similar to: shorewall with two internets

Sorry Tom I''ll get flamed for this. Trying to set up squid parsed by dansguadian. I set in rules to redirect anything going to port80 from wlan0 to go 3128. What else to I need to add to say the start file to get the output from squid back into the iptables chain. Yes I''ve googled and now I''m tottaly confused TIA & HNY Richard

My company has, very generously, donated a space on their rack and a server for me to use for development of a more up to date Shorewall webmin interface. Based on the advice here, I''ve also signed up for a sourceforge account, and will register the project later today. I would like to solicit the help of a few people on here who are willing to help move this project along. There were

Hi, I''m trying to block Windows Messenger by Shorewall 1.4.10b, but I]m don´t have success. If the rules below, all access are blocked /etc/shorewall/rules # Windows Messenger Rules REJECT:info loc net tcp 1863 REJECT:info fw net tcp 1863 But if use the rules below, any access are allowed, why ???? /etc/shorewall/rules # Windows

I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I

This is kind of an odd request so I''ve got the asbestos undies on. I have a client who currently has a layer 3 switch plugged into a cisco pix. Routing is handled via RIP and now the client wants to insert a linux box running shorewall behind the PIX and in front of the switch to act as a content filter+backup firewall. The immediate problem I forsee happening is that RIP broadcasts to

On the firewall, what is the rationale for giving eth1 an IP address that is also assigned eto eth0? (Rather than a private one.) -- Taso Hatzi caesar 17 <<-salad cjbx jc vdwwjar jc xi jc jd salad

Hello, I''ve checked the FAQ, and it tells that there is a GUI interface , does that applis to version 1.4 as well as version 2.0 Sorry if it is a silly question, but just wanted to be sure Kind Regards Samer _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it''s FREE!

Hi there... I want to use MAC validation for strict computer access rules to our server and LAN. I do not want any computer have ANY kind of access (neither LAN or Internet access, not even get an IP from the dhcp server, or being able to connect to anything manually configuring the IP settings) unless its MAC is on the list. Our server has two interfaces (eth0 & eth1) and 2 zones (net and

For the last several years, I have been using Vexira MailArmor (http://www.centralcommand.com) for anti-virus protection on the mail server here at Shorewall.net. While Vexira is an excellent product and I have been very happy with it, it costs me $300US/year for a one-domain license. To avoid this expense, I have decided to try ClamAV (http://www.clamav.net). I have installed ClamAV and since my

Hi, I followed the instructions in the section "Squid (transparent) Running on the Firewall" on http://www.shorewall.net/Shorewall_Squid_Usage.html to setup Squid transparently on a Linux gateway. My net is as follows: loc subnet --- fw Linux Gateway --- ADSL router 192.168.1.0/24 192.168.1.92 (eth1) WAN.WAN.WAN.2 (gw = WAN.WAN.WAN.WAN (eth0) 192.168.1.92) (gw =

Hi All, I''m using the Mandrake Linux MultiNetwork Firewall which is a web based interface to the shorewall firewall. I have an internal ip address of 172.25.38.1 which I am try to nat to a public address so that the client pc can ftp to the internet I have add the following in the nat file: 168.10.10.1 eth3 172.25.38.1 No No And this to rules: ACCEPT lan:172.25.38.1 wan tcp

Hello ! I have installed and configured squid(last version) transparent proxy and i am using shorewall(last version) as a firewall. I have redirected all of my local network''s http requests to the squid port(3128). But, from my local net i cannot ping a remote machine on the internet using his hostname like google.com. I could do it only when i use a ip address. All of computers in the

Hi all, Currently at work we use a commercial product called "Gnatbox", which, I believe, is a BSD derivative running on a floppy disk. They have a pretty UI and all, but I''d feel much safer/happier with a GNU/Linux box and Shorewall doing the same thing. In fact, I''m doing something very close to this at home using Openwrt and Shorewall on my WRT54G router, but I

I had been writing my own iptables rules for awhile, and then started getting into some more complicated things (multiple zones with routing between them, etc) and a friend referred me to shorewall. Anyway, it''s been working great for me for a few weeks now, and I''m starting to get into some more complicated things. - First of all, I''d like to activate a second IP on

Hello Tom and all, Quick question: Is it possible to operate an OpenVPN server from behind a firewall? Is it as simple as setting it up and placing: DNAT net loc:192.168.10.20 udp 5000 - ipaddress -- Paul Slinski -o) Network Administrator /\ Global IQX, Inc. _\_v Global IQX is the leader in integrated e-business automation solutions for the group life and health insurance

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hi, I use shorewall on my router (internal ip: 192.168.1.4). The router is used as a gateway for my lan. If I try to access an IRC server from any "client" (for exaples 192.168.1.1) I get the message "no identd". I tried the following in my shorewall rules config (etc/shorewall/rules), but i doesn''t work: ACCEPT net loc tcp 113

Dear All, Linux Kernel 2.4.20-8 Running Shorewall 2.2.0 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff inet 62.68.254.178/28 brd

I am missing a tiny detail on understanding a simple port forward: I want to forward just like the FAQ listed, via #ACTION SOURCE DEST PROTO DEST PORT DNAT net loc:192.168.1.3:22 tcp 1022 Which works just fine. Now I also tried this following type of rule, which I thought would work, but it did not. #ACTION SOURCE DEST PROTO DEST-PORT

Hi Guys, I have been trying to configure shorewall 1) Internet Access to internal users 2) Have a DMZ that will house atleast 6 mail / web / ftp servers that will server our existing group companies outside our physical location. 3) Setup openvpn between our location and our group companies . What i have done so far is : - Created the 3 zones with the IP ranges as below. DMZ:172.16.10.x