similar to: FW: Shorewall and selective access

Tom, I am NOT subscribed (yet). I dropped SuSeFirewall2 in favor of shorewall to get past the configuration hurdles I as experiencing. At the moment, when my SuSe 9.1 starts up, I can see shorewall processing the rules, policies, etc. and I see no errors and then moves on with the rest of the SuSe boot process . However, no traffic passes through using the rules. I run an iptables -L and I

Hiya. I am currently usiong Shorewall 1.4.8 on my Mandrake box. I want to look at upgrading it to the Latest build of shorewall. Is there anything I need to look out for before doing this ? Is there a FAQ as to the easiest way or doers it upgrade ok following the usual Upgrade via RPM instructions. cheers in advance. _________________________________________________________________

Hi, I need a help... I''m a beginner with shorewall. I have two shorewall firewalls, each with a link. FW (a) - w/ openVPN eth0 = 192.168.150.5/24 eth1 = 192.168.200.5/24 eth2 = public IP eth3 = 192.168.120.5/24 tun240 = 10.240.255.1 /etc/shorewall/zones all zones declared as ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS tlm eth0

New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the trace rather than up in the middle of it. 3) "shorewall [re]start" has been speeded up by more than 40% with my

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

Hi, I want to automate some of the maclist and rule functionality: User connects to the network and gets a DHCP address from the shorewall box. Using squid and redirection, all the user can do is go to a login page on the firewall User logs in correctly to the form on the webpage and a process captures MAC and IP address info from the dhcpd.leases file Once authenticated, a maclist entry and an

Hello, I would like to run other services like messaging services on my firewall machine too. Does it make sense to run shorewall, openvpn and the pppoe package in a chroot jail? And is it possible to run these programs as an other user? Ciao Hugo

Shorewall 4.0.15 is now available from shorewall.net, SourceForge and Debian Sid. Additionally, I have updated my Debian Etch repository with 4.0.15 packages. Problems Corrected in Shorewall 4.0.15. 1) Beginning with iptables version 1.4.1, the syntax for commands using the conntrack module has changed. Shorewall now detects if the installed version of iptables requires the new

Hello, Could someone with the requisite shorewall expertise please help me? Here is a description of my problem. I dial in to my ISP using kppp. It seems to establish a connection just fine. However, only a handful of bytes are exchanged. I must then become ''root'' and issue ''shorewall start'' in order to get the Internet connection to work normally. Once

shorewall only hangs my named server everything eles works except named and thats why my email dont work when i have shorewall started it dont give me any messages when i try it is named tcp or udp? --------------------------------------------------------------------------------

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta This version contains two new builtin actions in the /etc/shorewall/rules file: ACCEPT+ - Like ACCEPT but it also exempts the connection from subsequent DNAT[-] and REDIRECT[-] rules. NONAT - Exempts the connection from subsequent DNAT[-] and REDIRECT[-] rules. These actions solve similar problems reported by

Hi, I am trying to redirect my subnet thru squid and it seems to be working. However I decided tu exclude two hosts from the redirect (ie acces the net directly) and can''t manage to achieve that. I am using the following rule: REDIRECT loc:!192.168.13.48,!192.168.13.200 3128 tcp 80 - With this rule everything gets redirected thru squid. I also tried:

Hello, I forgot to put my #/etc/shorewall/policy file: # /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # adm net DROP info tlm net DROP info # net adm DROP

Ok here are all the information the website said I should include first: [root@residents root]# shorewall version 1.4.8 [root@residents root]# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100

Hello. Is there any command in the shorewall script that prints how many or the hits the last 5 min? /Rickard Eriksson

Hi Guys, Thi sis my first post, sorry for my english, I''m Italian. I desperate try configure home server/router connected over ADSL with dynamic IP. I''ve registered to no-ip and in order to connect externaly to my home server. My system is gentoo based. I''ve just installed different pubblic servers with static IP and shorewall and had no problems, but my own home

I should also mention that Accounting rules are not stateful -- each rule only handles traffic in one direction. So for example, if eth0 is your internet interface and you have a web server in your DMZ connected to eth1 then to measure HTTP traffic in both directions requires two rules: DONE eth0 eth1 tcp 80 DONE eth1 eth0 tcp - 80 Associating a counter with a chain allows for aggregation.

I have a rule setup to transparently proxy all normal web traffic through Dan''s Guardian for filtering. However, there are a few sites that simply do not work right through a transparent proxy. The biggest of these is yahoo mail. Most sites are not a problem to add to the exemption list. Yahoo, however, apparently uses many servers for the webmail system. There is the main server

Hello, is it possible to configure Shorewall for different network environments? I am using it on a single Linux computer. When I am at home, I am using an internal IP address (192.168.0.X), and when I am using my cable modem, I get an internet IP assigned. I now want to be able to use Samba/Windows Filesharing when at home and to disable it when I am using my computer directly on the net.

Shorewall version 2.2.1 2 Interface setup. eth1: 10.10.1.3 eth0: 192.168.1.2 modem is 192.168.1.1 I need to be able to connect to my adsl modem, but when shorewall is up I get connection rejected. I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop # RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection rejected Is there