Displaying 20 results from an estimated 20000 matches similar to: "Listing the subnets in a zone"
2005 May 27
5
Problems with dynamic zones
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found out problems with dynamic add of hosts to zones. If somebody has
idea how to fix it, please do tell. My head is not working on this on
properly. Hope you get idea from this message. I''m trying to simplify
this as much as possible to get problem clear.
Problem is:
Zones:
vpn
wlan
net
Interfaces:
net eth0
wlan eth1
Policies:
vpn all
2009 May 15
3
Allowing traffic within same zone on multi-subnet interface
Hi list,
I''m struggling with this problem for a long time, hopefully someone
can explain me what I''m doing wrong:
I have a shorewall installation with
interfaces
net eth0
- eth1
hosts
loc 10.0.10.0/24
loc 10.0.20.0/24
+some other zones and subnets
there are aliases on eth1 for gateways for the two loc subnets
eth1:1 10.0.10.1
eth1:2 10.0.20.1
Everything works fine, loc
2003 Jul 03
0
IPSEC, multiple subnets and multiple road warriors, oh my! :)
Hi all,
I''ve been using Shorewall 1.42 for a month on two firewalls at work and
my own personal colocated server and love it. While pretty familiar
with iptables, I don''t like dealing with it on a daily basis, and
Shorewall certainly makes life easier. I''ve deployed Shorewall on both
our Toronto and Ottawa office firewalls, and have configured a
FreeS/WAN IPSEC
2003 Oct 17
5
Question on sNAT for multiple external subnets
I''m wondering if the following is possible under recent versions of
shorewall:
1. We have several class-C networks from both UUNet and Internap, both of
which are actually routed over a single inbound ethernet line from UUNet
at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This
gives us a total of 3 class-C subnets. All packets for these three subnets
would land on
2003 Jul 09
2
router in a subnet again :)
Hi,
after migrating to shorewall firewall from my own iptables rule set (to
utilise freeswan vpn tunnels) I have successfully configured a 3 interface
firewall with net2net vpn tunnels, with the help of the shorewall
documentation. However I cannot seem to configure my final step which is to
masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get
internet access via the
2004 Dec 05
13
Adding dynamically more than one host at once?
Hi,
it seems not to be possible to add more than one host at once to a zone.
So
shorewall add br0:eth0:192.168.2.10,eth0:192.168.2.11 work
fails, since "br0:eth0:192.168.2.10,eth0" is interpreted as one interface.
--snip --
iptables v1.2.9: interface name `eth0:192.168.2.10,eth0'' must be shorter
than IFNAMSIZ (15)
Try `iptables -h'' or ''iptables
2004 Oct 06
1
Dynamic changes while Shorewall running?
I am looking at using Shorewall in a local college. There will be a default
set of firewall rules, but for some lessons certain classrooms will be
granted full Internet access (this will be done by the lecturer via a web
interface). I am seeking suggestions for the best way to implement this
under Shorewall. I think it might make sense to make each classroom a
separate zone, but is there a dynamic
2005 Jun 25
1
WINS over multiple subnets
Hello, everybody!
I have two networks (192.168.1.0 and 192.168.2.0) connected across a wireless
router with two NICs. I can ping everything allright via ip address, but not
by name across subnets. Things on the same subnet ping allright by name.
Here are the smb.conf files for my two master browsers:
#(192.168.1.249)
[global]
workgroup = THEBAND
netbios name = Yesteryear
2003 Jan 08
3
Access to internet execpt some subnets
Hello Shorewall users
I have a firewall based on RedHat 8.0 and Shorewall.
I have 2 interfaces, with 2 ip address on the loc interface, the connection
to the internet runs through my company''s network with an ADSL/MPLS line. I
need to configure my Shorewall with the possiblity to deny some users''
access to the ''net'' for some subnet.
Ex. my son''s
2010 Jan 21
6
Shorewall 4.4.6 and Multiple ISP with 2 routed subnets
Hello,
I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect
2005 Dec 08
7
Two Subnets on routed to the other, Setup?
Hi there,
I''ve read Routing on One Interface, and Shorewall and Aliased
Interfaces docs but I''m a little confused, and all my test attempts
have mostly failed. Here is my setup:
CentOS 4.2
ShoreWall 3.0.2
My server has a subnet 192.168.50.0/29 routed to it via 192.168.1.2.
Currently 192.168.1.2 is setup on eth0. With no ShoreWall involved
routing seems to work if I just setup
2002 Aug 20
5
how to limit connections from certains inet subnet the best way?
Hello all,
i am new to shorewall and i already have a question ;)
i am running a mailserver in my dmz (or actually this will be when =
evertything will be working fine with shorewall) with public ip =
addresses.. i have a subnet of 8 ip addresses (255.255.255.248 mask) and =
i was planning of the classic 3 nic (eth0-2) setup... the dmz should =
work with proxy-arping...=20
now my quesion is
2003 Jan 25
0
Shorewall 1.3.14 Beta 1
Beta 1 is now available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
Features include:
1) An OLD_PING_HANDLING option has been added to shorewall.conf. When
set to Yes, Shorewall ping handling is as it has always been (see
http://www.shorewall.net/ping.html).
When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and
2003 Feb 08
1
Shorewall 1.3.14
Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for
helping with updating the sample configurations.
New in 1.3.14:
1) An OLD_PING_HANDLING option has been added to shorewall.conf. When
set to Yes, Shorewall ping handling is as it has always been (see
http://www.shorewall.net/ping.html).
When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and
2004 Dec 25
5
Thick head still having problems with subnets (?)
I have defined a Home zone and placed it before the Net zone. Defined a
host 192.168.174.242 as a trusted host. Now if I ping from 242 to my fw
it works just fine (also tweaked the norfc1918 file).
Thing I do not understand is why if I try pinging or FTPing from FW to
242 I hit the all2all reject rule !
I tried reading the rules and from the INPUT chain I see a eth0_in chain
which in turn
2007 Jan 03
2
An interface can reference multiple zones...
Via creative use of the instructions at
http://shorewall.net/Multiple_Zones.html#id2497549.
But can a zone (in shorewall/interfaces) reference multiple interfaces?
I have two openvpn instances running on my server, one bridged (for
upstream access to some client vpn''s so I don''t have to request the
clients add new subnets to their routing tables) and one routed (for
nailed
2003 Dec 03
6
Zone Scalability
I''m happily running two four zone/four nic shorewall firewall
configuratoins. Great software, works as expected everytime! We are
conteplating a larger and more complex firewall configuration that may
include as many as twelve zones with trying to cram as many as 8+
interfaces into a single machine. Are there any draw backs to this
amount of zones and interfaces into a single
2003 Jan 31
4
Setting up new firewall
Using Mandrake MNF which uses shorewall as it''s firewall.
My firewall is simple with just two interfaces. One on the internet
one on the local network. I can''t browse out to the internet with a
browser. Or connect to my external mail server. If I set up the proxy
server and set my browser to connect via the proxy I can browse the
internet. But still can''t get mail to
2013 Feb 12
6
Passing traffic between separate public subnets on same interface
I have read everything I can find in the docs and faqs about this, and
I feel there must just be some simple thing I''m not doing, but I''m
stumped.
Two interfaces, eth0 and eth1. eth1 is the WAN connection to the
upstream provider, and has a single IP and the default gateway.
Connection uses bgp.
eth0 is the LAN interface, and has multiple IP addresses, private
(ie., 10.0.2.x)
2004 Aug 22
6
LAN to DMZ zone issues.
Hello all,
Name is Andrew and in desperate need of some info.
Setup:
- Mandrake 9.1 with three interfaces
(eth0 --> WAN) C-class /28 network (with tree virtual addresses which I
am DNAT-ing to the DMZ)
(eth1 --> LAN) A-class 10.0.0.0/8
(eth2 --> DMZ) A-class subnet 10.1.123.0/24
- Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk
Dilemma:
- LAN can not access the DMZ zone