similar to: rules - access by mac address

Hy, sorry for my poor english i think i''m having a very unusual problem and very dificult to track, but i''ll try to explain it as best as i can. here is my scenario: a firewall/bridge composed of 3 ethernet devices and 1 virtual one. my bridge (br0 ) is composed of eth0, eth1 and tap0 br0:eth0 is my connection to my router (200.244.92.1) br0:eth1 is my connection to my

i have no idea how to definie for a parallel zone the host file if the second zone (net) should be the composition of the first zone (dmz). i tried all the following combinations in the interface and host files: interface: - eth0 - (variante 1) - eth0 192.168.0.255,255,255,255,255 (variante 2) - eth0 192.168.0.255,!192.168.0.255 (variante 3)

The ''firewall'' script currently in the /Shorewall CVS project: a) Is approximately 15% faster starting/restarting on my configuration -- please report your experiences with it. b) Reloads Traffic Control/Shaping as part of "shorewall refresh" c) Turns off the shell trace after an error has occured (except when the command being traced is "stop" or

Hello, You may recall some of My Dmz question around Thanksgiving. While I have configured a Proxy arp Dmz. I would like to practice with the routed setup you suggested Tom as your network was simular. Here is one of your quotes "The configuration of eth2 is largely irrelevant but you certainly don''t want to confuse things by assigning any default gateway out of that

Hi, I am using Shorewall in Adamantix. At the moment everything flow fine, my question is that how can I filter the access by computer mac address, I had read the documentation maybe I am ''stupid enough to spot the guide, if so please show me''. What is the rules line if I want to 1. limit ~01-01-01-01-01-01,~02-02-02-02-02-02,~03-03-03-03-03-03-03 to access 202.202.202.202

hi there. There are approx. 400-500 users in our network and we plan to insert all their MAC addresses into maclist and bind them together with IP address. My question is whether shorewall is able to process that much of MAC addresses without slowing the the network speed performance? thanks for your time. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new

Hi, I have a few problems with my shorewall configuration. First of all, the option maclist seems no to be recognized. I have this: ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#'' - eth1 detect dhcp,tcpflags,routefilter loc eth0 detect tcpflags,maclist When I look at shorewall-init.log, I found out:

Hi, I want to automate some of the maclist and rule functionality: User connects to the network and gets a DHCP address from the shorewall box. Using squid and redirection, all the user can do is go to a login page on the firewall User logs in correctly to the form on the webpage and a process captures MAC and IP address info from the dhcpd.leases file Once authenticated, a maclist entry and an

Hello, I have forwarded this to the shorewall-users list. You will find better support for this obscure problem there. Regards, Alex Martin http://www.rettc.com Cristian Valentin Barean wrote: > Hello ! > My name is Barean Cristian, and I have a network of 35 users, on a > Linux Mandrake 9.2 server. > As I was adding more users in my network, I found a problem with

First off, I want to say that everyone on this list is great. So heres what I want to do..I have a maclist setup with all my users (roughly 400). There are constantly people leaving (deleting their accounts which removes their MAC address) and registering for internet access ( I have a php webserver that registers them, adds them to the maclist, and allows them on the net). Is there a way to

Hi, I had set rules so that my client can only visit few sites instead of the whole net. My question is, how can I allow my client to activate it''s product key and also to run windows update? One more thing is, can I use domain name in the rule config? if yes, can I put just microsoft.com to refer to aaa.microsoft.com bbb.microsoft.com? Please advice

We are using Shorewall 2.0.8 with SuSE 9.1 and have built a bridging firewall primarily to defend against syn flood and smurf DoS attacks. We are a small ISP using Cisco routers for a total of 5-6 subnets. Since bridges are based on use of MAC addresses, if we could use one bridging firewall system instead of 5-6 ... is this possible? practical? (Other than introducing a single point of failure

Although 1.4 is now released, there is one aspect of Shorewall''s design that I''m still quite unhappy with. It involves two areas: a) when and when not to create rules to allow inbound traffic on an interface to be routed back out that same interface. b) intrazone traffic. I''m currently running 1.4.0 plus a change that: a) Allows intrazone traffic unconditionally --

I am missing a tiny detail on understanding a simple port forward: I want to forward just like the FAQ listed, via #ACTION SOURCE DEST PROTO DEST PORT DNAT net loc:192.168.1.3:22 tcp 1022 Which works just fine. Now I also tried this following type of rule, which I thought would work, but it did not. #ACTION SOURCE DEST PROTO DEST-PORT

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

The 2.6 kernel series includes Netfilter ''physdev'' match support. That support makes it feasible for Shorewall to support bridge/firewall configurations. I''m looking for early testers of such support. Requirements: a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in a day or so) plus private updates. b) Running a 2.6 kernel or a 2.4 kernel with

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

Hi all, I have set up a working OpenVPN2 connection between my Server and my gateway at home. Now I want all traffic to be routed through this VPN connection. Currently everything is going through eth1 to the internet (to the gateway of the University which forwards it to the internet :-). We must use a prox-server and because of this I am not abel to watch the real-Media streams on

Hi, i have a huge problem ;] I have redirected port 69 from NET (internet) IP 212.122.68.129 to the local network (masq) 192.168.0.3, that all queries from internet goes to local network PC. ACCEPT net masq tcp 69 - DNAT net masq:192.168.0.3 tcp 69 - everything works fine from the internet, but now I cannot access this port from other local PC`s. i have to access it locally, when i