similar to: Cannot ping through firewall - another attempt

Hello, I have a pretty standard two-interface setup with masquerading, so the local network can connect through the firewall to the Internet. On the firewall box (trevor), eth0 is connected to a cable modem and eth1 is connected to the local network via a crossed cable. There is one other machine on the local network (brian), whose eth0 is at the other end of the crossed cable. I used to have

Firewall users, My apologies as I''m not on this list, so please respond directly as well as to the list. I did try to search the archives and didn''t find any hits, although the search did not like searching for terms with underscores in them (both clear_firewall and ip_forward). I was trying to understand why, when running shorewall stop, even though it echoes IP

Hi Experts, I am running very basic setup ubuntu 5.04 on HP e-Vectra eth0 talking to SpeedTouch Home ppp0 is PPPOE through eth0 eth1 though USB-ETH is my local network I can ping firewall (192.168.2.254) from local I can ping ISP receiving point from firewall (then this idiots block ICMP!) I cannot ping ISP from local. No packets go out - I checked with ethereal Thanks in advance Alex

I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 along with some coaching on IRC from _Omache to get a machine (with IP address 66.93.22.233) to forward all port 25 traffic to another host in my network (with IP 66.93.22.254). This has not worked. I have tested by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on 66.93.22.254. Of course, I don''t

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via

Hi all, This is your standard "I can''t *see* the internet" problem, except I think I''ve exhausted all the standard solutions. The only thing different is that my house experienced a power outage and now (after the FW rebooted) local machines can''t "see" out. I''ve got a 2-interface setup, using Shorewall 2.0.15 (installed via Debian).

I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I

Hi I have a problem with Shorewall on my two-interface connection. I run Debian unstable. The setup looks like this: Internet -------- router ------- server 213.237.12.137 192.168.1.3 192.168.1.2 192.168.0.7 --- local net 192.168.0.{...} I can ping the server from the local net, and the local net from the

Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

Hello all, I''m somewhat new to networking, and I''m having trouble masquerading connections that are coming over a bridge. The bridge only has a single port for now, but I''m going to add more ports later. I''m basing my configuration on the two-interface quick start guide. I''m using Shorewall 3.0.4 on Ubuntu Dapper. My network looks like this: * The

Hi, im running shorewall 2.0.16 with centos 3 (iptables v1.2.8), everything is working fine for several days, i have configured a masq lan and all the outgoing traffic is ok, but now i want to redirect (port forward) the external web traffic to an internal machine, somethig like this INTERNET ---------> SHOREWALL -------------------> INTERNAL_MACHINE [public

Hi everybody. I''m sorry to bother you because I''m probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can''t get masq working. Maybe this is because

I just setup the Shorewall in my school, but now all clients can''t through to internet, all servers can through to internet with NAT, when I disabled NAT that all servers can''t through to internet. Below is my school network: internet ---> shorewall ----> loc ---> ciso router ---> loc1 Below is my config files: policy: # If you want to force clients to

Hi all. I am interested in connecting my Palm T1 to the internet through Shorewall. I can set up a connection (with Bluetooth) to my Linux machine, and with Shorewall turned off, I could set up my machine to allow the Palm to access the internet with these commands : echo ''1'' >/proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A

Hi, I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it

Hi all, is it possible configure Shorewall in bridge mode and, in the same box, utilize Squid in transparent mode? I''m triing to do this, but the REDIRECT rule doesn''t work. I''ve already read http://www.shorewall.net/bridge.html to configure the bridge and work fine for me, but when I add the rule for transparent proxy

Hi people, I am running the latest version of Debian ''Sarge''. I have installed hopefully the latest version of shorewall, as followed by the website. The firewall has been installed with no problems, runs ok, but I have found a strange problem, maybe it me *shrug* My setup: Internet<-->cablemodem<-->Debainfirewall<-->hub<-->windowspc I am cable, and

I have a standard 3 interface shorewall setup and I want to receive multicast stuff from ''net'' -> ''loc''. This requires me, first, to do an IGMP join which involves 192.168.1.x -> 224.0.0.x being NATed out as the ''net'' interface''s IP address. Obviously replies have to be NATed back to ''loc'' addresses. Can

Hi Folks! I''m new to shorewall (in the process of switching from Bastille), and I have a question as to how to address using Bluetooth enabled Palms with a BT dongle on a linux box protected by shorewall. Basically I followed the directions located at http://www.metacon.ca/bcs/view.php?page=bluetooth to get things working strictly with iptables, specifically: echo