Displaying 20 results from an estimated 7000 matches similar to: "lan addreses visible"
2004 Dec 10
9
parallel zone: loc2 is composition of loc1
i have no idea how to definie for a parallel zone the host file if the
second zone (net) should be the composition of the first zone (dmz).
i tried all the following combinations in the interface and host files:
interface:
- eth0 - (variante 1)
- eth0 192.168.0.255,255,255,255,255 (variante 2)
- eth0 192.168.0.255,!192.168.0.255 (variante 3)
2004 Jan 09
32
Ideas for Shorewall 2.0
I''m beginning to think again about what will be different in 2.0. Here
are some thoughts.
a) User-defined actions will be emphasized.
- A library of actions will be available with names such as:
AcceptSSH
AcceptDNS
DropWindows (drops all SMB noise)
DropBroadcasts (Silently drop all Broadcast traffic)
...
The possibilities are nearly endless but should
2008 Mar 13
15
using norfc1918
Hello Tom.
Sorry, don't answer on my previouse letter, i forget to set
subject. I fix this in current. And now about my question.
I ask you before about method of stopping RFC1918 traffic on
external interface and you advised me follow rule:
REJECT! all net:$RFC1918_NETS
Can i replace this rule by 'norfc1918' option in 'interfaces'
file for this interface?
2005 Mar 10
7
norfc1918 not working in SW 2.2.1?
Hello all,
Yesterday I noticed that my system was "leaking" traffic towards the
10/8 network, I have shorewall installed on multiple machines ranging
from single interface devices to ones with 10+ interfaces. I tested all
the boxes and they are showing the same behavior.
All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp.
Shorewall version: 2.2.1
For the host mentioned is a single
2008 Mar 10
2
When starting shorewall its display rfc1981 error
Hello ,
The folllowing is the error problem:
Validating interfaces file...
ERROR: The ''norfc1918'' option may not be specified on an interface with an RFC 1918 address. Interface:eth2
The shorewall interface file:
net eth2 detect tcpflags,routefilter,norfc1918,nosmurfs,logmartians
P.S. I tried to remove norfc1918 from interface
2004 Nov 24
10
Attack from local network or...?
Hello,
when I execute "shorewall hits" command I find this stats:
HITS IP DATE
---- --------------- ------
92099 192.168.0.2 Nov 24
7764 59.104.107.85 Nov 23
3997 192.168.1.77 Nov 24
337 181.50.93.89 Nov 23
331 59.104.156.68 Nov 23
315 99.109.157.73 Nov 23
301 190.225.157.40 Nov 23
275 179.153.183.53 Nov 23
268
2005 May 30
13
RE: Proxy ARP working from Internet butnotfromfwand loc
Hi Alex, and thanks for your time.
Probably not.
The servers are only configured like they where when they where parallel to
the fw.
Just the default gateway, same as for the external interface on the fw.
That''s what the documentation instructed to configure the servers using arp.
But is it required with extra configuration on the server connected via
proxy arp?
Or is it some parameter
2005 Mar 01
11
Can''t connect to Modem
Shorewall version 2.2.1
2 Interface setup.
eth1: 10.10.1.3
eth0: 192.168.1.2
modem is 192.168.1.1
I need to be able to connect to my adsl modem, but when shorewall is up I
get connection rejected.
I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop #
RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection
rejected
Is there
2005 Feb 13
14
How to allow specific services for machines in LAN behind router?
Hi
I know I still need to learn a lot about firewalls so if I''ve missed
some doc I should have read don''t hesitate to point it out to me.
I have set up shorewall on my desktop and my laptop and everything
appears to be working fine but now I''d like to allow certain services
(like shh, rsync, unison, http) between these two PC''s.
My LAN looks like this:
2005 Jan 03
1
vpn2fw before nordc1918 in ???_in
I am not subscribed to the list, so if you could CC me on replies, it
would be appreciated.
Hi there. I am running 2.0.8 on a linux 2.6 kernel with ipsec (i.e. no
ipsec<n> interfaces).
Since ipsec traffic comes in on the same interface as "net" traffic, I
have been looking at the rules for "eth0_in" on my ipsec
gateway/firewall. I see that "norfc1918" is
2009 Jun 18
9
Redirect port 80 away from Shorewall?
Hi There,
Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1)
But the real web server is on another box (192.168.1.2)
I tried to put rule:
DNAT net loc:192.168.168.1 tcp 80
But everytime www connection coming in, it will hit my shorewall
Any solution?
Cheer
Access Yahoo!7 Mail on your mobile. Anytime. Anywhere.
Show me how:
2004 Oct 20
11
Shorewall, Freeswan and SuSE 9.1
I have been using shorewall and freeswan successfully for 3 or more
years now. But they have all been using the Linux 2.4 kernel. My current
configuration is (as the title suggests) using SuSE 9.1 which has a
2.6.5 kernel and freeswan 2.0.4 built-in.
After much reading and a lot of trial and error, I did get this
combination to work with Shorewall 2.0.9. It is happily talking to an
older Mandrake
2004 Aug 30
4
DROPPED SYN Packets
Hi,
One person, trying to access my website has troubles doing so. All other
users do not have a problem.
I have a cable modem, with a shorewall 1.4 machine behind it. On the second
interface of the shorewall machine I have a few machines, of which one is
the webserver.
Checking the logfile I see the following messages:
Aug 30 21:24:16 gatekeeper kernel: Shorewall:rfc1918:DROP:IN=eth1
2004 Dec 21
2
Defining "trusted" hosts/nets on a single interface system
Ok, I give up. I tried, really hard, before asking but I must be the
most stupid shorewall user on the planet :(
My laptop runs a single eth0 interface and knows Net and Firewall as
zones and the default "inbound" policies are Net->Any DROP and >ny->Any
REJECT.
Now at home I have my trusted 192.168.174.240/29 subnet which hosts my
very trusted 192.168.174.242 host and I
2004 Dec 28
14
DHCP
Good day to all.
I don''t like to Post unless I am really stuck. Guess what?
Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled).
All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine
2005 May 29
17
Plans for 2.4.0
Hi folks,
Has anyone tested the changes to multiple ISPs/load balancing or
routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we
will use for determining whether 2.4.0 is ready for release.
I''ve started configuring a firewall at work with the multiple ISPs
support, but its kernel doesn''t have connection marking support, so it''s
going to be a couple of
2005 Feb 08
15
Few questions
Hi,
I have a few problems with my shorewall configuration.
First of all, the option maclist seems no to be recognized.
I have this:
ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#''
- eth1 detect dhcp,tcpflags,routefilter
loc eth0 detect tcpflags,maclist
When I look at shorewall-init.log, I found out:
2005 May 06
8
Port forwarding on Shorewall box behind NAT ADSL router
Hi,
Before I go any further, I''m no networking expert, and the sheer volume
of documentation on the Shorewall website makes my brain hurt..
Some time ago I moved from an area with cable internet to an ADSL only
area. While on cable, I''d set up an old P3 box running Gentoo as a
firewall/gateway/file server, running shorewall (currently v2.2.3) and
dnsmasq. I''d
2004 Jan 15
2
Crypto API and Shorewall
A number of you are flailing around trying to get the subject combination to
work.
You should all be aware that there are parts of this that don''t currently work
and that won''t work well until there are enhancements made to Shorewall (and
probably to Netfilter).
I. There is no clean way currently to support Road Warriors from a
Masquerading Netfilter firewall/gateway. As
2004 Dec 29
18
No response on port 80 with Shorewall
I have problem getting answer on http request from all my local subnets
but not from local subnet.
Ping and requests on ports 21 22 23 25 110 works fine.
I logged port 80 in rules files and I got
accept entry same for local subnet and other subnets.
Local subnet is 192.168.6
Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT=
MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00