similar to: Article

I''m asking this question for the sysadmin where I work. Will Shorewall do this? Joe, I am looking for a linux router that will look at the source IP (not the destination) and then forward the packet out a specific interface to another host. For example if a packet comes in to the linux router from NET-A it will forward the packet out INTERFACE-A to HOST-A. If a packet comes in to the

I just updated my webmin on my server and noticed that the module for Shorewall looked different. It looks like someone really cleaned it up and had it added to the Standard Webmin Module list. Woohoo. -- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***

I just updated my webmin on my server and noticed that the module for Shorewall looked different. It looks like someone really cleaned it up and had it added to the Standard Webmin Module list. Woohoo. -- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good either. ***

How do I allow traceroute to reach my server? Pings work fine but traceroute stops at the last hop before my server. If I shut off the firewall it reaches it fine. PING danicar.net (24.222.246.120): 56 data bytes 64 bytes from 24.222.246.120: icmp_seq=0 ttl=237 time=104.0 ms 64 bytes from 24.222.246.120: icmp_seq=1 ttl=237 time=74.9 ms 64 bytes from 24.222.246.120: icmp_seq=2 ttl=237 time=90.6

I''m thinking the answer is no but I thought I ask anyway. Is there a way to find out the MAC address of of an incoming connection using the logs generated with shorewall? It would be nice that way if someone''s IP changes you can at least still be blocking the MAC. -- Joe *** I can only please one person a day. Today is not your day and tomorrow doesn''t look good

Shorewall-users -- confirmation of subscription -- request 533537 We have received a request from 207.34.24.8 for subscription of your email address, <jgofton@danicar.net>, to the shorewall-users@shorewall.net mailing list. To confirm the request, please send a message to shorewall-users-request@shorewall.net, and either: - maintain the subject line as is (the reply''s additional

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''ve put together a new article describing Shorewall Actions -- http://shorewall.net/Actions.html. Hopefully this article will be clearer than its predecessor. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''ve written an article that describes the cause of some of the more frequently seen error and warning messages generated by Shorewall. You may find the article at http://shorewall.net/ErrorMessages.html. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to

This article discusses how VPN and Netfilter interace and enumerates the rules that entries in the /etc/shorewall/tunnels file generate. http://shorewall.net/VPNBasics.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net ---------- Forwarded message ---------- Date: Tue, 26 Aug 2003 22:45:49 -0400 (EDT) From: Jim Seymour <jseymour@LinxNet.com> Reply-To: postfix-users@postfix.org To: postfix-users@postfix.org Subject: Re: Stop Using relays.osirusoft.com *NOW*! jseymour@LinxNet.com

Please see http://shorewall.net/PacketHandling.html. It details the flow of a packet through a Shorwall-generated firewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

This article describes how to implement "Port Knocking" in Shorewall. http://shorewall.net/PortKnocking.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

In /etc/shorewall/masq I have: eth0 eth1 eth0 vmnet1 eth0 vmnet8 ------------- eth0 is my default route to the Linksys router connected to the cable modem. eth1 is my connection to 192.168.1 subnet and it is the gateway for all other machines on this subnet. My routing table is: # netstat -nr Kernel IP routing table Destination

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a situation where some Poptop/PPTP sessions (only with FC5/Shorewall to FC5/Shorewall firewall in between) cause the following to appear in the state table (shorewall show connections). unknown 47 420 src=XX.234.79.183 dst=XX.234.137.226 packets=2 bytes=130 [UNREPLIED] src=XX.234.137.226 dst=XX.234.79.183 packets=0 bytes=0 mark=0 use=1

I have a setup something like this: WWW -- ADSL Router -- Gateway -- LAN 10.0.0.2 --> <-- 10.0.0.1 192.168.0.1 --> <-- 192.168.0.X Shorewall Squid proxy On the gateway, shorewall is sucessfully redirecting port 80 from the LAN to the proxy on port 3128. Is it possible to also redirect

Hi ! I found an excellent article about QoS and traffic shaping for VoIP (Asterisk IAX protocol), which is designed to improve sound quality even over very busy lines. http://www.howtoforge.com/voip_qos_traffic_shaping_iproute2_asterisk Should I just cut and paste all that to shorewall''s tcrules (replacing 4569 with 5060)? Additionally, author of this article uses IAX protocol,

Dear List, I am trying to setup shorewall on a co-located server which is part of a /24 network of which I have 5 IP addresses. Here is my setup in more detail: [root@mail root]# shorewall version 2.0.9 [root@mail root]# ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host

Hello, First , thanks to Tom for it''s great job ! Netfilter is really easy and powerfull with shorewall. So, I have configured two firewalls whith shorewall using keepalived for the redundant VRRP stuff. FW-a is MASTER and FW-b is BACKUP. Everything works correctly and FW-b upgrade to MASTER when FW-a is down or disconnected. FW-b downgrade to BACKUP when FW-a comes back. But when I

Gents, I have build a four interface firewall using Redhat V7.3 using a kernel supplied from the PoPTop website. Obviously I have poptop installed, and it seems to be working just fine. Anyway, I also have Shorewall installed, and it seems to be working just dandy except for one small problem. A little infor first. The interfaces/zones are ... net eth0 loc eth1 192.168.10.0/24 wlan eth2