Displaying 20 results from an estimated 100 matches similar to: "Re: routing between networks on same"
2002 Oct 12
2
logs analise
My logs show thats:
A internal client search my proxy
(192.168.0.3)
Oct 12 12:40:33 massayo kernel:
Shorewall:all2all:REJECT:IN=3Deth1 OUT=3D
MAC=3D00:e0:7d:82:0f:fe:00:04:75:99:28:63:08:00
SRC=3D192.168.0.215 DST=3D192.168.0.3
LEN=3D63 TOS=3D0x00 PREC=3D0x00 TTL=3D128
ID=3D25902 PROTO=3DUDP SPT=3D3028 DPT=3D53 LEN=3D43
Why OUT is empty?
From: Server (DMZ)
Oct 12 12:40:34 massayo kernel:
2002 Oct 25
3
Neighbour table overflow
--kXdP64Ggrk/fb43R
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello everyone,
I''m using Shorewall 1.2.12-1 on Debian 3.0, with the 2.4.17 kernel. I
am seeing some interesting log entries, and after reading the
documentation at Google and netfilter.org I have a couple questions.
To begin, here are the entries I am
2005 Jul 12
1
Tripplite and newhidups
--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
I'm trying to set up a TrippLite Internet Office 750 just like this guy:
http://lists.alioth.debian.org/pipermail/nut-upsuser/2005-June/000007.html
Here's the output of a few interesting commands
stuart@tyro:~+ dpkg-query -l nut nut-usb| tail -n2| awk
2005 Jun 02
1
Logcheck flagging "RIP" requests from Router
I enabled logcheck on a Debian Sarge box and it is including in it's reports
hundreds of lines like this:
Jun 2 17:56:09 localhost kernel: PUB_IN DROP 4 IN=eth0 OUT=
+MAC=ff:ff:ff:ff:ff:ff:00:09:5b:e9:56:a0:08:00 SRC=192.168.13.10
+DST=192.168.13.255 LEN=52 TOS=0x00 PREC=0x00 TTL=1 ID=20692 PROTO=UDP SPT=520
+DPT=520 LEN=32
Jun 2 17:56:39 localhost kernel: PUB_IN DROP 4 IN=eth0 OUT=
2018 Sep 19
1
[Bug 1280] New: meta pkttype incompatible? with ingress
https://bugzilla.netfilter.org/show_bug.cgi?id=1280
Bug ID: 1280
Summary: meta pkttype incompatible? with ingress
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: major
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
2005 May 20
1
Shorewall 2.2.5
This will be my last 2.2 release. It contains a couple of small bug
fixes that I had laying around.
http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5
ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5
1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would
still be used if the kernel supported it.
2) A typo in the ''tunnel'' script has been corrected
2017 Apr 02
2
[Bug 1141] New: trace aborts using pkttype on ingress
https://bugzilla.netfilter.org/show_bug.cgi?id=1141
Bug ID: 1141
Summary: trace aborts using pkttype on ingress
Product: nftables
Version: unspecified
Hardware: x86_64
OS: other
Status: NEW
Severity: major
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
2007 Jul 26
1
Re : DMZ and LOG
hello Tom
>Another very likely cause is that Shorewall-shell is generating a pkttype
>test to identify multicast packets. This can be unreliable and can be
>avoided by setting PKTTYPE=No in shorewall.conf.
After using PKTTYPE=No in shorewall.conf , my syslog is clean now.
Do you mean that adding the following line in /etc/shorewall/interfaces is suffiscient?
dmz eth1
2004 Jul 21
2
Small Modification to the Shorewall Release Model
After gaining some experience with the new release model, it has become
apparent to me that a small adjustment is warrented. I previously
announced that updates to the stable release would only contain bug
fixes. I''m modifying that slightly to allow for small low-risk
enhancements; large and/or risky enhancements will still be restricted
to the development release.
We have seen this
2014 Jun 26
2
Firewall question
I have a firewall rule to drop packets from certain addresses: (email spam)
my /etc/sysconfig/iptables begins as:
# Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:148]
-A INPUT -m pkttype --pkt-type multicast -j ACCEPT
-A INPUT -s 223.255.229.0/24 -j DROP
-A INPUT -s 218.96.0.0/24 -j DROP
-A INPUT -s
2004 Oct 30
4
modules ipt_conntrack ipt_pkttype not found
Hello,
I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18
homemade kernel).
When I start shorewall I got the following errors.
Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack
Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype
Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype
Oct 30
2004 Sep 26
1
routing between networks on same interface
Hello Tom and others,
At first I want to say THANK YOU, for neverending support and development
Shorewall firewall.
I just upgraded from 1.x version to 2.0.7. I have several networks defined on
same interface. These are /30 networks, defined on ethernet interface where hw
wifi access point is connected to. I used this configuration to be able to get
accounting information about traffic between
2005 Jul 02
6
Port redirection on standalone pc to pop3 proxy AV scanner
G''day all.
I''m trying to set up Clam AV scanning of incoming POP3 email to my
Thunderbird mail client; I have a standalone laptop with a 56k dialup
connection to my ISP.
I can''t seem to get port redirection working: I''m trying to redirect
incoming POP3 mail from my ISP''s mail server to p3scan which is
listening on 127.0.0.1:8110 and will do the AV
2007 Jul 26
2
DMZ and LOG
Hello !!
I ve just install shorewall-common and shorewall-shell
I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts
fast eth2:172.17.0.0/16
epac eth2:172.18.0.0/16
fsa eth2:172.19.0.0/16
bu eth2:172.20.0.0/16
recto eth2:172.21.0.0/16
dmz eth1:81.91.225.224/27
I receive this error:
ERROR: Invalid zone definition for
2004 Oct 07
3
builtin action dropBcast - How to disable? - I''m not subscribed to the mailing list
Hi all,
I''m using Fedora Core 2, kernel 2.6.5. I''ve
installed shorewall 2.1.9 from rpm package.
It seems that there is a builtin action called
"dropBcast" drops all broadcast packages on my
ethernet interfaces base on package type
"pkttype=broadcast". For a particular reason, I
need all traffics of broadcast packages are
allowed to pass my ethernet
2005 Feb 28
1
Mail server on DMZ
Hello,
I have this problem: when my mail server on the DMZ starts a connection to
the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip
(213.58.230.50). I wouldn''t mind but there is a one customer who rejects the
connection because it makes reverse dns and finds no dns entry for the
firewall ip.
How can i correct this?
Thanks,
MSantos
shorewall
2005 Mar 07
10
DNS Name problem with mail server on LAN
Hi,
I have a big "name problem" with my internal mail server (10.0.0.152).
It is "seen" on the internet through DNAT (213.58.230.27). Also there is a
MX record pointing to the machine. Everything works fine from the outside.
However i can''t set the mail clients on the lan pointing to the mx record,
because this one points to 213.58.230.27 and the firewall
2004 Dec 28
5
Multiple IP´s in one Zone
Hi everybody
I have a Problem with Masquerading from my local net (loc) to my VPN (loc2).
I can reach every Service from loc2 in loc, but I can''t get reach any
service from loc in loc2.
Has somebody an Idea where my mistake is ?
Without shorewall, it was working.
Thanks for helping
Lars
Technical Information :
Shorewall 2.0.13
Suse 9.0
*177.177.77.X The first 3 Counts are changed
2006 Jan 28
3
Shorewall/Xen setup (correct from-address this time)
(if this post gets line-feed-mangled please read
http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled
version, thank you)
Hello,
first I would like to thank the Mr. Eastep and contributors for this great piece
of software and superb documentation.
I have a SOHO server (Debian testing) that I''m using for several purposes so
I''ve set up a Xen
2004 Nov 29
2
SFTP
(anonymous post) I have a simple 2 interface firewall setup and all is
good, almost. I am hosting virtual websites and DNS behind shorewall no
problem. However I am trying to use SFTP via a different port number and
have no luck even though Putty works well. Is there anything weird to
sftp and shorewall? My lab uses a different firewall (firestarter) and
it works OK.
I am using;
DNAT net