Displaying 20 results from an estimated 10000 matches similar to: "Newbie: Problem with two-interface setup"
2005 Feb 11
10
Odd proxy problems
Hi people,
I am running the latest version of Debian ''Sarge''. I have installed hopefully the latest version of
shorewall, as followed by the website. The firewall has been installed with no problems, runs ok,
but I have found a strange problem, maybe it me *shrug*
My setup:
Internet<-->cablemodem<-->Debainfirewall<-->hub<-->windowspc
I am cable, and
2004 Sep 29
10
DNAT + Masq Problem - Yes I read the FAQ I promise
I have a debian woody machine acting as a firewall for a small
network. I am trying to do a simple DNAT to port 80 on the protected
webserver and masquerade all traffic from the protect subnet outbound.
After having read the FAQ and various posts regarding problems with
DNAT I''m afraid I''m no closer to a solution. Based on the output from
"shorewall show nat" I
2003 Jun 29
3
Snapshot 20030629
Problems Corrected:
1) A problem seen on RH7.3 systems where Shorewall encountered start
errors when started using the "service" mechanism has been worked
around.
2) A problem introduced in earlier snapshots has been corrected. This
problem caused incorrect netfilter rules to be created when the
destination zone in a rule was qualified by an address in CIDR
format.
2006 Apr 04
14
Problem with masquerading and bridges
Hello all,
I''m somewhat new to networking, and I''m having trouble masquerading
connections that are coming over a bridge. The bridge only has a
single port for now, but I''m going to add more ports later. I''m basing
my configuration on the two-interface quick start guide. I''m using
Shorewall 3.0.4 on Ubuntu Dapper.
My network looks like this:
* The
2003 Jul 04
3
Shorewall 1.4.6 Beta 1
Beta 1 is now available at:
http://shorewall.net/pub/shorewall/testing
ftp://shorewall.net/pub/shorewall/testing
This is a minor release of Shorewall.
Problems Corrected:
1) A problem seen on RH7.3 systems where Shorewall encountered start
errors when started using the "service" mechanism has been worked
around.
2) Where a list of IP addresses appears in the DEST column of a
2002 Jan 03
2
error starting shorewall
hi,
i installed and configured the shorewall-2.0.9 for standalone user
interface in fc2,then removed the stop ,stopped and the routestopped
files from the /etc/shorewall directory,and run the ''shorewall start''
command,at boot time the messages showing that it is not started,this is
the /var/log/messages output fore shorewall:
Jan 3 04:13:27 localhost netfs: Mounting other
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
Hello all,
Yesterday I noticed that my system was "leaking" traffic towards the
10/8 network, I have shorewall installed on multiple machines ranging
from single interface devices to ones with 10+ interfaces. I tested all
the boxes and they are showing the same behavior.
All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp.
Shorewall version: 2.2.1
For the host mentioned is a single
2002 May 14
4
Redirect loc::80 to fw::3128 not work
The rule:
ACCEPT loc $FW::3128 tcp www
doesn''t work propertly, the http access does not redirect
to squid but directly exit.
what''s wrong?
Thanks
-------
Dario Lesca (d.lesca@ivrea.osra.it)
--------------------------------------
@@@@@@@ this is my shorewall-1.2.13 config:
#[/etc/shorewall/common.def]-----------------------------------------------
2005 May 16
1
Interface Broadcast
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''ve a problem on the broadcast it is adding some additional route to
the router which caused me some problem...
Below is my /etc/shorewall/interface
swtmng1 eth0.1 202.73.10.127 norfc1918
apmng1 eth0.10 202.73.8.7 norfc1918
dist1 eth0.1000 202.73.11.255 norfc1918,nobogons
idc1 eth2.50
2004 Aug 24
7
Question about ip_forward in clear_firewall
Firewall users,
My apologies as I''m not on this list, so please respond directly as
well as to the list. I did try to search the archives and didn''t find
any hits, although the search did not like searching for terms with
underscores in them (both clear_firewall and ip_forward).
I was trying to understand why, when running shorewall stop, even though
it echoes
IP
2004 Sep 27
9
masq - pings and connections get dropped after PREROUTING?
Hello,
I have a pretty standard two-interface setup with masquerading, so the local
network can connect through the firewall to the Internet.
On the firewall box (trevor), eth0 is connected to a cable modem and eth1 is
connected to the local network via a crossed cable. There is one other
machine on the local network (brian), whose eth0 is at the other end of the
crossed cable.
I used to have
2006 Mar 15
6
Can't get port forwarded from net to net
I have followed the instructions at http://shorewall.net/FAQ.htm#faq2
along with some coaching on IRC from _Omache to get a machine (with IP
address 66.93.22.233) to forward all port 25 traffic to another host in
my network (with IP 66.93.22.254). This has not worked. I have tested
by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on
66.93.22.254. Of course, I don''t
2004 Dec 21
2
Defining "trusted" hosts/nets on a single interface system
Ok, I give up. I tried, really hard, before asking but I must be the
most stupid shorewall user on the planet :(
My laptop runs a single eth0 interface and knows Net and Firewall as
zones and the default "inbound" policies are Net->Any DROP and >ny->Any
REJECT.
Now at home I have my trusted 192.168.174.240/29 subnet which hosts my
very trusted 192.168.174.242 host and I
2008 Nov 07
2
Multiple Zones in the same interface
Hi, I am trying something so easy but doesnt work for me.
I want to have more than once zone in my lan, for example my lan es
192.168.0.0/24 and I want to have one zone for servers, other for admin Pcs.
etc
here is my conf:
Interfaces:
--------------
#ZONE INTERFACE BROADCAST OPTIONS
- eth3 detect
net eth1 detect norfc1918
net eth0
2002 May 14
3
[Shorewall-users] Redirect loc::80 to fw::3128 not work (fwd)
I''m beginning to believe that the use of the last column in the rules file
to designate redirection/forwarding is too subtle for many users. For 1.3,
I think I''ll do something like the following:
Current rule:
ACCEPT net loc:192.168.1.3 tcp 80 - all
New rule:
FORWARD net loc:192.168.1.3 tcp 80
Current rule:
ACCEPT net fw::3128 tcp 80 - all
New rule:
REDIRECT net
2003 Mar 21
1
Shorewall config format
Hi,
I''m a long time shorewall user and I like it very much. There is only
one thing were I''m not always happy with: the config files.
There has been discussion on the list about the comments in the files.
My concern is that I loose overview over my configuration because of the
many config files. Of course there are advantages too but I thinking
wether another config format would
2005 Apr 02
11
bluetooth nap and internet access problem
Hello,
I''m trying to configure my desktop as a bluetooth network access point for my
ipaq (as explained in http://www.stolk.org/debian/bluetooth.html).
I''m running shorewall version 2.2.1 on debian testing with a local network via
eth0 and internet access via eth1. I''ve created a bridge br0 for eth0 and
bnep0 and activated bridging in shorewall. dhcpd is listening
2004 Dec 10
9
parallel zone: loc2 is composition of loc1
i have no idea how to definie for a parallel zone the host file if the
second zone (net) should be the composition of the first zone (dmz).
i tried all the following combinations in the interface and host files:
interface:
- eth0 - (variante 1)
- eth0 192.168.0.255,255,255,255,255 (variante 2)
- eth0 192.168.0.255,!192.168.0.255 (variante 3)
2004 Aug 12
1
SMTP, IP, WHM news problems....
Hi,
I install shorewall firewall on my server and after that I have big
problem with SMTP, I can send messages with outlook to server but that
messages don`t go out from server (Currently I have over 800 messages
in the mail queue)
My server is on WHM/cPanel and EXIM....
When I click on "Delivery Now" for some message in WHM I get error:
Message 1BtoLi-00033G-RN is not frozen
LOG: MAIN
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH