similar to: Re: Newbie going through a probably stupid thin g

Believe me: Read the FAQ Checked over and over This might be toooooo stupid to be documented. Please bear with me. Any help ? Situation: single card standalone "firewall" (used like a "personal firewall"). Have sshd running on the FW. Want the sshd daemon to be accessible only from 2 LANs: 1) My other home LAN machine 2) IBM intranet machines (9.0.0.0) Whatever I have

I have defined a Home zone and placed it before the Net zone. Defined a host 192.168.174.242 as a trusted host. Now if I ping from 242 to my fw it works just fine (also tweaked the norfc1918 file). Thing I do not understand is why if I try pinging or FTPing from FW to 242 I hit the all2all reject rule ! I tried reading the rules and from the INPUT chain I see a eth0_in chain which in turn

Hi, I need a help... I''m a beginner with shorewall. I have two shorewall firewalls, each with a link. FW (a) - w/ openVPN eth0 = 192.168.150.5/24 eth1 = 192.168.200.5/24 eth2 = public IP eth3 = 192.168.120.5/24 tun240 = 10.240.255.1 /etc/shorewall/zones all zones declared as ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS tlm eth0

Hello, I''m trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan trunk. My internal networks are : LAN(eth9): 10.0.0.0/16 VLAN10(eth9) 10.10.0.0/24 VLAN20(eth9) 10.20.0.0/24 VLAN30(eth9) 10.30.0.0/24 VLAN100(eth9) 10.100.0.0/24 I would like to post my configuration here since i don''t success to do the following: 1. Communicate between VLANxx to LAN

Hi, I''m trying to use Shorewall (3.0.6) to accomplish what I thought was going to be fairly simple. Unfortunately, I can''t get the dmz to work correctly, and I''m getting martians logged against the interface at issue. Any help I could get would be greatly appreciated! A picture of my physical setup is attached. I have also attached a shorewall dump. To make a long

Hello all. First of all, please be a bit indulgent to my poor English :-). Second, this message is "kinda" BIG, so if you don''t like BIG messages, simply don''t read it :-). I''ve read http://shorewall.net/2.0/Shorewall_and_Routing.html and http://shorewall.net/MultiISP.html, however I still a bit confused how to organize what I need :-). I''ve a

Hi there, Let me just start by saying that I am a bit of a Linux newbie, but that Shorewall seems an excellant product. The issue I''m reporting wont stop me from using it, it still does 99% of what I need. Anyway, I have a resonably simple two interface system. My server (HatMannz, P3-900MHz with a RAID-1 array of 80GB IDE drives running Red Hat 9.0) connects to a cable modem via eth1

Hi, I've an Asterisk box acting as firewall with Shorewall, yet I can't get a SIP client (Sipura 2000) to connect remotely (behind a firewall). My Shorewall Config as follows: interfaces #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect dhcp,routefilter,norfc1918,tcpflags loc eth1 detect tcpflags zones #ZONE DISPLAY COMMENTS net Net Internet loc Local Local

Hi, I''m new to shorewall and iptables. I installed shorewalls ver. 2.2 two days ago and it''s working now, but I have some questions concerning pppoe. I have my ISP''s connection to internet trough PPPoE over an ethernet card. On the ethernet card I have a static IP and I have access to all other ISP''s clients wich are in the same subnet (it''s a small

Hello, I forgot to put my #/etc/shorewall/policy file: # /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # adm net DROP info tlm net DROP info # net adm DROP

Hi, I am using netem to add loss and then adding another qdisc within netem according to the wiki. Then i want to change the netem drop probability without having to delete the qdisc and recreate it. I try it but I get invalid argument: thorium-ini hedpe # tc qdisc add dev ath0 root handle 1:0 netem drop 1% thorium-ini hedpe # tc qdisc add dev ath0 parent 1:1 handle 10: xcp capacity 54Mbit

Hi ! Recently i switched my internet provider, to get more speed but another braindead setup regarding public ip addresses. I now have 4 PPTP Tunnel available, of which i''m using one as the gateway ip doing masquerading to other machines in my local lan, excluding three other machines, which i would like to use 1:1 nat to get them a direct access to one of the pptp tunnels. I was

Hello! I configured a pptpserver on my firewall and followed the pptp-manual from Shorewall. Login via VPN to firewall (internal ip: 192.168.10.2) is ok and I can ping this server via internal ip (and use it: add samba-shares, etc.). Unfortunately I can''t connect to other hosts in my intranet (LOC). Ping from vpn-client to clients in intranet fails, although Shorewall-Log shows an

Before wasting a lot of time going at this in the wrong list, I would like to confirm whether my thinking is on or off base with respect to source and destination ports. Samba is being blocked by fw2loc even though I have accept rules set up. I believe I can explain why, but I could be wrong. I think that for some reason, samba is sourcing stuff on the commonly used port 137, but trying to send

Hi Sam, do you know if there is anything done about cbb(4)? I have many wireless adapters with ath(4), but only the one based on PCMCIA is making problems on FreeBSD. I cannot boot my notebook with the device inserted into the port, or it will render the system unusable (100% load on cbb(4)). And all I can see is the following: Jul 12 14:58:39 link kernel: ath0: ath_chan_set: unable to reset

Hello! I have a problem using shorewall on an aliased interface. Let me give you a short description of the setup: eth0 uses DHCP and will be assigned a 10.38.0.0/16 address by my ISP; I use a host-route to access their PPTP on 10.0.0.138 with "pptp 10.0.0.138" ppp0 is the Internetconnection then (duh) At the same time I want to connect the box to my LAN using 10.1.0.0/16 or any

I''m trying to follow Chapter 10 of the howto and apply it to two ubuntu machines each with two 802.11b/g interfaces. However, I cannot get a connection. I would like the 4 interfaces to create 2 ad hoc links on separate channels. I have set this up successfully with the following: /etc/dbus-1/event.d/25NetworkManager stop wlanconfig ath0 destroy wlanconfig ath0 create wlandev wifi0

Hi all, I am having an issue where my hme0 interface is always turning up and down with dhclient requesting a lease. I am thinking this could be the same issue described by Jeremy Chadwick on June 9th: http://lists.freebsd.org/pipermail/freebsd-stable/2013-June/073711.html Everything was fine on 8.2-STABLE and older versions. It was then upgraded directly to 9.0-STABLE

Hi. I have problem in following scenario: 3 routers A, B, C: router A: eth0--> DSL ( public IP ) eth1 --> 192.168.0.1 ( local network ) routing table A: 83.x.x.x/29 dev eth0 proto kernel scope link src 83.x.x.x 192.168.5.0/24 via 192.168.0.8 dev eth1 192.168.4.0/24 via 192.168.0.8 dev eth1 192.168.3.0/24 via 192.168.0.8 dev eth1 192.168.2.0/24 via 192.168.0.8 dev eth1 192.168.1.0/24

Hi, after some time without FreeBSD I installed 7.1 on an IBM Thinkpad T30 (with ZFS root on encrypted geli, works great). Config is: FreeBSD hasking.alashan.nongo 7.1-STABLE FreeBSD 7.1-STABLE #3: Thu Feb 5 21:10:45 CET 2009 root@hasking.alashan.nongo:/usr/obj/usr/src/sys/HASKING i386 I tried using my ath based D-Link DWL G650, which still seems to have some issues in regard to interrupt