Displaying 20 results from an estimated 20000 matches similar to: "state INVALID"
2004 Nov 29
5
cascading LANs
I have a DMZ (eth2: 10.0.100.0) and a LOC1 (eth0: 10.0.0.0) defined on my firewall.
On one of the port on the switch serving LOC1 I have now a router and a switch
feeding a bunch of computers with net=10.0.200.0.
While I have defined a route to reach LOC2, I would like to define also a specific
zone in order to assign different rules to it.
Is it possible ? if yes, what is the syntax of the
2005 Mar 16
5
[Fwd: Squid on remote Box]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I mean
http://users.gurulink.com/drk/transproxy/TransparentProxy.html on
"6. Transparent Proxy to a Remote Box."
Thanks
- -------- Original Message --------
Subject: Squid on remote Box
Date: Wed, 16 Mar 2005 17:16:35 +0700
From: Royke K <royke4k@cbn.net.id>
To: shorewall-users@lists.shorewall.net
How do I configure port
2007 Nov 09
3
Shorewall + Squid transparent + Apache
I remember to see something about that in shorewall.net some time ago,
but I could not find it today ...
The case :
Debian Etch, Shorewall 3.2.6, squid3 and Apache 2 .
The first 3 where already running fine for some time ...
Now I need to setup an Apache server to allow some web mannagement,
things like PHPsysinfo, phppgadmin, just for internal net, no web access .
but port 80 is redirected to
2006 Feb 12
11
Local Network Can't Get Past Shorewall to the Internet
Greetings all,
I have just install Shorewall on a Debian system and
I''m using it as a firewall on an internal network.
The specifics of the system are as follows:
firewall:/var/log# shorewall version
3.0.4
firewall:/var/log# uname -a
Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST
2005 i586 GNU/Linux
Shorewall start successfully and $FW can connect to
the Internet for upgrading
2003 Jan 23
3
Routing question
I''m asking this question for the sysadmin where I work.
Will Shorewall do this?
Joe,
I am looking for a linux router that will look at the source IP (not the
destination) and then forward the packet out a specific interface to another
host. For example if a packet comes in to the linux router from NET-A it
will forward the packet out INTERFACE-A to HOST-A. If a packet comes in
to the
2005 Jan 07
8
Virus Detector ?
Hi Tom,
I´m very glad using Shorewall
I proud to say that use it in my whole network (215 Real IP´s over ProxyArp)
I can filter everyone have mac-control of then etc etc.
Well I´m like a child playing with it :)
But now, have a question there is any way to filter or use an Anti-virus in this network ?
To drop packets with virus ?? To scan HTTP request ?? Or maybe use Dansguardian ?
Did you
2007 Jan 08
2
shorewall/dansguardian/squid problem
ive got a config thats
client -> server ->Dansguardian->Squid -> onward adn I want to
transparently redirect web traffic to DG/Squid
Not sure where the problem lies - hoping you guys can help me and at
least tell me that its NOT my shorewall config
heres the configs
When I point a browser straight at 3128 or 3129 I get web pages back
and the appropriate stuff in the logs .
I get a
2010 Jun 15
4
TPROXY configuration
I''m trying to get TPROXY / Squid running and I have a few questions...
I found this page:
http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY
However, it doesn''t explain what I''m seeing in the configuration.
For the zone file, do I keep my loc and net configurations and just add
the following to the file?
- lo - -
or do I remove the loc and net zones and
2008 Oct 08
19
transparent proxy
2003 Oct 29
11
Shorewall prerouting to a manual proxy
Hallo,
I got a problem (I think it''s not a Problem, I am just to stupid to manage
it)
Iwant my Server (eth1: addr:10.0.123.1, Local Zone), eth0 is connectet to
the Student-Network (addr:172.16.129.106 Mask:255.255.248.0 gateway:
172.16.128.1, Net Zone), to forward all packages from port 80 on local
Zone to www-cache.uni-halle.de:3128 (172.16.128.1:3128) because I have to
use this
2003 Dec 18
5
support.htm
I''ll take this one next.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 Jan 04
4
Shorewall redirect with Squid and Dansguardian
Hi all,
I''ve just built Mandrake 10.1 on a Compaq Deskpro that I''ve built as a
router/firewall and am redirecting port 80 outbound to force users through
the Content Filter. I''ve run this setup on Mandrake 9.0 and 10.0 without any
problems but this time the following happens.
Squid is accessed through port 3128 and Dansguardian via 8080.
If I set my browser on a
2004 Mar 23
2
outgoing redirect
I am trying to help a school run dansguardian transparent. I added the
following to shorewalls rules, and from a tail of messages it seemed to be
working, but he called saying no one had Internet. What should the rule be
if this does not redirect port 80 to 8080?
REDIRECT loc 8080 tcp www -
!10.192.0.2 (web on dmz)
ACCEPT fw net tcp www
2005 Dec 14
10
Shorewall stops after about 36 hours
I don''t know what is happening, but every 36 hours or so I''ll go to ssh into
my server and find that I can''t connect on any of the outside services. I
then can connect into the box using a serial connection and find that
shorewall reports that it is not running and the iptables are in some kind
of default state which looks nothing like what I set it up with shorewall
2004 Oct 11
5
Fw: setting an exception source to a redirect rule?
I recently setup shorewall on my freshly rebuilt router box.
I setup transparent proxying using transproxy/dansguardian/privoxy/squid.
My current rules for the redirect are:
REDIRECT loc 81 tcp www - !192.168.100.0/24
ACCEPT fw net tcp www
How do I set this so that all the request are redirected except for requests FROM a certain machine (192.168.100.11)?
I
2004 Nov 30
1
a way to prevent LAN from reaching a list of IP/FQDN
I know that Shorewall is not for content control, but until such day that I get the time to set-up squid, what is the best way to prevent machines on LOC from reaching a bunch of sites contained in a list with about 30 to 40 IP addresses or FQDN entries ?
The blacklist look only at the SRC field of the packet, right?
Thanks,
Costantino.
---------------------------------
Do you Yahoo!?
2012 May 31
5
Shorewall + squid + multi isp
Hello all,
I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall
Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ?
Thanks Fred
2005 Jan 30
20
FTP Transparent Proxy from Local To Net Through DMZ
Dear All,
Linux Kernel 2.4.20-8
Running Shorewall 2.2.0
ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff
inet 62.68.254.178/28 brd
2003 Oct 15
4
tcrules ignored? wondershaper integration?
Hi,
first of all, let me thank you for your great Shoreline Firewall. I use
it with great success at home (protecting my WiFi connection).
And now if I could have a question about traffic shaping. I did read
everything I could find but I still have two problems: first, the MARK
from tcrules is not working in HTB based simple tc filter line ("handle
$MARK fw classid 1:20"). If I switch
2005 Jan 05
1
How to specify in a rule all the IP addresses belonging to <domain.xyz>
Is there a way to state that a REJECT rule, for instance, applies
to all IP addresses belonging to the <domain.xyz> domain?
Costantino