Displaying 20 results from an estimated 3000 matches similar to: "Shorewall protection?"
2005 Apr 27
1
Problems with DNAT
Hi, i''m a shorewall users and i have the following problem:
I have one class C range of IP''s and i have three zones (net, dmz , loc)
I need create one rule to dnat one valid ip address (but not in use in
one computer) to one invalid host in my loc zone.
How i do?
I try this:
DNAT net:200.200.200.200 dmz:200.193.137.38 tcp
137,138,139,445 -
2005 May 09
1
Two gateways
Hi, i have shorewall installed in my firewall and i have one big problem:
My network is:
Link Ethernet 1 = eth0 = IP: 200.215.203.2
Link Ethernet 2 = eth1 = IP: 200.137.193.2
DMZ = eth2 = IP: 200.137.193.33
LAN = eth3 = IP: 192.168.0.3
GIGABIT = eth4 = IP: 192.168.1.0
My problem is:
How i do to my dmz going to internet to eth1 and gigabit and lan zone
2004 Nov 11
2
Traffic Shaper
Hi, i need configure traffic shaper limting a traffic to IP....
for sample:
In my lan i have 10 user and i need limit to 10 ips = 30k fot each ip/user.
Anyone know if can i this??
where i find more information about?
tks
2005 Jul 14
7
Losing Packets after a DNAT in prerouting
I''m trying to setup some DNAT and the packets seem to be disappearing after
the PREROUTING step. The packets are coming in eth2 (both LOG targets in
iptables and tcpdump confirm this). They are then DNATed to an IP that
should cause them to go out eth3. However I never see them go out that
interface. I have tried putting LOG rules into the FORWARD chain with no
success. I''m
2012 Sep 27
3
vsFTP and shorewall
Dear all,
Dear support and users:
Sorry to trouble you! I configure the shorewall firewall to forward ftp and ssh port to another server, but failed. Can you help me check?
I cannot login both SSH 2222 and ftp!
Below is my environment: (attachment is shorewall dump)
1. Gateway (FC6)
1.1) eth0: lan static IP: 192.168.1.20
1.2) eth1: external public static IP:
2004 Nov 17
6
Problems with routing
Hi,
here my system on shorewall:
eth0 192.168.108.1 net
eth1 192.168.109.1 dmz
eth2 192.168.110.1 loc_110
eth3 192.168.111.1 loc
I haven''t access from or to server in loc_110 through shorewall. I can
use ssh or other types from loc to dmz or from loc to fw, but I can''t use connections
to loc_110.
I can also use ssh - connection from fw to loc_110 or redirectly.
Where is the
2012 Dec 26
4
CentOS 5.7 eth0, eth1 and arpwatch flip flops
Dear all,
Has anyone experienced this whilst running DRBD over eth1 between two
CentOS 5.7 servers?
eth1 is a private IP address, unroutable. eth0 is the public address.
CentOS will reply sometimes once every 3 days or every 14mins~ saying
"My public IP is on eth1" to arp requests when it's not, it's eth0.
This freezes traffic and causes issues. We've looked at arp*
2005 Feb 04
12
SW 2.2.0: 4 interface system, log reports impossible "IN=" and DROPS
This one is really throwing me. Thanks in advance for
any advice.
I''m working on a 4 port firewall system. It is
running heartbeat+drbd.
Primary box looks like this:
eth0 -> net/cicso router
192.168.144.2/29
eth1 -> drbd/heartbeat crossover cable
192.168.254.253/30
eth2 -> dmz
192.168.144.10/24
eth3 -> loc
192.168.101.2/24
The IP''s
2005 Jan 22
3
DNAT, NAT or ProxyARP?
Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current
2005 May 02
4
Multiple network cards on same subnet problem (arp_filter=1)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
this might seem like a classical problem but I''ve trouble getting this
working correctly:
# ifconfig ### output stripped down:
eth0 Link encap:Ethernet HWaddr 00:50:FC:2B:EB:1B
inet addr:192.168.5.220 Bcast:192.168.5.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 00:02:44:60:EC:58
inet
2005 Jun 30
4
Two nics connected to one switch
We have a webserver that is connected to three different networks. Due
to our cabling, we have to run two of those networks over the same
physical network.
When connecting from OS X and Windows we are occasionally blocked
because the client is sending to the wrong interface. Linux clients
seem to have no problem at all.
I have read the docs and understand that the problems exists because of
2005 Dec 08
3
trouble with shorewall on Mandriva 2006 (2nd)
(Sorry, my previous post was sent in HTML format)
I am having a hell of a time with shorewall...
I have a Dlink DCM202 Cable modem with the Ethernet connected directly to
eth0 on the linux box. Then I have a second nic on the linux box connected
to a hub for
the internal network.
I am trying to allow traffic from the internet connect to my FTP and WEB
servers on my Winbloze box on the lan.
2003 May 12
2
shared_media
Hello everybody.
I have a problem with my firewall rules on my Slackware Linux box 9.0
(kernel 2.4.20-xfs).
This system is configured with 3 NIC (one for the router, one for the
dmz, and the other for the private net).
I have written a firewall (iptables) that is processing packet based
also on the incoming interface.
This firewall is connected in a not good environment where all the NIC
(and the
2005 Apr 03
3
Problem with fresh two nic installation on FC3
Hi,
I''m having problems with new Shorewall installation on Fedora Core 3 (had
same problem with Core 2 and upgrade did not help even iptables was
upgraded from 1.2.9 to 1.2.11). I''ve followed two nic example, but
starting Shorewall drops all connections and don''t permit any outgoing
requests, even with "all allowed" policy. Policy file is below. Current
setup
2003 Feb 03
4
[Bug 40] system hangs, Availability problems, maybe conntrack bug, possible reason here.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 -------
We haven't seen this
2005 May 29
17
Plans for 2.4.0
Hi folks,
Has anyone tested the changes to multiple ISPs/load balancing or
routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we
will use for determining whether 2.4.0 is ready for release.
I''ve started configuring a firewall at work with the multiple ISPs
support, but its kernel doesn''t have connection marking support, so it''s
going to be a couple of
2005 Feb 07
2
blacklists and rules
Hi People, what files is processed first?, balcklist or rules, i want to
globally filter imesh, but at the same time allow managers to connect, i.e.
, imesh work on port 1214, i have this:
/etc/shorewall/blacklist
#ADDRESS/SUBNET PROTOCOL PORT
192.168.0.0/16 tcp 1214
192.168.0.0/16 udp 1214
2007 Oct 21
2
arp corrupted
Hi,
I've been trying to get a couple of routers up after h/w failure.
The border router is an OpenBSD firewall running NAT between the Internet and
a DMZ like subnet, and in that a Linux antivirus server is running NAT to the
LAN.
When the client does a DNS query it reaches to the f/w where dns is running
and is returned into the A/V server but never hits the 0.254 interface.
(Shown by
2005 Apr 10
28
dumb, dumb question
I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall)
with 3 NIC cards.
Shorewall works great on the firewall machine. Bind also works (local
net machines get IPs fine). Under firestarter, all works great.
With shorewall, the loc machines can not route past the firewall. They
can connect to the firewall, but not past it.
Exactly what information should I post to get
2004 Mar 10
1
Shorewall2 - Action commands
Dear All,
I have read all the documentation I can find but I still have not understood how, in what context and where to use the action commands enumerated in /usr/share/shorewall/actions.std.
Illustrating with SMB traffic for instance, how can one use AllowSMB, DropSMB and RejectSMB to control SMB traffic instead of the classic
ACCEPT z1 z2 udp 135,445
ACCEPT z1