similar to: Losing connections after starting shorewall

Dear all, Dear support and users: Sorry to trouble you! I configure the shorewall firewall to forward ftp and ssh port to another server, but failed. Can you help me check? I cannot login both SSH 2222 and ftp! Below is my environment: (attachment is shorewall dump) 1. Gateway (FC6) 1.1) eth0: lan static IP: 192.168.1.20 1.2) eth1: external public static IP:

Hi !, I have this problem. On a Mandrake 10.0 server with all the updates (Kernel 2.6.3-15mdk, iptables-1.2.9-7mdk and shorewall-2.0.3a-1mdk), one of our internal users have to FTP some files to our external web server. I think we have the correct configuration and rules in shorewall, and have read the http://www.shorewall.net/FTP.html document. Still, our users can''t FTP to the

Hi, I have recently installed shorewall with a very simple rules configuration, ---------------------------------- #SECTION RELATED SECTION NEW Ping/ACCEPT all $FW Trcrt/ACCEPT all $FW SSH/ACCEPT all $FW ACCEPT net $FW tcp http #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE ----------------------------------------- and I have no

I have a linux server connecto into a 100mps LAN, i use iptables implementation of shorewall (shorewall.net) and then I used the wondershaper. When I adjusted the values below, I got a download speed for vsftp at a whooping 1187.91 KB/s but a upload speed is only a painful 27 KB/s. I dont fully understand the underpinng codes behind the wondershaper htb stuff. can someone guide me on how can i

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

i am doing a clean install on fedora core 2 using the shorewall rpm and the Shorewall Setup Guide for multiple IP''s using a stock configuration except for AllowDNS and AllowWeb on the firewall (so i can post this message). my shorewall status file is attached. my setup 69.17.65.105 = firewall 69.17.65.22 = dmz server 1 69.17.65.161 = dmz server 2 my local network is

Hello, Could someone with the requisite shorewall expertise please help me? Here is a description of my problem. I dial in to my ISP using kppp. It seems to establish a connection just fine. However, only a handful of bytes are exchanged. I must then become ''root'' and issue ''shorewall start'' in order to get the Internet connection to work normally. Once

Hi, I have a little trickky thing i wanted to do with puppet, mainly this is configuring web host on servers. I have a tree like this : NODE - WEB -APACHE - 1.x - 2.x - FTP - VSFTP - PROFTPD - STATS -AWSTATS - if FTP then configure awstats for awstats - URCHIN5 So my issue is that i want to be able to have

Hi there, I''m total stuck in this. I have NO problems, with controlling port 80, 22, 21 and other TCP ports. But to open UDP port 27960 is very difficult for me, I''ve searched google, but can''t find a solution, therefore I ask the experts in here. My OS is Debian Etch 64 bit # uname -a Linux sauron 2.6.18-6-amd64 #1 SMP Fri Jun 6 05:24:08 UTC 2008 x86_64 GNU/Linux

Good Morning Everyone, I have a server that runs Shorewall/Samba/PPTP (Poptop). When we try to connect to the PPTP server from outside of the company, the Windows XP pro client can establish the connection. We can then ping the server and the clients behind the server without any problem, but the issue becomes that we cannot map to any of the shares on the samba server or to any client for that

Hello list, I wish to report a problem with openvpn tunnels. Synopsis: Despite adding policies to the shorewall policy file, I have to add extra rules to allow the UDP port 5000 packets to get through. I have used no particular setup guide. I believe this problem goes away with shorewall 2.0.9, as I have implemented openvpn with that version on a different machine, and I see no UDP:5000 packet

Hi, I am having a problem in configuring my machine to use shorewall. Here is my setup Operating System : Mandrake Network Firewall Linux based on Mandrake Linux 8.2 Network Connection : eth0 Connecting to my internal LAN with IP 192.168.1.9 eth1 Connecting to my cable modem with a static IP address 202.88.191.31 When i start with shorewall not configured to

Hi I have recently reconfigured my system to a Bridge based architecture on the basis that I have an ADSL Modem/Router with a Public address on the Wan side and a Private address on the Lan side. I am running a Debian based system kernel 2.6.7 and the Bridging software is installed and working correctly, including startup etc. The problem that I have is in "shorewall start" The

Hi, I need a help... I''m a beginner with shorewall. I have two shorewall firewalls, each with a link. FW (a) - w/ openVPN eth0 = 192.168.150.5/24 eth1 = 192.168.200.5/24 eth2 = public IP eth3 = 192.168.120.5/24 tun240 = 10.240.255.1 /etc/shorewall/zones all zones declared as ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS tlm eth0

I have the problem when my localnetwork do telnet to the net Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2 my files are the following: policy #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net CONTINUE info loc fw ACCEPT info loc loc ACCEPT loc dmz ACCEPT info fw

ive got a config thats client -> server ->Dansguardian->Squid -> onward adn I want to transparently redirect web traffic to DG/Squid Not sure where the problem lies - hoping you guys can help me and at least tell me that its NOT my shorewall config heres the configs When I point a browser straight at 3128 or 3129 I get web pages back and the appropriate stuff in the logs . I get a

Hello, I have recently had the opportunity to put one server in a nice colo facility. This means 1 network interface. I would like to have multiple IPs on this server, with various services firewalled to different IPs. With one IP, i can write rules like so: ACCEPT net fw ftp,www,mail With multiple ips, then I would imagine initially: ACCEPT net fw:2.2.2.2 ftp ACCEPT net

Hi, I''m trying to get Shorewall to work with Squidguard on a machine which is acting as the fileserver, firewall, proxy server and internet access point for a small network. The network at present consists of the fileserver/firewall machine running RH 8.0, two Linux boxes running various RH distributions and two windows virtual machines running on the other machines under Win4Lin.

Hello, I believe there may be a bug in shorewall version 2.0.8. I''ve been using shorewall for years without problems (last installed version was 1.4.6b-1). I''ve posted previously with the subject line "After upgrade people can no longer connect" dated on Sunday, September 19, 2004 which contains all the information for the upgrade. Today I uninstalled shorewall

Hi all, I have a strange problem in trying to install a transparent proxy (in my internal net not on the shorewall server) according to the instructions as outlined in http://www.shorewall.net/Shorewall_Squid_Usage.html#Local My Network looks the following: Internal Net: 10.0.0.0/24 Squid Server listening on port 3128 (ip 10.0.0.152, DNS name server01) | |