similar to: Listing the subnets in a zone

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I found out problems with dynamic add of hosts to zones. If somebody has idea how to fix it, please do tell. My head is not working on this on properly. Hope you get idea from this message. I''m trying to simplify this as much as possible to get problem clear. Problem is: Zones: vpn wlan net Interfaces: net eth0 wlan eth1 Policies: vpn all

Hi list, I''m struggling with this problem for a long time, hopefully someone can explain me what I''m doing wrong: I have a shorewall installation with interfaces net eth0 - eth1 hosts loc 10.0.10.0/24 loc 10.0.20.0/24 +some other zones and subnets there are aliases on eth1 for gateways for the two loc subnets eth1:1 10.0.10.1 eth1:2 10.0.20.1 Everything works fine, loc

Hi all, I''ve been using Shorewall 1.42 for a month on two firewalls at work and my own personal colocated server and love it. While pretty familiar with iptables, I don''t like dealing with it on a daily basis, and Shorewall certainly makes life easier. I''ve deployed Shorewall on both our Toronto and Ottawa office firewalls, and have configured a FreeS/WAN IPSEC

I''m wondering if the following is possible under recent versions of shorewall: 1. We have several class-C networks from both UUNet and Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

Hi, it seems not to be possible to add more than one host at once to a zone. So shorewall add br0:eth0:192.168.2.10,eth0:192.168.2.11 work fails, since "br0:eth0:192.168.2.10,eth0" is interpreted as one interface. --snip -- iptables v1.2.9: interface name `eth0:192.168.2.10,eth0'' must be shorter than IFNAMSIZ (15) Try `iptables -h'' or ''iptables

I am looking at using Shorewall in a local college. There will be a default set of firewall rules, but for some lessons certain classrooms will be granted full Internet access (this will be done by the lecturer via a web interface). I am seeking suggestions for the best way to implement this under Shorewall. I think it might make sense to make each classroom a separate zone, but is there a dynamic

Hello, everybody! I have two networks (192.168.1.0 and 192.168.2.0) connected across a wireless router with two NICs. I can ping everything allright via ip address, but not by name across subnets. Things on the same subnet ping allright by name. Here are the smb.conf files for my two master browsers: #(192.168.1.249) [global] workgroup = THEBAND netbios name = Yesteryear

Hello Shorewall users I have a firewall based on RedHat 8.0 and Shorewall. I have 2 interfaces, with 2 ip address on the loc interface, the connection to the internet runs through my company''s network with an ADSL/MPLS line. I need to configure my Shorewall with the possiblity to deny some users'' access to the ''net'' for some subnet. Ex. my son''s

Hello, I have 2 ISP uplinks (zones: inet1 and inet2), each with a fixed IP on the outside and a routed subnet (/25 and /26) on the inside. So, behind the firewall i have 2 networksegments (lan1 and lan2) with public IP-addresses. The segments are completely isolated from eachother: hosts in zone "lan1" connect only to "inet1" and hosts in zone "lan2" only connect

Hi there, I''ve read Routing on One Interface, and Shorewall and Aliased Interfaces docs but I''m a little confused, and all my test attempts have mostly failed. Here is my setup: CentOS 4.2 ShoreWall 3.0.2 My server has a subnet 192.168.50.0/29 routed to it via 192.168.1.2. Currently 192.168.1.2 is setup on eth0. With no ShoreWall involved routing seems to work if I just setup

Hello all, i am new to shorewall and i already have a question ;) i am running a mailserver in my dmz (or actually this will be when = evertything will be working fine with shorewall) with public ip = addresses.. i have a subnet of 8 ip addresses (255.255.255.248 mask) and = i was planning of the classic 3 nic (eth0-2) setup... the dmz should = work with proxy-arping...=20 now my quesion is

Beta 1 is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Features include: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for helping with updating the sample configurations. New in 1.3.14: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

I have defined a Home zone and placed it before the Net zone. Defined a host 192.168.174.242 as a trusted host. Now if I ping from 242 to my fw it works just fine (also tweaked the norfc1918 file). Thing I do not understand is why if I try pinging or FTPing from FW to 242 I hit the all2all reject rule ! I tried reading the rules and from the INPUT chain I see a eth0_in chain which in turn

Via creative use of the instructions at http://shorewall.net/Multiple_Zones.html#id2497549. But can a zone (in shorewall/interfaces) reference multiple interfaces? I have two openvpn instances running on my server, one bridged (for upstream access to some client vpn''s so I don''t have to request the clients add new subnets to their routing tables) and one routed (for nailed

I''m happily running two four zone/four nic shorewall firewall configuratoins. Great software, works as expected everytime! We are conteplating a larger and more complex firewall configuration that may include as many as twelve zones with trying to cram as many as 8+ interfaces into a single machine. Are there any draw backs to this amount of zones and interfaces into a single

Using Mandrake MNF which uses shorewall as it''s firewall. My firewall is simple with just two interfaces. One on the internet one on the local network. I can''t browse out to the internet with a browser. Or connect to my external mail server. If I set up the proxy server and set my browser to connect via the proxy I can browse the internet. But still can''t get mail to

I have read everything I can find in the docs and faqs about this, and I feel there must just be some simple thing I''m not doing, but I''m stumped. Two interfaces, eth0 and eth1.  eth1 is the WAN connection to the upstream provider, and has a single IP and the default gateway.  Connection uses bgp. eth0 is the LAN interface, and has multiple IP addresses, private (ie., 10.0.2.x)

Hello all, Name is Andrew and in desperate need of some info. Setup: - Mandrake 9.1 with three interfaces (eth0 --> WAN) C-class /28 network (with tree virtual addresses which I am DNAT-ing to the DMZ) (eth1 --> LAN) A-class 10.0.0.0/8 (eth2 --> DMZ) A-class subnet 10.1.123.0/24 - Running stock Shorewall ver: shorewall-1.3.14-3.1.91mdk Dilemma: - LAN can not access the DMZ zone