Displaying 20 results from an estimated 20000 matches similar to: "unable to filter or log vpn traffic"
2005 Feb 23
13
Snort and Shorewall
Hello
I am looking for a way to have snort to dynamically update my shorewall config.
I have seen software out there but I would like to see if anyone had tried this
first.
Aslo I would like to know if there is a way clear the Netfilter tables when I do
a shorewall restart. The reason being is that when I make a change to my
firewall setting I want all connections to have to re-establish
2005 Jan 07
6
Questions: place for doco, and routestopped during ''shorewall restart''
Hi folks,
A while back we had some discussions about integrating heartbeat and
shorewall. Thanks to your help and the excellent state of Linux
failover clustering, i''ve managed to install my high-availability
firewall. I know there''s already a howto for it at
http://www.xenos.net/library/hafirewall.html, but i thought i would
document my setup for others, since it''s
2003 Mar 05
3
Shorewall 1.4.0 RC1
The first release candidate is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
The only change between Beta 1 and RC1 is that the ''check'' command is back
in RC1.
Function from 1.3 that has been omitted from this version includes:
1) The MERGE_HOSTS variable in shorewall.conf is no longer
supported. Shorewall 1.4
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
Hi. I set, for example, a rule with a host server:
Macro.http accept fw net:www.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall :
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
WARNING: Support for the detectnets interface
2008 Nov 13
4
ERROR: Unknown Host (All hosts) : /usr/share/shorewall/macro.Any macro or rule
Hi. I set, for example, a rule with a host server:
Macro.http accept fw net:www.google.es
I restart shorewall and it works, but when i stop the firewall for
disabling Internet (for any reason), and i want start the firewall it
says:
Failed to start firewall :
Compiling...
Compiling /etc/shorewall/zones...
Compiling /etc/shorewall/interfaces...
WARNING: Support for the detectnets interface
2012 Dec 29
10
How could I open Port 1701 for VPN l2tp/ipsec
Hello Mailinglist,
please excuse my bad english - but I am not a native speaker.
My Network looks like this:
Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X)
No I try to connect my iphone (from mobile Internet G3) over VPN
(l2tp/ipsec) with the firewall.
But I can´t open the necessary Port 1701.
/var/log/syslog
...
Dec 30 00:24:29 router kernel: [226128.293757]
2004 Dec 28
5
Multiple IP´s in one Zone
Hi everybody
I have a Problem with Masquerading from my local net (loc) to my VPN (loc2).
I can reach every Service from loc2 in loc, but I can''t get reach any
service from loc in loc2.
Has somebody an Idea where my mistake is ?
Without shorewall, it was working.
Thanks for helping
Lars
Technical Information :
Shorewall 2.0.13
Suse 9.0
*177.177.77.X The first 3 Counts are changed
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2013 Jun 13
3
"Multiple Internet Connections" with four interfaces
Hi,
I was reading document http://shorewall.net/MultiISP.html#idp3634200.
Inspired by the document I was trying to establish the following changes:
* one additional interface: COMA_IF
* COM[A,B,C]_IF interfaces request IP address via DHCP
* all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF
* all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default
* non-RFC 1918
2003 Aug 25
5
Shorewall 1.4.7 Beta 1
http://shorewall.net/pub/shorewall/Beta
ftp://shorewall.net/pub/shorewall/Beta
Problems Corrected since version 1.4.6:
1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was
being tested before it was set.
2) Corrected handling of MAC addresses in the SOURCE column of the
tcrules file. Previously, these addresses resulted in an invalid
iptables command.
3) The
2013 Oct 27
4
shorewall stop
hi, while stopping shorewall 4.5.21.2 on a debian7 box with the
ADMINISABSENTMINDED set to no in shorewall.conf, the connections on
vlan tagged interfaces that were active before the shorewall stop
command was executed are not terminated as it is for the firewall and
other interfaces!
when the firewall is stopped as expected new connections on vlan
tagged interface are refused but even
2005 May 04
6
Segmenting wireless traffic
I''m considering adding a seperate subnet to my loc network making loc1
(192.168.1.0/24) and loc2 (192.168.0.1/24) with the goal of seperating
my wireless traffic from my wired LAN traffic.
Has anyone had success doing this, or is it still possible to sniff the
traffic of a seperate zone on the same interface with tools like ettercap?
2003 Oct 22
2
help seeing DMZ from LOC
I have a three interface network (net,loc,dmz).
The internet interface (eth0) has a static IP.
Windows machine in the local network (eth1) use DHCP to get IPs from
the 192.168.10.0/24 netblock.
The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in
the 192.168.11.0/24 netblock.
The DHCP server is running on the firewall machine (not ideal, I know,
but that''s the way
2004 Oct 04
6
Appreciate help with Shorewall and VPN
Hello all,
I had setup shorewall before succesfully with a normal LAN to internet
connection. Now I''m connected to the internet via VPN and I got problems
with configuring Shorewall. Any help is appreciated.
This is my setup:
- Gentoo Linux laptop (kernel gentoo-dev-sources-2.6.8.1) with Shorewall
2.0.4 (setup for Standalone one interface) and iptables 1.2.11
- VPN client is
2005 Mar 31
1
can''t use shorewall in a UML-Session
Hi folks,
sorry for my bad english, but I am not a native speaker.
I want to setup a virtual firewall-host in a UML-Session.
I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge.
I have 4 nic''s in my System:
eth0 -> localnet 0
eth1 -> localnet 1
eth2 -> wlan
eth3 -> DSL/ppp0
I''m using four bridges br0,br1,br2,br3.
The UML firewall host is
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
Hello all,
Yesterday I noticed that my system was "leaking" traffic towards the
10/8 network, I have shorewall installed on multiple machines ranging
from single interface devices to ones with 10+ interfaces. I tested all
the boxes and they are showing the same behavior.
All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp.
Shorewall version: 2.2.1
For the host mentioned is a single
2007 Jul 02
3
0.23.0 puppet dependancy issue
Hello,
I use some define in classes like
class foo {
define bar() {}
}
before in .22.4 i had require => Bar[''mybar''] on object and it worked.
Now i have :
err: Could not apply complete configuration: Could not retrieve
dependency ''Shorewall-realize[shorewall.conf]'' at
/etc/puppet/manifests/classes/shorewall.pp:
for exemple. Do anyone knwo why it
2005 May 29
12
access deny host (ip) to access the Internet
I''m using shorewall 2.0.x at home as an Internet gateway for family.
However my brother always plays online games overnight, so my parents
asked whether I can do something on the gateway to control the time of
accessing the Internet.
I planned to put a script on crontab to schedule which it will execute
say at 12:00 night daily, the script will execute a command will deny
my brother
2003 Jul 25
16
"shorewall stop"
Although Shorewall provides safeguards against it, people seem to
regularly shoot themselves in the foot when doing remote system
administration. I''ve been thinking about this problem and wonder if a
change to the way that "shorewall stop" behaves might help.
Today, "shorewall stop" stops all traffic except to/from those
destinations listed in
2004 May 26
13
Dropping established connections
Hello,
I have searched the list but couldn''t find the right answer. I want to
drop an established DNAT connection but could not manage it yet.
Someone earlier said to bring down the public interfaces, stop
shorewall, bring up the public interface and then start shorewall again
but this won''t work.
I also saw a message from Tom that someone then should unload all
iptables