similar to: ipchains to shorewall

Hello, on my old system I''m using ipchains. Can anyone help me with converting rule /sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp to shorewall. I know that I can write eth0 source_addr to /etc/shorewall/masq file but I can''t found where I can specify the destination address. The reason for this is to allow one user (computer) access only to

Hi, I had installed squid with ntlm authentication and content filtering from this tutorial: http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch. Next to last point is firewall configuration by ipmasq but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the

Hi, I use shorewall on my router (internal ip: 192.168.1.4). The router is used as a gateway for my lan. If I try to access an IRC server from any "client" (for exaples 192.168.1.1) I get the message "no identd". I tried the following in my shorewall rules config (etc/shorewall/rules), but i doesn''t work: ACCEPT net loc tcp 113

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

Hello. Trying to get shorewall to do what I want it to do and also not to do what I don''t, I have the following example which I''d like to ask about. I get this log message: Nov 9 11:06:36 fw kernel: Shorewall:all2all:REJECT:IN=eth1 OUT= MAC=00:c0:4f:60:b3:e5:08:00:20:b0:92:c1:08:00 SRC=192.168.1.59 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=942

Hi I am looking at converting a Linux terminal server box to iptables using Shorewall 2.0. (At the moment it uses ipchains). The server currently has scripts which are called as each user logs in which run a series of "ipchains" commands to set the access rights for that user (and again to cancel them when the user logs out). My plan is to replace these scripts with ones that call

Hello, First let me say how much I appreciate Shorewall. I just downloaded shorewall-1.3.14.tgz, built and installed it without error, and had it working with only minimal fiddling with the config files. I''m having trouble getting NFS to work with Shorewall. I followed the info on the "Ports required for Various Services/ Applications" page but I couldn''t get it to

In a previous thread, Tom listed advantages (reproduced below) of Proxy ARP over NAT. They are great reasons, but I have one reservation. By using private addresses with NAT for servers in my DMZ, I can granularly allow specific traffic, such as to/from the SMTP gateway/relay in the DMZ, to connect inbound from the DMZ to an internal (LOC) mail server, and know that it comes only from a

Hi All! I only ever have complex setups. Customer site has a dedicated leased line from their ISP terminating on a Cisco router. Router is configuered with the first usable address on a /28 network - 196.x.y.73. The linux firewall is configured with the remaining 5 ip''s, 196.x.y.74 to 196.x.y.78 and 79 as the broadcast. Sounds normal but here is the twist. The primary or first ip

I have a couple questions that I will submit separately. When I have IPchains running I can't get my samba box to show up in network neighborhood, but when I turn ipchains off the box shows up. What rules do I need to add for things to work properly? -- Raymond Norton Little Crow Telemedia Network 320-234-0270

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Sat Mar 22 14:16:55 CST 2003 This post is a bit long, but I want to make sure I am providing the information up front that can help in others helping me solve this mystery. I am having a bit of difficulty getting Shorewall to work with SecuRemote and its FW-1 server. I have attached the "rules" file I am using and the output of "shorewall show nat". The diagram below

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

I have been using shorewall and freeswan successfully for 3 or more years now. But they have all been using the Linux 2.4 kernel. My current configuration is (as the title suggests) using SuSE 9.1 which has a 2.6.5 kernel and freeswan 2.0.4 built-in. After much reading and a lot of trial and error, I did get this combination to work with Shorewall 2.0.9. It is happily talking to an older Mandrake

I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on the client side (wasn't before?). I had a ipchains rule to allow ACK packets to 1024:65535, which was good enough for <= 2.3.0p1 : #allow only ACK tcp packed ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp ! -y So I added the following : #allow return from ssh connections ipchains -A input -j

Just a quick word - I spent two days trying to get Samba to work. The whole problem was a lack of knowledge about ipchains (firewall). It was part of the RH7.1 install package, and the medium security setting stops all tcp and udp traffic for a lot of ports, including those needed for NetBIOS (137-139) It is pretty easy to fix, the IPCHAINS-HOWTO is a good and humorous read, and by the end of

Hello - I am not a subscriber to the mailing, please email me with help at mfabache@yahoo.com My shorewall (v2.0.1) has been working wonderful for the past year. I just added my Vonage and cannot get the Phone Adapter to sync up (2 blinks (looking for IP)) All I have done is run an ethernet cable from the WAN outlet on the phone adapter to a lan port on the router. After googling, I found

Hi there, I''ve read Routing on One Interface, and Shorewall and Aliased Interfaces docs but I''m a little confused, and all my test attempts have mostly failed. Here is my setup: CentOS 4.2 ShoreWall 3.0.2 My server has a subnet 192.168.50.0/29 routed to it via 192.168.1.2. Currently 192.168.1.2 is setup on eth0. With no ShoreWall involved routing seems to work if I just setup

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

Hi Tom and All, I have been quietly watching the list for the last year (no new issues for me that weren''t covered in the docs or promptly "bug-fixed" by Tom. Boy, has this grown exponentially! Anyway, back to the point (the proverbial rearranging the furniture)... I have been evaluating Mandrake''s MNF as an upgrade for my Firewall box. If I do this( and even if I