similar to: Please help

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

Hello, Please see the following picture: http://www.wilson-kwok.com/pptp.jpg I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server, and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server, but I cannot connect from my home to pptp server. Here is the nat file: 210.0.0.1 eth0:2 192.168.0.2 Here is the rules

Hi everyone! I''m having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: root@emudar:~# telnet

Hello, On my systems i use shorewall 3.2.6. Now all systems where replace by new ones with new ip''s. So i tried with DNAT to map the old ip''s to the new one as long as DNS is updated. But i didn''t get it work. I see in tcpdump that a connect from client-ip to new-server-ip is done while connection the old on. But i get no response. Did i configure something in the

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

hi, I have a debian system with shorewall acting as a router between my adsl line and my local network. One of the things on that local network is my playstation, and I''m having trouble playing an online game with it - the game tries to access the internet, and then fails at the stage where it tries to find the game servers. The debian machine is 192.168.0.3, and the playstation is

Hello, I have a problem. I have a webserver/firewall/internet gateway machine with shorewall. The local network is masquerated. I am trying to get all packets coming from the internal network with the destination 133.211.9.10 on ports 80 and 110 (my external interface) to be redirected to the internal interface (192.168.9.2). My local network is 192.168.1.0/24. Thank you

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the

I''m trying to use my VPS server (single interface of course) as somewhat of a VPN gateway to my other location (which is not accessible directly from some places) where the openvpn server is running, and am kind of lost as to what to try next. I tried a redirect rule, but apparently shorewall didn''t like that (it just failed to start). I tried adding the rules via

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

I''ve got a Shorewall firewall setup that''s similar to the standard 3 interface configuration (net,loc,dmz). Several ports are forwarded from the internet to computers in the dmz. I''d like to have any connections to that same public IP address from either loc or dmz to be treated exactly as if they were coming in from the internet itself. There''s some

I''m not a subscribed user, so please cc me on any replies (fier0@bigfoot.com). I know this has been asked a few times, but i have not been able to find a direct answer. I was using shorewall with 2 nics, and it worked fine, except if that linux box went down then nobody could get out to the internet (and the wife would kick my ass). I''ve now started to use my linksys

We are trying to configure shorewall as follows: 1. We have shorewall running at gateway (172.16.1.1) with NAT. 2. We have a number of web servers (172.16.1.x/24). These web servers are accessed through port forwarding at the gateway (172.16.1.1) and websites are visible through virtual hosting through a web re-director. 3. Presently the proxy server runs in a transparent mode, i.e., all web

Hello! I have this situation / interfaces: Dsl0 - internet interface Eth0 - local network I have linux box with shorewall 2.2. And on the local network I also have a hardware router. I have connected WAN port with settings of my linux box and then created one more local network behind hardware router. It works fine. I then wanted to use VPN function of this hardware router, so i created

Hello all, I''ve read the shorewall guides and browsed through the mailing lists, but I haven''t been able to find out if the following is possible or not using shorewall. Our provider has given us 16 IPs + 4 in a separate range for our uplink. I would like to replace that router with a Linux box running shorewall with three interfaces. I want the DMZ to be a standard, routed

Hi, I have a client behind shorewall which has 2 IP: 192.168.8.35 is the real IP and 192.168.8.37 is the virtual IP. I have added DNAT rules into shorewall: DNAT net loc:192.168.8.35 tcp 11008 - 1.2.3.4 DNAT net loc:192.168.8.37 tcp 55000 - 1.2.3.5 1.2.3.4 and 1.2.3.5 is virtual IP

Hello all, I’m currently trying to figure out how to forward ports to guests that are on a NAT Network. I have followed the directions on https://wiki.libvirt.org/page/Networking under the “Forwarding Incoming Connections” Section and get connection refused when attempting to connect. System: Ubuntu Server 18.04.1 Virsh / LibVirtd Version: 4.0.0 Here’s the contents of /etc/libvirt/hooks/qemu  

Hi list, I have a shorewall installed on 2 interfaces which also has multiple static public IP. Let''s say I have 1.2.3.4 and 1.2.3.5. I have assigned nat with: 1.2.3.4 eth0 11.22.33.4 no no But then I have a situation where I need 11.22.33.44 to connect to a host in the net zone and appears also to be 1.2.3.5 not only 1.2.3.4. How to do it? TIA Willy

Hello all, I have a problem with external access to a postfix mailserver running on my firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows: eth0 is zone isf - this is an intranet to other companies eth1 is zone loc - local network eth2 is zone net - internet, fix ip adress eth0 and eth1 are bridged shorewall version 2.2.0-RC4 ip addr show 1: lo: <LOOPBACK,UP> mtu