: I have one class C range of IP''s and i have three zones (net, dmz , loc) I need create one rule to dnat one valid ip address (but not in use in one computer) to one invalid host in my loc zone. How i do? I try this: DNAT net:200.200.200.200 dmz:200.193.137.38 tcp 137,138,139,445 -

Hi, i have shorewall installed in my firewall and i have one big problem: My network is: Link Ethernet 1 = eth0 = IP: 200.215.203.2 Link Ethernet 2 = eth1 = IP: 200.137.193.2 DMZ = eth2 = IP: 200.137.193.33 LAN = eth3 = IP: 192.168.0.3 GIGABIT = eth4 = IP: 192.168.1.0 My problem is: How i do to my dmz going to internet to eth1 and gigabit and lan zone

Hi, i need configure traffic shaper limting a traffic to IP.... for sample: In my lan i have 10 user and i need limit to 10 ips = 30k fot each ip/user. Anyone know if can i this?? where i find more information about? tks

I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m

Dear all, Dear support and users: Sorry to trouble you! I configure the shorewall firewall to forward ftp and ssh port to another server, but failed. Can you help me check? I cannot login both SSH 2222 and ftp! Below is my environment: (attachment is shorewall dump) 1. Gateway (FC6) 1.1) eth0: lan static IP: 192.168.1.20 1.2) eth1: external public static IP:

Hi, here my system on shorewall: eth0 192.168.108.1 net eth1 192.168.109.1 dmz eth2 192.168.110.1 loc_110 eth3 192.168.111.1 loc I haven''t access from or to server in loc_110 through shorewall. I can use ssh or other types from loc to dmz or from loc to fw, but I can''t use connections to loc_110. I can also use ssh - connection from fw to loc_110 or redirectly. Where is the

Dear all, Has anyone experienced this whilst running DRBD over eth1 between two CentOS 5.7 servers? eth1 is a private IP address, unroutable. eth0 is the public address. CentOS will reply sometimes once every 3 days or every 14mins~ saying "My public IP is on eth1" to arp requests when it's not, it's eth0. This freezes traffic and causes issues. We've looked at arp*

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this might seem like a classical problem but I''ve trouble getting this working correctly: # ifconfig ### output stripped down: eth0 Link encap:Ethernet HWaddr 00:50:FC:2B:EB:1B inet addr:192.168.5.220 Bcast:192.168.5.255 Mask:255.255.255.0 eth1 Link encap:Ethernet HWaddr 00:02:44:60:EC:58 inet

We have a webserver that is connected to three different networks. Due to our cabling, we have to run two of those networks over the same physical network. When connecting from OS X and Windows we are occasionally blocked because the client is sending to the wrong interface. Linux clients seem to have no problem at all. I have read the docs and understand that the problems exists because of

(Sorry, my previous post was sent in HTML format) I am having a hell of a time with shorewall... I have a Dlink DCM202 Cable modem with the Ethernet connected directly to eth0 on the linux box. Then I have a second nic on the linux box connected to a hub for the internal network. I am trying to allow traffic from the internet connect to my FTP and WEB servers on my Winbloze box on the lan.

Hello everybody. I have a problem with my firewall rules on my Slackware Linux box 9.0 (kernel 2.4.20-xfs). This system is configured with 3 NIC (one for the router, one for the dmz, and the other for the private net). I have written a firewall (iptables) that is processing packet based also on the incoming interface. This firewall is connected in a not good environment where all the NIC (and the

Hi, I''m having problems with new Shorewall installation on Fedora Core 3 (had same problem with Core 2 and upgrade did not help even iptables was upgraded from 1.2.9 to 1.2.11). I''ve followed two nic example, but starting Shorewall drops all connections and don''t permit any outgoing requests, even with "all allowed" policy. Policy file is below. Current setup

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

Hi People, what files is processed first?, balcklist or rules, i want to globally filter imesh, but at the same time allow managers to connect, i.e. , imesh work on port 1214, i have this: /etc/shorewall/blacklist #ADDRESS/SUBNET PROTOCOL PORT 192.168.0.0/16 tcp 1214 192.168.0.0/16 udp 1214

Hi, I've been trying to get a couple of routers up after h/w failure. The border router is an OpenBSD firewall running NAT between the Internet and a DMZ like subnet, and in that a Linux antivirus server is running NAT to the LAN. When the client does a DNS query it reaches to the f/w where dns is running and is returned into the A/V server but never hits the 0.254 interface. (Shown by

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

Dear All, I have read all the documentation I can find but I still have not understood how, in what context and where to use the action commands enumerated in /usr/share/shorewall/actions.std. Illustrating with SMB traffic for instance, how can one use AllowSMB, DropSMB and RejectSMB to control SMB traffic instead of the classic ACCEPT z1 z2 udp 135,445 ACCEPT z1