similar to: Help with rules

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Hi all, its a real nightmare for me. Although i have read and searched the web for two weeks i can`t get shorewall to work. problem is that we have only one server that acts as fileserver (samba, nis, nfs) and router/firewall for the lan. the server has two interfaces eth0 = lan and eth1 = internet. The only what we need is full access from the lan to the firewall and restricted access

Hello Tom, I''ve been using Shorewall for years without problems. My previous version of shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using rpm to 2.0.8-1. After update no one can connect to any interface from net. Server can connect to outside world fine and those described in routestopped have no problem connecting. Any help correcting this problem would be

Hello, Thanks for the great Shorewall which has replaced my hard to maintain home-made scripts. First, what works. Our local network is 10.48.X.X with multiple vlan, each on a dedicated interface. We use Shorewall 4.4.11 from Debian Squeeze. We have a 2 ISP: - isp1 : an optical fiber provider with 10 Mbps. - isp2 : a DSL provider with 15Mbits/1Mbits. We use isp2 as the default outgoing

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None fw net ACCEPT None None net Any

Shorewall version 2.2.1 2 Interface setup. eth1: 10.10.1.3 eth0: 192.168.1.2 modem is 192.168.1.1 I need to be able to connect to my adsl modem, but when shorewall is up I get connection rejected. I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop # RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection rejected Is there

Hey First, apologies if this went out twice. I sent the original email from an odd email configuration (essentially from an alias of what I signed up as). I searched and noticed that my post did not appear and I did not get a bounce back so I was confused. I waited a few days before resending. So apologies if this goes out twice. I am not trying to spam. I was hoping someone could help me with

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

Having a problem with the 3 interface setup. I can get DMZ hosts, and FW to see internet, but anything on LOC interface is unable to get out. My first post to the list didn''t have the information needed, sorry for that, but thank you for pointing me to more resources. I''ve looked at the problem myself some more, but am still stuck. Shorewall Version: 2.2.1 ip addr show 1:

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

Hello, I am not able to use ftp and ssh on the lan. Both the port are open. I have the lines on the rules file : # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 # # Accept ftp connections from the local network for administration # ACCEPT loc fw tcp 21 Thanks in advance Varun

Hello I have DSL 2000 (2048 kbit/s download and 256 kbit/s upload) I have ping to fast sites very high: 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=3 ttl=50 time=2185 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=4 ttl=50 time=1983 ms 64 bytes from w2.rc.vip.scd.yahoo.com (66.94.234.13): icmp_seq=5 ttl=50 time=1826 ms and I know why. I have 2 interfaces:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, I''m a bit confused on the rules and would like your help. I''ve 4 NIC, eth0 --> WAN (net) eth1 --> OSPF1 (bb1) eth2 --> OSPF2 (bb2) I would like to enable all the icmp function (ping and traceroute) Wonder what effect will the following policy make. bb0 all ACCEPT info bb1

Hi, I need a help... I''m a beginner with shorewall. I have two shorewall firewalls, each with a link. FW (a) - w/ openVPN eth0 = 192.168.150.5/24 eth1 = 192.168.200.5/24 eth2 = public IP eth3 = 192.168.120.5/24 tun240 = 10.240.255.1 /etc/shorewall/zones all zones declared as ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS tlm eth0

Hello everybody: Here is my "network layout": ISP1 ISP2 | | | | +-----eth0---------eth1------+ | | | FC 3 box | | | +-----eth2---------eth3------+ |

Hi List, I read this list for nearly two years and learnt a lot, but now i have a very strange problem I can''t solve.. I have a firewall machine running Debian, which connects a small office to the internet via a DSL-line (with pppoe) and which is running Shorewall. It allows all outbound traffic and accepts pptp, openvpn and ssh-connections (on a non-standard port) from the internet.

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

Hi people, I am running the latest version of Debian ''Sarge''. I have installed hopefully the latest version of shorewall, as followed by the website. The firewall has been installed with no problems, runs ok, but I have found a strange problem, maybe it me *shrug* My setup: Internet<-->cablemodem<-->Debainfirewall<-->hub<-->windowspc I am cable, and