Displaying 20 results from an estimated 2000 matches similar to: "Masq errors?"
2005 Jan 24
2
Migrate rules from iptables to shorewall - SNAT
Hi all,
I''m using Shorewall since one year (1.4, then 2.0)
I''m trying to migrate a linux firewall from iptables rules to shorewall.
The firewall has three zones
- net internet
- loc1 lan
- loc2 second lan
I have a lot of rules like this, to SNAT the ip addresses of some
computers on loc1 (192.168.16.0/24) when they connect to loc2 (10.0.0.0/8)
iptables -v -t nat -I
2005 Feb 01
4
Shorewall problem
I am getting the following message when Shorewall stops can anybody shed
any light on this message and where I should be looking? Thanks
root@bobshost:~# shorewall stop
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Stopping Shorewall...Processing /etc/shorewall/stop ...
IP Forwarding Enabled
2005 May 31
11
More Tests for 2.4.0-RC2 - strange behaviour
Hi all,
I was trying to test ROUTE specific code with a multi-isp serviced box.
There is a bug somewhere, but I''m not able to understand what the real
problem is:
when I issue a "shorewall show capabilities" I get:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Loading Modules...
Shorewall has
2003 Oct 22
2
help seeing DMZ from LOC
I have a three interface network (net,loc,dmz).
The internet interface (eth0) has a static IP.
Windows machine in the local network (eth1) use DHCP to get IPs from
the 192.168.10.0/24 netblock.
The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in
the 192.168.11.0/24 netblock.
The DHCP server is running on the firewall machine (not ideal, I know,
but that''s the way
2005 Apr 09
12
aMule
Hi!
I don;t know what i am doing wrong because i have still Low ID on aMule. I
have action.AllowaMule and accept tcp 4662:4771 and udp 4672.
Thanks,
Mitja
2004 Jul 23
4
shorewall 2.0.3a, (ULOG) doesn''t log anything
Dear all:
Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the
firewall is running, but nothing is printed on the logs.
I try, for example, to do a connection to a port that is opened on the
server but closed by the FW and I get a connection refused. If I stop
the firewall, this port is accesible from the outside.
I think I''ve followed all the steps on
2006 Dec 15
1
catching DNAT''ed packet
Hi.
I have a Server''s network with some servers in it, all with
192.168.1.0/25 ips. There is also a router in that network with ip
192.168.1.1. This router also connected to a client''s network
10.10.0.0/16 with ip 10.10.100.1.
All services on each server are given their virtual address from one of
two virtual networks 192.168.1.128/28 and 192.168.1.144/28.
192.168.1.128/28 is
2009 Aug 25
1
[PATCH] A default log level of ULOG is ignored by the shorewall-perl compiler (but not by shorewall-shell)
Hello,
I tried Shorewall for the first time today. I am currently using an up-to-date
installation of Debian Sid, which has shorewall 4.2.10, shorewall-shell 4.2.10
and shorewall-perl 4.2.10.1.
I noticed that even though I had the following /etc/shorewall/policy file,
iptables would still show LOG rules at the end of the INPUT and OUTPUT chains
instead of ULOG rules. (Other logging related rules
2004 Aug 30
6
Shorewall upgrade messed up my firewall
Hi all,
I''m using Gentoo Linux Distribution and I''ve upgraded my firewall
from Shorewall 1.4 to 2.0.4, however my LANs stop having internet
access.
I have a server with shorewall 2.0.4 installed and 3 interfaces.
eth0 and eth1 are interfaces to a LAN and to my laptop and eth2
is the net interface.
I have masq like:
eth2 eth0
eth2 eth1
2004 Jul 15
3
slight simplification to firewall log_rule_limit code
I think you can change the existing firewall logging code for
log_rule_limit (where you have one case for for LOGRULENUMBERS and
another almost identical case without) down to this slightly shorter
version with no duplication (excerpt):
if [ -n "$LOGRULENUMBERS" ]; then
eval rulenum=\$${chain}_logrules
[ -z "$rulenum" ] && rulenum=1
fi
case
2005 Jan 07
5
ULOG weirdness with 2.0.10
I''m noticing some weirdness in my ulog files with version 2.0.10. Here
is a portion of the log:
Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100
DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP
SPT=631 DPT=631 LEN=77
Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT=
2002 Mar 17
2
ulog support in shorewall?
Hi,
I''ve just recently switched off my (lame) hardware firewall onto an
old box running linux 2.4.18, iptables 1.2.6 and shorewall 1.2.9. I''m
kinda new to linux firewalling myself but so far Shorewall has taken
much work from me.
While reading myself into iptables I saw that just recently something
called ULOG (userspace logging) has been implemented in newer kernels
and
2007 Jun 29
1
ipp2p traffic not rejected
Hi,
I''m using following rule in /etc/shorewall/rules
REJECT:ULOG:P2P loc net ipp2p:all ipp2p
iptables -L :
Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ULOG all -- anywhere anywhere ipp2p
v0.8.2--ipp2p ULOG
2014 Nov 07
7
[Bug 986] New: ulogd fails to build against linux headers >= 3.17.0 due to ULOG target removal
https://bugzilla.netfilter.org/show_bug.cgi?id=986
Bug ID: 986
Summary: ulogd fails to build against linux headers >= 3.17.0
due to ULOG target removal
Product: ulogd
Version: SVN (please provide timestamp)
Hardware: x86_64
OS: Gentoo
Status: NEW
Severity: major
Priority:
2004 Sep 13
5
Config problems
Hi,
I have a working test install of Shorewall 2.0.7 on a
32 bit install of Gentoo, it''s working like a champ,
so i am making an install on a nice new Opteron
server, using 64bit Gentoo.
I have run into a problem which going by your FAQ
might be due to a missing module, but after a couple
of hours of fiddling I''m stumpted - I can''t see any
options in the 2.6.8 kernel
2004 Aug 08
1
using ULOG
hi,
if i would like to use ulog (in order to split netfilter messages from
other kernel messages), than i have to set all loglevel to ULOG? and
then is there any way to define diferent loglevel for eg. maclist?
thanks in advance.
yours.
ps. it''s a bit confusing that all loglevel parameter name is LOG_LEVEL
except BLACKLIST_LOGLEVEL:-(
--
Levente
2004 Aug 12
1
SMTP, IP, WHM news problems....
Hi,
I install shorewall firewall on my server and after that I have big
problem with SMTP, I can send messages with outlook to server but that
messages don`t go out from server (Currently I have over 800 messages
in the mail queue)
My server is on WHM/cPanel and EXIM....
When I click on "Delivery Now" for some message in WHM I get error:
Message 1BtoLi-00033G-RN is not frozen
LOG: MAIN
2008 Jan 10
5
Want to log all ISP traffic to ULOG
I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate
NetFlow information about traffic going through my router. The question
is how to get the logging rules added to the appropriate chains (I''m
assuming eth2_in and eth2_out in my case)? I''m using the perl version
of shorewall 4.0.6.
--
Orion Poplawski
Technical Manager 303-415-9701
2011 Sep 13
1
[Bug 748] New: Range check for ulog-cprange is wrong
http://bugzilla.netfilter.org/show_bug.cgi?id=748
Summary: Range check for ulog-cprange is wrong
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P5
Component: iptables
AssignedTo: netfilter-buglog at lists.netfilter.org
ReportedBy:
2003 Jan 14
1
logging
I would like to cut down on packets logged from "loc2net". I have modified
my policy file so that the logging for loc2net is "err" but dns packets and
smtp are still being logged. Is it possible to filter these out?
On a separate note, if I define ULOG in policy, I get an error on shorewall
startup "ULOG not defined" or something of that nature. Sorry about being