similar to: nessusd on shorewall

Has anyone encountered a situation where packets dropped by the newnotsyn chain can result in sporadic browsing problems, slowness, and even timeouts? I noticed that of the 3300 hits for newnotsyn in our current log (6 hours worth), over 2700 of them were to/from our proxy servers. And browsing through them, most *appear* to be otherwise valid packets from remote web servers that would have

Hello, I''ve been doing some tests on a firewall system running Shorewall 1.4, and have been getting some unexpected behavior when enabling the "newnotsyn" option. In the test setup, I have: ---------------------------------------- /etc/shorewall/interfaces net eth0 detect routefilter,tcpflags,blacklist loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn

I'm trying to get nessus setup for doing some internal security checking. I installed the ports for nessus and nessus-plugins, and everything worked as expected. I then registered for the full feed of plugins, which got me up to over 10,000 plugins. I restarted nessus, and it didn't work at all. I am running without X11, so I'm doing batch runs. I already have nmap installed, so I

There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" on the web site and in the CVS configuration files (Shorewall/ project). The documentation in 1.4.9 will also contain this change. -Tom -- Tom Eastep \

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

I have had to replace an existing setup which has a bunch of IPs Proxy-NAT''ed onto the loc segment. While I do eventually want to move them to their own segment, I have to deal with this for the next few weeks. My problem is that from a loc system I can ping the public IP of a system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being blocked according

Hello all, I’m running Shorewall 2.2.1 on linux kernel 2.6.10 with iptables 1.2.11. I recently ran a nessus scan of my firewall from a machine outside of the firewall and the nessus report told me that there are some ports open that I did not specify to be open. The ports are 32772/udp, 123/udp, 111/tcp, 32772/udp, and 53/udp. Why are these ports open when I did NOT specify them to be open

Hi All, Issue: My Syslog logging doesn''t seem to work for REJECT / DROP policies Context: Shorewall version 1.4.4b on a single IP address setup Diagnosis: Default /etc/shorewall/common.def triggers a DROP prior to policy based -j LOG actions For example selected lines (from the generated iptables) ... The net2all policy: a) -A net2all -m state --state RELATED,ESTABLISHED -j ACCEPT

Hi, I''m running shorewall-2.0.8-1mdk with iptables-1.2.9-7.1.101mdk on kernel-2.4.22-30mdk, Mandrake 10.1 (kernel-2.6.8.1.10mdk-1-1mdk is installed, but I haven''t rebooted yet). I get a significant number of newnotsyn packet denials from existing, valid connections. Most of these seem to be on port 80 and port 25, and directionality doesn''t seem to matter (I run

Hi Guys, I need some help. I''ve been using shorewall for a while now and it''s been running beautifully, but I''m now experiencing some problems. It seems that connections are getting dropped much like the behavior described by the NEWNOTSYN=no option in the shorewall.conf file, but I have NEWNOTSYN=Yes in my file. The messages I see in my logs are things like:

Hi, I have a install of shorewall I have 2 interfaces(I think) ppp0[connection device] and eth0 [LAN device], I want to allow all traffic from the the internet in or aleast port 80 and CVS and webmin and mail and everything normal to the main machine with shorewall on it. I changed to policy file but it just gave me errors as to double interfaces. I also what still to alow connection sharing

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

https://bugzilla.netfilter.org/show_bug.cgi?id=870 Summary: Iptables cannot block outbound packets sent by Nessus Product: iptables Version: 1.4.x Platform: x86_64 OS/Version: Ubuntu Status: NEW Severity: normal Priority: P5 Component: iptables AssignedTo: netfilter-buglog at lists.netfilter.org

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

Hi! Shorewall Users May I know ..what does it means ? Nov 5 12:43:34 netgw kernel: Shorewall:newnotsyn:DROP:IN=eth0 OUT= MAC=00:05:5d:4e:fc:62:00:d0:95:7a:d5:f1:08:00 SRC=210.59.230.239 DST=211.24.146.50 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=36787 PROTO=TCP SPT=80 DPT=20291 WINDOW=65160 RES=0x00 ACK FIN URGP=0 Best Regards, Support

Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) A problem introduced in earlier snapshots has been corrected. This problem caused incorrect netfilter rules to be created when the destination zone in a rule was qualified by an address in CIDR format.

Shorewall 1.4.9 is now available. http://shorewall.net/pub/shorewall/shorewall-1.4.9 ftp://shorewall.net/pub/shorewall/shorewall-1.4.9 Unless something urgent comes up, this will be the last release of Shorewall 1.x. Release notes are attached. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

What''s the difference between a newnotsyn DROP and a blacklist DROP? Also, there''s a web site (SRC=62.193.203.132) that has been trying to connect to port 25 for a couple of weeks now. Is there a way to get someone upstream to add a block to that site for a small fish like me?

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and