similar to: Samba & ICMP allow problem

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Dear All, I have read all the documentation I can find but I still have not understood how, in what context and where to use the action commands enumerated in /usr/share/shorewall/actions.std. Illustrating with SMB traffic for instance, how can one use AllowSMB, DropSMB and RejectSMB to control SMB traffic instead of the classic ACCEPT z1 z2 udp 135,445 ACCEPT z1

Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

I installed rsync on my RedHat 9 and the client i used is win 98 se. when I execute the command "rsync -e ssh -av --delete "/rsync/" administrator:anandhg" administrator - > RH M/C name anandhg - > Samba share(Home directory) rsync - > directory present in c: 1st Problem: It asks do you want to add the host(yes/no). Than after giving yes it created a folder .ssh in

Hi all, I''m using Gentoo Linux Distribution and I''ve upgraded my firewall from Shorewall 1.4 to 2.0.4, however my LANs stop having internet access. I have a server with shorewall 2.0.4 installed and 3 interfaces. eth0 and eth1 are interfaces to a LAN and to my laptop and eth2 is the net interface. I have masq like: eth2 eth0 eth2 eth1

Hello, You will find in attachment the layout of my current physical configuration. For now, the Cable ISP is not used. Since it is a dynamic ISP, my mailserver is rejected and my domain name registers on blacklists like ORDB and al. I want it to be used as a default gateway except for my mail server that would be seen as coming from my "honest" ADSL ISP. Here is

Hello, I''m working in configuring a very restrictive firewall to stick between our techroom and our internal network. Basically nothing should be allowed into the techroom and only a limited amount of traffic is to leave the techroom. Below are a few log entries I looking to get explained. DHCP is handled by the firewall, DNS is handled by servers side our techroom. my rules file

Hello, I am using Shorewall version 2.0.1 with kernel 2.4.20. Nightly, LogWatch emails a portion of the logs for my review. I notice that there are tons of dropped packets from port 445, somedays as many as 7,000. See sample below: >From 24.226.192.22 - 2 packets To 24.227.147.124 - 2 packets Service: microsoft-ds (tcp/445) (Shorewall:net2all:DROP:,eth0,none) - 2 packets My question is,

I use shorewall 2.0.9 I have a mac filter running on my eth2(wifi) 192.168.0.1 is eth1(loc). My policy file allows trafic from wifi to loc and loc to wifi. Also fw to wifi and fw to loc. I also use AllowSMB loc to fw and AllowSMB wifi to fw. Any ideas? Shorewall:eth2_mac:REJECT:IN=eth2 OUT= MAC= SRC=192.168.0.1 DST=192.168.1.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=6188 DF PROTO=UDP SPT=138

Hello, Which port Smb4K uses? I am not able to use Smb4K on my server for the local network. Thanks Varun

I''m running a Fedora Core 1 Samba server and Shorewall 2.0.1 Connections to Samba shares from both loc hosts and the fw host are usually impossible, unless I boot the Server and connect a loc machine to a Samba share before starting Shorewall. This requires manually toggling the startup_disabled filename and starting Shorewall manually after each boot. I used the two-interface

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has

Dear all I have 2 server: samba server on fedora core 2 and windows NT 4 server. Each server have different ip address 1.samba PDC server on fedora with ip: 192.168.0.xxx 2.windows NT 4 PDC server with ip: 192.168.1.xxx I want to all user in samba server can sharing file and browse network share in NT4 server , and all user in NT4 server can sharing file and browse network share in

I have created shell script for MRTG statistics of droped/rejected packets: ftp://slovakia.shorewall.net/mirror/shorewall/mrtg/ http://slovakia.shorewall.net/pub/shorewall/mrtg/ rsync://slovakia.shorewall.net/shorewall/mrtg/ example: http://slovakia.shorewall.net/pub/shorewall/mrtg/example/ It is not based on /var/log/messages (syslog), but iptables counter. A lot of packets are droped/rejected

What I''m doing: I have Shorewall on a SuSE 9.0 machine, which is the firewall/router on the network. External interface is eth0 172.16.1.1, internal interface is eth1 10.40.1.1. (I used the Two-interface Linux System Quickstart Guide). All works well with that configuration. I also use PPPD for dial-in clients, and have two modems for incoming calls. Recently I added VPN interface

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

Hi, I have a working test install of Shorewall 2.0.7 on a 32 bit install of Gentoo, it''s working like a champ, so i am making an install on a nice new Opteron server, using 64bit Gentoo. I have run into a problem which going by your FAQ might be due to a missing module, but after a couple of hours of fiddling I''m stumpted - I can''t see any options in the 2.6.8 kernel

Hi all Is it possible to just forward port to local computer but not give open access for that port? If I''ve understood right that this rule does give ACCESS from net to loc too: DNAT net loc:192.168.1.5 udp 7777 What I''m trying to say is that it would work so that everything that''s coming from net to that local computers port is DROPed or REJECTed if it''s

Hi, I install shorewall firewall on my server and after that I have big problem with SMTP, I can send messages with outlook to server but that messages don`t go out from server (Currently I have over 800 messages in the mail queue) My server is on WHM/cPanel and EXIM.... When I click on "Delivery Now" for some message in WHM I get error: Message 1BtoLi-00033G-RN is not frozen LOG: MAIN