similar to: Shorewall - Long Starting Times

Hello, With reference to the problems listed below. I too am having incredibly long start up times. I''m talking minutes here (around 5 minutes). My configuration is not complex I don''t think. We are you using ldap too and the settings are bellow. The network is up as I''m restarting shorewall whilst the machine is running. Any suggestions? Is there no way to

Gregory Pleau wrote: >> >> The problem that you had with LDAP causing long Shorewall startup has >> resurfaced. In your mail to me, you mentioned that you had found that >> the issue was a permissions problem but gave no details. >> >> Would you be so kind as to give me the details so I can pass them on to >> the current sufferer? I notice that you are

I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I

What version of shorewall do you suggest I try on a FC3 system? TIA, /ChJ

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

Hello all, I''ve recently upgraded a Suse 9.1 box to Suse 9.2 (reinstall actually). This is mainly a test server that I use for testing our device with nat/snat etc. I just got around to reinstalling Shorewall 2.2.4, and I''m having an odd problem at startup I was hoping someone could perhaps shed some light on. I''ve created a very basic setup just to get Shorewall

I recently implemented v2.0.9 using ''shorewall setup guide'' 2004-07-31. Starting with block everything not known to be in use and opening ports as complaints come in. This has led to a few rule changes. After a rule change I use shorewall restart to reload the rules. Seems to work OK... except for an outbound NAT SMTP connection from a mail server on .122 to postini.com. The

Hi I have recently reconfigured my system to a Bridge based architecture on the basis that I have an ADSL Modem/Router with a Public address on the Wan side and a Private address on the Lan side. I am running a Debian based system kernel 2.6.7 and the Bridging software is installed and working correctly, including startup etc. The problem that I have is in "shorewall start" The

I have an old Pentium II which I use as a gateway and firewall for a home network. The external interface is a modem on ppp and the internal interface is ethernet. I have had this setup running successfully for many years starting with the early 2.x series Shorewall. My ISP recently changed my dial-up ''phone number and presumably also the system at the other end of my modem (they

As I recently announced on the Shorewall Development list, the version of Shorewall 1.4 currently in the CVS development tree improves the performance of complex zones (those requiring entries in /etc/shorewall/hosts). With that change, I''ve completed the product cleanup that I envisioned for 1.4. Before I wrap up 1.4.2 and begin thinking about 2.0, is there anything else that

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has established a mirror of the Shorewall web site. http://italy.shorewall.net http://cert-it.dico.unimi.it/shorewall Thanks Lorenzo! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hello, all. I''ve been trying to get shorewall to get LISa working on my Gentoo box. It works as long as I have shorewall turned off, but whenever I turn it on, it seems to block all LISa activity. I have TCP port 7741 opened (as per lisa-home.sourceforge.net), and nmap says it''s open. Ethereal indicates that LISa is communicating via TCP port 7741, from 127.0.0.1 to

Hi! I installed shorewall shorewall-2.1.7-1 on a newly installed box. When using 1.4 versions I could enable shorewall in ntsysv, now shorewall doesn''t show up in ntsysv? I am running shorewall on a RedHat Enterprise Linux rebuild (www.taolinux.org). Is this a bug or a feature?

Hi, In a routed network environment, without the router , we want to use the shorewall as the firewall/router. The ISP has assigned the following set of IP addresses. WAN IP for subnet 1 (DATA) 220.227.202.X/30 ( to be assigned to eth0 of the shorewall) WAN IP for subnet 2 (Voice) 220.227.202.Y/30 ( to be assigned to eth1 of the shorewall) Addresses assigned for Subnet 1 by

When shorewall starts up does it completely flush any other iptables rule sets or nat entries that are already in there? Or Can I run two instances of shorewall each loading a different set of rules and a different set of IP addresses in the NAT table and have each one only control what it adds?

hi, i installed and configured the shorewall-2.0.9 for standalone user interface in fc2,then removed the stop ,stopped and the routestopped files from the /etc/shorewall directory,and run the ''shorewall start'' command,at boot time the messages showing that it is not started,this is the /var/log/messages output fore shorewall: Jan 3 04:13:27 localhost netfs: Mounting other

Shorewall 3.4.6 running on SuSE Linux 10.2 Compiling Rule Activation... Shorewall configuration compiled to /var/lib/shorewall/.restart Processing /etc/shorewall/params ... Restarting Shorewall.... /sbin/shorewall: line 665: 6782 Segmentation fault $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart got this with V3.4.4, updated to 3.4.6 this morning, but that didn''t help.

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key