similar to: dumb, dumb question

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

I have problem getting answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00

I''m having a problem with the Shorewall firewall and CUPS printing interfering with each other. My Linux firewall machine is acting as both a CUPS server and client for all of my tests. Shorewall 2.0.13 CUPS 1.1.22-2 Linux kernel 2.6.9 CUPS was working fine to print to my Epson C84 (network connected via a Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I

Hi, Trying to figure out why I cannot get access to dell.com Their site is up because I can browse using a different firewall. Trying to find out where the logs are located and what log files it would write to if it were to deny browsing to a website. I can see the [UNREPLIED] when using the shorewall status. Was hoping to know what logfile it is writing it to. Thanks in advance, Elmer

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

Hi, I have a proxy/firewall, I want to dnat requests for 193.205.140.106 on port 443 towards 10.2.15.23 and requests for 193.205.140.106 on ports 4330 and 3389 towards 10.2.15.25, these rules must apply from internet, loc and fw (some client use a proxy on fw to reach these servers) I have tried with the following rules: DNAT net dmz:10.2.15.23 tcp 443 -

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The original post was over 300,000kb so I didn''t spam the list with it -TE. | | | Thank you for your quick and helpful response. | | I didn''t understand that the virtual interface eth0:1 doesn''t count as a separate instance from eth0. | I am sorry to ask for further assistance and would appreciate any help. The error

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hola and thanks for any help in advance I installed mandrake 9 a few days ago and wanted to set up some additional rules to shorewall, bu i failed :) What i want to do is basicly route any incomming udp and tcp packets on port 4665 to a workstation behind the router. router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0) connected to dsl modem and gets a dynamic ip

Problem: "Firewall" machine cannot get DNS but is allowing DNS through internally. Something changed with the configuration but we''re not sure what. Here is the pertinent info: Shorewall Status Entries Oct 5 09:24:50 all2all:REJECT:IN= OUT=eth2 SRC=192.168.7.55 DST=65.175.131.201 LEN=55 TOS=0x00 PREC=0x00 TTL=64 ID=50982 DF PROTO=UDP SPT=32973 DPT=53 LEN=35 Oct 5

Hi there, Let me just start by saying that I am a bit of a Linux newbie, but that Shorewall seems an excellant product. The issue I''m reporting wont stop me from using it, it still does 99% of what I need. Anyway, I have a resonably simple two interface system. My server (HatMannz, P3-900MHz with a RAID-1 array of 80GB IDE drives running Red Hat 9.0) connects to a cable modem via eth1

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

Hi, I have seen this come up in a couple of threads, but nothing recent. I was wondering a couple of things and was hoping someone could clarify. I have an existing working shorewall configuration (Details at end of post). >From within this config, I have a few ports redirected for use with portsentry (like the mini-howto directs forbidden port accesses to port 49999). This works

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

I want to add two IP ranges on one NIC card (eth0 and eth0:1). Has anyone done this before? The CentOS 4 gui keeps locking up when I try it there and the command line ifconfig seems to work, but ifup always returns the error that is never heard (no such device) of eth0:1 thanks

Lables: Gateway = 209.5.171.65 Netmask = 255.255.255.192 Eth0 = net = 209.5.171.66 Eth1 = loc = 192.168.0.1 There is no NAT clients, in essence loc is dmz. I can rename loc to dmz if that helps. Proxy/ARP is used for IP addresses 209.5.171.67-126 Problem: Using the Shorewall Action AllowFTP does not result in desired behavior when connecting from Internet to machines behind firewall in DMZ. From