similar to: 2 net connections confusion

Hi, I''m trying to use Shorewall (3.0.6) to accomplish what I thought was going to be fairly simple. Unfortunately, I can''t get the dmz to work correctly, and I''m getting martians logged against the interface at issue. Any help I could get would be greatly appreciated! A picture of my physical setup is attached. I have also attached a shorewall dump. To make a long

Hello all. First of all, please be a bit indulgent to my poor English :-). Second, this message is "kinda" BIG, so if you don''t like BIG messages, simply don''t read it :-). I''ve read http://shorewall.net/2.0/Shorewall_and_Routing.html and http://shorewall.net/MultiISP.html, however I still a bit confused how to organize what I need :-). I''ve a

Hello, I''m trying to setup an 8 port wan configuration (pptp+pppoe) with one vlan trunk. My internal networks are : LAN(eth9): 10.0.0.0/16 VLAN10(eth9) 10.10.0.0/24 VLAN20(eth9) 10.20.0.0/24 VLAN30(eth9) 10.30.0.0/24 VLAN100(eth9) 10.100.0.0/24 I would like to post my configuration here since i don''t success to do the following: 1. Communicate between VLANxx to LAN

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

Hello , The folllowing is the error problem: Validating interfaces file... ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2 The shorewall interface file: net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians P.S. I tried to remove norfc1918 from interface

Hi, i connect to the internet over my eth4 interface using pppoe. The internet always comes on ppp0. I am trying to setup an L2TP/IPSEC VPN and i am reading http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP I notice in the example the interfaces file is given as: #ZONE INTERFACE BROADCAST OPTIONS net eth0 detect routefilter loc eth1

Shorewall 4.5.1.1 I have 5 interfaces on a centos box, the first two are internal on two different subnets, the next two are two different ISP''s and the last one is a private network for testing and administration. The second internal subnet (eth1) is rejecting all the arp requests to it and I get the following in the log files ever second or two - May 16 05:28:54 services kernel:

I''ve got a linux machine (fedora core 3) with 4 network cards. I looked at the howto and the only example that is close to what I need to do is section 4.2 on multiple uplink providers. I feel like I''m so close but just can''t get my head around the final part. Here is what I have eth2 and eth4 connect to 2 different isps. I want all connections the come from my dmz

Hi, I have a problem installing Shorewall 2.0.7 on a box, when I launch it I have: Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc Validating interfaces file... Validating hosts file... Validating Policy

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''ve a problem on the broadcast it is adding some additional route to the router which caused me some problem... Below is my /etc/shorewall/interface swtmng1 eth0.1 202.73.10.127 norfc1918 apmng1 eth0.10 202.73.8.7 norfc1918 dist1 eth0.1000 202.73.11.255 norfc1918,nobogons idc1 eth2.50

Shorewall 4.3.7 is available for testing. ---------------------------------------------------------------------------- P R O B L E M S C O R R E C T E D I N 4 . 3 . 7 ---------------------------------------------------------------------------- 1) Klemens Rutz reported a problem that affects all Shorewall-perl 4.2 and 4.3 versions. The problem: a) Only occurs when

Hi, I install shorewall firewall on my server and after that I have big problem with SMTP, I can send messages with outlook to server but that messages don`t go out from server (Currently I have over 800 messages in the mail queue) My server is on WHM/cPanel and EXIM.... When I click on "Delivery Now" for some message in WHM I get error: Message 1BtoLi-00033G-RN is not frozen LOG: MAIN

Beta 2 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair from Shorewall 4.5.17.1. 2) The following warning message could be emitted

Hi ! Recently i switched my internet provider, to get more speed but another braindead setup regarding public ip addresses. I now have 4 PPTP Tunnel available, of which i''m using one as the gateway ip doing masquerading to other machines in my local lan, excluding three other machines, which i would like to use 1:1 nat to get them a direct access to one of the pptp tunnels. I was

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has

This one is really throwing me. Thanks in advance for any advice. I''m working on a 4 port firewall system. It is running heartbeat+drbd. Primary box looks like this: eth0 -> net/cicso router 192.168.144.2/29 eth1 -> drbd/heartbeat crossover cable 192.168.254.253/30 eth2 -> dmz 192.168.144.10/24 eth3 -> loc 192.168.101.2/24 The IP''s

Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

Hey First, apologies if this went out twice. I sent the original email from an odd email configuration (essentially from an alias of what I signed up as). I searched and noticed that my post did not appear and I did not get a bounce back so I was confused. I waited a few days before resending. So apologies if this goes out twice. I am not trying to spam. I was hoping someone could help me with

Hi all! I''m using shorewall 2.2.3 and I got a net device that seems to be a point-to-point device (that''s what ifconfig suggests): vpnlink Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:aaa.bbb.ccc.ddd P-t-P:aaa.bbb.ccc.ddd Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1300 Metric:1 RX