similar to: SW 2.2.0: 4 interface system, log reports impossible "IN=" and DROPS

Displaying 20 results from an estimated 3000 matches similar to: "SW 2.2.0: 4 interface system, log reports impossible "IN=" and DROPS"

2012 Dec 29
10
How could I open Port 1701 for VPN l2tp/ipsec
Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I canĀ“t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]
2008 Mar 26
8
Hub/Spoke OpenVPN can't communicate from Client A to Client B - FORWARD:REJECT:IN=tun0 OUT=tun0
Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single
2013 Dec 03
5
Multiple ISP + traffic shapping = poor download speed
Hello, Thanks for the great Shorewall which has replaced my hard to maintain home-made scripts. First, what works. Our local network is 10.48.X.X with multiple vlan, each on a dedicated interface. We use Shorewall 4.4.11 from Debian Squeeze. We have a 2 ISP: - isp1 : an optical fiber provider with 10 Mbps. - isp2 : a DSL provider with 15Mbits/1Mbits. We use isp2 as the default outgoing
2004 Mar 25
2
Shorewall 2.0.1 RC1
Release candidate 1 is available at: http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta The ''releasenotes.txt'' file tells you about the release. -Tom PS to those of you on the Shorewall Announcement List: Feedback to this point is overwelmingly in favor of keeping Beta and Release Candidate announcements on this list. I have configured the list
2005 Nov 14
3
shorewall and broadcast
Hi, I configured some ha services using heartbeat, I have this on my log: Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: Unable to send bcast [-1] packet: Operation not permitted Nov 14 09:59:06 mail1 heartbeat[3932]: ERROR: write failure on bcast bond1.: Operation not permitted how allow broadcast only on some interfaces with shorewall? attacched is shorewall status Thanks Nicola
2004 Oct 20
11
Shorewall, Freeswan and SuSE 9.1
I have been using shorewall and freeswan successfully for 3 or more years now. But they have all been using the Linux 2.4 kernel. My current configuration is (as the title suggests) using SuSE 9.1 which has a 2.6.5 kernel and freeswan 2.0.4 built-in. After much reading and a lot of trial and error, I did get this combination to work with Shorewall 2.0.9. It is happily talking to an older Mandrake
2003 Feb 03
4
[Bug 40] system hangs, Availability problems, maybe conntrack bug, possible reason here.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this
2012 Mar 25
1
kvm and shorevall-init
Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net
2005 Jul 14
7
Losing Packets after a DNAT in prerouting
I''m trying to setup some DNAT and the packets seem to be disappearing after the PREROUTING step. The packets are coming in eth2 (both LOG targets in iptables and tcpdump confirm this). They are then DNATed to an IP that should cause them to go out eth3. However I never see them go out that interface. I have tried putting LOG rules into the FORWARD chain with no success. I''m
2011 May 24
1
L2TP ppp+ when using ppp0 for WAN
Hi, i connect to the internet over my eth4 interface using pppoe. The internet always comes on ppp0. I am trying to setup an L2TP/IPSEC VPN and i am reading http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP I notice in the example the interfaces file is given as: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect routefilter loc eth1
2010 Nov 25
13
VLAN martians
I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in
2005 Apr 03
3
Problem with fresh two nic installation on FC3
Hi, I''m having problems with new Shorewall installation on Fedora Core 3 (had same problem with Core 2 and upgrade did not help even iptables was upgraded from 1.2.9 to 1.2.11). I''ve followed two nic example, but starting Shorewall drops all connections and don''t permit any outgoing requests, even with "all allowed" policy. Policy file is below. Current setup
2008 Mar 10
2
When starting shorewall its display rfc1981 error
Hello , The folllowing is the error problem: Validating interfaces file... ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2 The shorewall interface file: net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians P.S. I tried to remove norfc1918 from interface
2013 Aug 29
5
Docker Bridge - Howto deal with it?
Hello, I have started playing around with docker (https://www.docker.io/) and am having trouble to integrate the "docker0" bridge it creates on the fly into my shorewall setup (version 4.5.16.1) on debian testing. IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces has an entry like so, > doc docker0
2013 Sep 11
8
Fallback in a multi-isp configuration
Hi, I have a multi-isp configuration both on ppp interfaces. As one of them is 32Mbit/s and the other is 8Mbit/s , I have a weight setting of 4 to 1 as in the following providers file entries: vdsl 1 0x10000 - ppp1 - track,balance=4 adsl 2 0x20000 - ppp0 - track,balance=1 I would also like to have fallback between them so that if one is
2004 Dec 06
1
recomended internal(wired) "interfaces" options??
Hi: According to http://www.shorewall.net/Documentation.htm#Interfaces there is one recommendation for internal interface but wireless Wireless Interface -- maclist,routefilter,tcpflags,detectnets,nosmurfs a recommendation for wired internal interface?(100 win32 clients) I use tcpflags,detectnets thanks
2006 Dec 19
7
routing problem
hi, Please see the following text diagram: 10.0.15.0/24 --> 10.0.15.1 (f0/1) cisco router (f0/0) 192.168.0.5 <-- 192.168.0.0/24 --> 192.168.0.1 firewall --> internet I have some problem after added a static route in shorewall in /etc/sysconfig/network-scripts/route-eth0, the syntax is: 10.0.15.0/24 via 192.168.0.5 in 192.168.0.0/24 computers cannot ping or
2004 Dec 29
1
2 net connections confusion
I''ve been digging around the documentation and seem to have just confused myself. Here is what I have on a fedora core 3 machine with 4 network cards (the built in is dead) eth2 - connects to the web via dsl-line-1 eth4 - connects to the web via dsl-line-2 eth2 is the route the local network addresses 10.1.x.x connected via eth0 go out on eth4 is the route the dmz network addresses
2004 Nov 24
10
Attack from local network or...?
Hello, when I execute "shorewall hits" command I find this stats: HITS IP DATE ---- --------------- ------ 92099 192.168.0.2 Nov 24 7764 59.104.107.85 Nov 23 3997 192.168.1.77 Nov 24 337 181.50.93.89 Nov 23 331 59.104.156.68 Nov 23 315 99.109.157.73 Nov 23 301 190.225.157.40 Nov 23 275 179.153.183.53 Nov 23 268