similar to: GUI

Hi, At the moment I am controlling my LAN client access to the Inet by their MAC address. Currently I am putting their MAC address in the rules file - now the number of the PC that I want to manage is getting more and more and it is not practicle to do this way anymore. My question is, how can I have their MAC address in other separate file? Regards http://www.debian.org/consultants/#Malaysia

Hi, Currently I am looking for possibility to have a no-config network enviroment, where in this local area network, we don''t need to set any ip to a computer, it doesn''t matter the computer already have a fixed ip/sm/gw (even doesn''t belong to the enviroment). When ever a browser is ''clicked'', the computer will able to get connected to the internet.

I am missing a tiny detail on understanding a simple port forward: I want to forward just like the FAQ listed, via #ACTION SOURCE DEST PROTO DEST PORT DNAT net loc:192.168.1.3:22 tcp 1022 Which works just fine. Now I also tried this following type of rule, which I thought would work, but it did not. #ACTION SOURCE DEST PROTO DEST-PORT

Hi, I am using Shorewall in Adamantix. At the moment everything flow fine, my question is that how can I filter the access by computer mac address, I had read the documentation maybe I am ''stupid enough to spot the guide, if so please show me''. What is the rules line if I want to 1. limit ~01-01-01-01-01-01,~02-02-02-02-02-02,~03-03-03-03-03-03-03 to access 202.202.202.202

http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to

Hi Guys, I need some help. I''ve been using shorewall for a while now and it''s been running beautifully, but I''m now experiencing some problems. It seems that connections are getting dropped much like the behavior described by the NEWNOTSYN=no option in the shorewall.conf file, but I have NEWNOTSYN=Yes in my file. The messages I see in my logs are things like:

Dear newfound friends, please be patient. For me reading and writing in English is more painful than dissecting IP traces :) I have tried reading through the FAQ but could not quite understand: I would like the logs to be terser. I think I can live without MAC, LEN, TOS, PREC, TTL, ID fields normally (maybe need them only in special situations). Could not understand if/how I can achieve this.

I have registered a project with Sourceforge to produced a Webmin module for Shorewall. http://sourceforge.net/projects/webmin-shorewal/ Anyone interested in participating please email me at enemyofthestate at users.sourceforge.net I am still learning the interface but I think I need your Sourceforge Nym to add you as a developer. -- Stephen Carville Unix and Network Adminstrator

My company has, very generously, donated a space on their rack and a server for me to use for development of a more up to date Shorewall webmin interface. Based on the advice here, I''ve also signed up for a sourceforge account, and will register the project later today. I would like to solicit the help of a few people on here who are willing to help move this project along. There were

Joshua Schmidlkofer wrote: > Tom Eastep wrote: > >> Joshua Schmidlkofer wrote: >> >>> Tom, >>> >>> Here is the setup method w/ Bridging on Gentoo. >>> >> >> Thanks, Joshua >> >> -Tom > > > Off topic - Has anyone cooked up a good web front end? I am messing w/ > IPCop, because one of my clients uses it.

Hi! I''m new here! I downloaded shorewall because I want to set up a firewall and Webmin already has a module for it. (I love Webmin!) When I went to start shorewall I got the message that it needs ip. I''m running Slackware and apparently ip is not included with it. Would somone please help me out and let me know where I can download ip from? Thanks. Jim

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

I have a fedora 3 with postfix and apache apache is ok, webmin is fine, etc no 25 or 110 ? kevin Jan 4 15:47:13 ibm kernel: Shorewall:net2fw:ACCEPT:IN=eth0 OUT= MAC=00:06:29:33 :e8:7e:00:02:3b:00:02:c4:08:00 SRC=67.127.200.22 DST=4.11.105.55 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=33681 PROTO=TCP SPT=57621 DPT=25 WINDOW=2048 RES=0x00 SYN U RGP=0 Jan 4 15:47:20 ibm kernel:

Hi, I am having problem in getting my fw to connect to the net, I had set allow fw net in the policy. I suspect maybe shorewall having problem because I have 5 public IP alias to my fw, which is eth0, eth0:1-eth0:4. Because before I add more ip to this interface my fw able to connect to the net. How can I set one IP to be bind to this fw, or I had to change the rules from fw to fw:w.x.y.z? One

Hi, I had set rules so that my client can only visit few sites instead of the whole net. My question is, how can I allow my client to activate it''s product key and also to run windows update? One more thing is, can I use domain name in the rule config? if yes, can I put just microsoft.com to refer to aaa.microsoft.com bbb.microsoft.com? Please advice

Is there any text console base config tool for shorewall ? I know that there is a webmin module but I don''t want to install webmin to minmize any security problem.

ive got a config thats client -> server ->Dansguardian->Squid -> onward adn I want to transparently redirect web traffic to DG/Squid Not sure where the problem lies - hoping you guys can help me and at least tell me that its NOT my shorewall config heres the configs When I point a browser straight at 3128 or 3129 I get web pages back and the appropriate stuff in the logs . I get a

Hi, I created a modification (more like a hack) to shorewall that backups a configuration after succesfully (re)starting it. In case a future (re)start fails it will use this backup configuration. (instead of stopping the firewall and generating a massive ammount phonecalls ;) I didn''t pay too much attention to the ramifications of this patch, so let me know if i screwed anything up.

I just installed Fedora Core 3 uname -r 2.6.9-1.667 I got the latest shorewall''s rpm: http://www.shorewall.net/pub/shorewall/2.2/shorewall-2.2.0/shorewall-2.2.0-1 .noarch.rpm Made my changes Attempted to run shorewall and got: [root@demo shorewall]# shorewall start ERROR: Can''t find iptables executable I haven''t seen this before. I tried to go through all the

(Shorewall 1.4.4b; running the Mandrake edition.) Occasionally, usually during a zone transfer, I get unusual Shorewall messages, like this: Sep 30 20:30:08 yoreach kernel: Shorewall:FORWARD:REJECT:IN=eth1 OUT=eth1 SRC=10.1.1.1 DST=10.1.1.230 LEN=54 TOS=0x00 PREC=0x00 TTL=63 ID=21332 DF PROTO=UDP SPT=4778 DPT=53 LEN=34 where the src is the DNS master, and the DST is the slave server.