similar to: state INVALID

I have a DMZ (eth2: 10.0.100.0) and a LOC1 (eth0: 10.0.0.0) defined on my firewall. On one of the port on the switch serving LOC1 I have now a router and a switch feeding a bunch of computers with net=10.0.200.0. While I have defined a route to reach LOC2, I would like to define also a specific zone in order to assign different rules to it. Is it possible ? if yes, what is the syntax of the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I mean http://users.gurulink.com/drk/transproxy/TransparentProxy.html on "6. Transparent Proxy to a Remote Box." Thanks - -------- Original Message -------- Subject: Squid on remote Box Date: Wed, 16 Mar 2005 17:16:35 +0700 From: Royke K <royke4k@cbn.net.id> To: shorewall-users@lists.shorewall.net How do I configure port

I remember to see something about that in shorewall.net some time ago, but I could not find it today ... The case : Debian Etch, Shorewall 3.2.6, squid3 and Apache 2 . The first 3 where already running fine for some time ... Now I need to setup an Apache server to allow some web mannagement, things like PHPsysinfo, phppgadmin, just for internal net, no web access . but port 80 is redirected to

Greetings all, I have just install Shorewall on a Debian system and I''m using it as a firewall on an internal network. The specifics of the system are as follows: firewall:/var/log# shorewall version 3.0.4 firewall:/var/log# uname -a Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST 2005 i586 GNU/Linux Shorewall start successfully and $FW can connect to the Internet for upgrading

I''m asking this question for the sysadmin where I work. Will Shorewall do this? Joe, I am looking for a linux router that will look at the source IP (not the destination) and then forward the packet out a specific interface to another host. For example if a packet comes in to the linux router from NET-A it will forward the packet out INTERFACE-A to HOST-A. If a packet comes in to the

Hi Tom,  I´m very glad using Shorewall I proud to say that use it in my whole network (215 Real IP´s over ProxyArp) I can filter everyone have mac-control of then etc etc. Well I´m like a child playing with it :) But now, have a question there is any way to filter or use an Anti-virus in this network ? To drop packets with virus ?? To scan HTTP request ?? Or maybe use Dansguardian ? Did you

ive got a config thats client -> server ->Dansguardian->Squid -> onward adn I want to transparently redirect web traffic to DG/Squid Not sure where the problem lies - hoping you guys can help me and at least tell me that its NOT my shorewall config heres the configs When I point a browser straight at 3128 or 3129 I get web pages back and the appropriate stuff in the logs . I get a

I''m trying to get TPROXY / Squid running and I have a few questions... I found this page: http://www.shorewall.net/Shorewall_Squid_Usage.html#TPROXY However, it doesn''t explain what I''m seeing in the configuration. For the zone file, do I keep my loc and net configurations and just add the following to the file? - lo - - or do I remove the loc and net zones and

Hallo, I got a problem (I think it''s not a Problem, I am just to stupid to manage it) Iwant my Server (eth1: addr:10.0.123.1, Local Zone), eth0 is connectet to the Student-Network (addr:172.16.129.106 Mask:255.255.248.0 gateway: 172.16.128.1, Net Zone), to forward all packages from port 80 on local Zone to www-cache.uni-halle.de:3128 (172.16.128.1:3128) because I have to use this

I''ll take this one next. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi all, I''ve just built Mandrake 10.1 on a Compaq Deskpro that I''ve built as a router/firewall and am redirecting port 80 outbound to force users through the Content Filter. I''ve run this setup on Mandrake 9.0 and 10.0 without any problems but this time the following happens. Squid is accessed through port 3128 and Dansguardian via 8080. If I set my browser on a

I am trying to help a school run dansguardian transparent. I added the following to shorewalls rules, and from a tail of messages it seemed to be working, but he called saying no one had Internet. What should the rule be if this does not redirect port 80 to 8080? REDIRECT loc 8080 tcp www - !10.192.0.2 (web on dmz) ACCEPT fw net tcp www

I don''t know what is happening, but every 36 hours or so I''ll go to ssh into my server and find that I can''t connect on any of the outside services. I then can connect into the box using a serial connection and find that shorewall reports that it is not running and the iptables are in some kind of default state which looks nothing like what I set it up with shorewall

I recently setup shorewall on my freshly rebuilt router box. I setup transparent proxying using transproxy/dansguardian/privoxy/squid. My current rules for the redirect are: REDIRECT loc 81 tcp www - !192.168.100.0/24 ACCEPT fw net tcp www How do I set this so that all the request are redirected except for requests FROM a certain machine (192.168.100.11)? I

I know that Shorewall is not for content control, but until such day that I get the time to set-up squid, what is the best way to prevent machines on LOC from reaching a bunch of sites contained in a list with about 30 to 40 IP addresses or FQDN entries ? The blacklist look only at the SRC field of the packet, right? Thanks, Costantino. --------------------------------- Do you Yahoo!?

Hello all, I''m reading the nice documentation about shorewall with multi isp. And I wonder about squid (non transparent) and shorewall Can I use on same machine, squid with ldap ident, dansguardian, and shorewall with multi-isp (four or five) ? Perhaps there is a problem because squid mask source IP, shorewall can maintain and load balance sessions for the same source IP ? Thanks Fred

Dear All, Linux Kernel 2.4.20-8 Running Shorewall 2.2.0 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff inet 62.68.254.178/28 brd

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Is there a way to state that a REJECT rule, for instance, applies to all IP addresses belonging to the <domain.xyz> domain? Costantino