Displaying 20 results from an estimated 30000 matches similar to: "ipchains to shorewall"
2002 Aug 06
8
converting MASQ from ipchains
Hello,
on my old system I''m using ipchains. Can anyone help me with converting rule
/sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp
to shorewall. I know that I can write
eth0 source_addr
to /etc/shorewall/masq file
but I can''t found where I can specify the destination address.
The reason for this is to allow one user (computer) access only to
2009 Aug 18
3
Rules based on ipmasq
Hi,
I had installed squid with ntlm authentication and content filtering
from this tutorial:
http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch.
Next to last point is firewall configuration by ipmasq but I have
installed shorewall. This is content of I89tproxy.rul file:
#!/bin/sh
#
# redirect http requests to non-local hosts to the
2005 Feb 22
6
identd on "clients"
Hi,
I use shorewall on my router (internal ip: 192.168.1.4). The router is used
as a gateway for my lan.
If I try to access an IRC server from any "client" (for exaples 192.168.1.1)
I get the message "no identd". I tried the following in my shorewall rules
config (etc/shorewall/rules), but i doesn''t work:
ACCEPT net loc tcp 113
2003 Jan 21
14
Emule + Shorewall
Hi,
I''ve installed Emule (p2p program) on my client box but I can''t access
the servers due to the firewall.
I''m getting this blocking errors:
Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0
SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57
ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0
My rules file
2004 Nov 09
2
How do I control shorewall when src and dst ports are different? [Or, sunrpc problems]
Hello.
Trying to get shorewall to do what I want it to do and also not to do
what I don''t, I have the following example which I''d like to ask about.
I get this log message:
Nov 9 11:06:36 fw kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=
MAC=00:c0:4f:60:b3:e5:08:00:20:b0:92:c1:08:00 SRC=192.168.1.59
DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP
SPT=942
2004 Aug 17
4
Wild cards in "shorewall add" command
Hi
I am looking at converting a Linux terminal server box to iptables
using Shorewall 2.0. (At the moment it uses ipchains).
The server currently has scripts which are called as each user logs
in which run a series of "ipchains" commands to set the access
rights for that user (and again to cancel them when the user logs
out). My plan is to replace these scripts with ones that call
2003 Feb 25
6
NFS config problem
Hello,
First let me say how much I appreciate Shorewall. I just downloaded shorewall-1.3.14.tgz, built and installed it without error, and had it working with only minimal fiddling with the config files.
I''m having trouble getting NFS to work with Shorewall. I followed the info on the "Ports required for Various Services/ Applications" page but I couldn''t get it to
2002 Jun 07
4
Proxy ARP - Pros & Cons
In a previous thread, Tom listed advantages (reproduced below) of Proxy
ARP over NAT. They are great reasons, but I have one reservation. By
using private addresses with NAT for servers in my DMZ, I can granularly
allow specific traffic, such as to/from the SMTP gateway/relay in the
DMZ, to connect inbound from the DMZ to an internal (LOC) mail server,
and know that it comes only from a
2012 Feb 19
3
Shore wall and multi ISPs and ip addresses
Hi All!
I only ever have complex setups.
Customer site has a dedicated leased line from their ISP terminating on a
Cisco router. Router is configuered with the first usable address on a /28
network - 196.x.y.73. The linux firewall is configured with the remaining 5
ip''s, 196.x.y.74 to 196.x.y.78 and 79 as the broadcast. Sounds normal but here
is the twist. The primary or first ip
2002 Jun 14
4
ipchains question
I have a couple questions that I will submit separately. When I have
IPchains running I can't get my samba box to show up in network
neighborhood, but when I turn ipchains off the box shows up. What rules do
I need to add for things to work properly?
--
Raymond Norton
Little Crow Telemedia Network
320-234-0270
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2003 Mar 22
22
SecuRemote and Shorewall Problem
Sat Mar 22 14:16:55 CST 2003
This post is a bit long, but I want to make sure
I am providing the information up front that can
help in others helping me solve this mystery.
I am having a bit of difficulty getting Shorewall
to work with SecuRemote and its FW-1 server. I
have attached the "rules" file I am using and the
output of "shorewall show nat". The diagram below
2012 Sep 05
2
DNAT issue
Hi,
Sorry, not an experienced shorewall user, this is my first basic setup.
This starts to drive me crazy.
I wanted to use DNAT to forward port 33890 to an internal machine (windows)
port 3389. To reach my workstation when I''m not home.
In my rules :
DNAT:debug net loc:192.168.0.11:3389 tcp 33890 -
pub.lic.ip.add
#SECTION BLACKLIST
#well known port scans
DROP net
2004 Oct 20
11
Shorewall, Freeswan and SuSE 9.1
I have been using shorewall and freeswan successfully for 3 or more
years now. But they have all been using the Linux 2.4 kernel. My current
configuration is (as the title suggests) using SuSE 9.1 which has a
2.6.5 kernel and freeswan 2.0.4 built-in.
After much reading and a lot of trial and error, I did get this
combination to work with Shorewall 2.0.9. It is happily talking to an
older Mandrake
2001 Feb 22
1
SSH connection hangs with ipchains/RH6.2/OpenSSH 2.5.1p1 (butnot <= 2.3.0p1)
I figured this out -- looks like 2.5.1p1 is now using ports < 1024 on
the client side (wasn't before?). I had a ipchains rule to allow ACK
packets to 1024:65535, which was good enough for <= 2.3.0p1 :
#allow only ACK tcp packed
ipchains -A input -j ACCEPT -i eth0 -s any/0 --dport 1024:65535 -p tcp !
-y
So I added the following :
#allow return from ssh connections
ipchains -A input -j
2002 Feb 25
1
ipchains - major newbie trap
Just a quick word - I spent two days trying to get Samba to work. The whole
problem was a lack of knowledge about ipchains (firewall). It was part of
the RH7.1 install package, and the medium security setting stops all tcp and
udp traffic for a lot of ports, including those needed for NetBIOS (137-139)
It is pretty easy to fix, the IPCHAINS-HOWTO is a good and humorous read,
and by the end of
2004 Aug 24
11
Shorewall-Linux and Vonage VOIP rules setting+
Hello - I am not a subscriber to the mailing, please
email me with help at mfabache@yahoo.com
My shorewall (v2.0.1) has been working wonderful for
the past year. I just added my Vonage and cannot get
the Phone Adapter to sync up (2 blinks (looking for
IP))
All I have done is run an ethernet cable from the WAN
outlet on the phone adapter to a lan port on the
router.
After googling, I found
2005 Dec 08
7
Two Subnets on routed to the other, Setup?
Hi there,
I''ve read Routing on One Interface, and Shorewall and Aliased
Interfaces docs but I''m a little confused, and all my test attempts
have mostly failed. Here is my setup:
CentOS 4.2
ShoreWall 3.0.2
My server has a subnet 192.168.50.0/29 routed to it via 192.168.1.2.
Currently 192.168.1.2 is setup on eth0. With no ShoreWall involved
routing seems to work if I just setup
2005 Jun 16
5
Setting up a routed DMZ
Hello all,
I''ve read the shorewall guides and browsed through the mailing
lists, but I haven''t been able to find out if the following is possible
or not using shorewall.
Our provider has given us 16 IPs + 4 in a separate range for our uplink.
I would like to replace that router with a Linux box running shorewall
with three interfaces. I want the DMZ to be a standard, routed
2003 Jan 03
9
Rearranging the furniture....
Hi Tom and All,
I have been quietly watching the list for the last year (no new issues for
me that weren''t covered in the docs or promptly "bug-fixed" by Tom. Boy,
has this grown exponentially! Anyway, back to the point (the proverbial
rearranging the furniture)... I have been evaluating Mandrake''s MNF as an
upgrade for my Firewall box. If I do this( and even if I