similar to: Re: routing between networks on same

My logs show thats: A internal client search my proxy (192.168.0.3) Oct 12 12:40:33 massayo kernel: Shorewall:all2all:REJECT:IN=3Deth1 OUT=3D MAC=3D00:e0:7d:82:0f:fe:00:04:75:99:28:63:08:00 SRC=3D192.168.0.215 DST=3D192.168.0.3 LEN=3D63 TOS=3D0x00 PREC=3D0x00 TTL=3D128 ID=3D25902 PROTO=3DUDP SPT=3D3028 DPT=3D53 LEN=3D43 Why OUT is empty? From: Server (DMZ) Oct 12 12:40:34 massayo kernel:

--kXdP64Ggrk/fb43R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello everyone, I''m using Shorewall 1.2.12-1 on Debian 3.0, with the 2.4.17 kernel. I am seeing some interesting log entries, and after reading the documentation at Google and netfilter.org I have a couple questions. To begin, here are the entries I am

--zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable I'm trying to set up a TrippLite Internet Office 750 just like this guy: http://lists.alioth.debian.org/pipermail/nut-upsuser/2005-June/000007.html Here's the output of a few interesting commands stuart@tyro:~+ dpkg-query -l nut nut-usb| tail -n2| awk

I enabled logcheck on a Debian Sarge box and it is including in it's reports hundreds of lines like this: Jun 2 17:56:09 localhost kernel: PUB_IN DROP 4 IN=eth0 OUT= +MAC=ff:ff:ff:ff:ff:ff:00:09:5b:e9:56:a0:08:00 SRC=192.168.13.10 +DST=192.168.13.255 LEN=52 TOS=0x00 PREC=0x00 TTL=1 ID=20692 PROTO=UDP SPT=520 +DPT=520 LEN=32 Jun 2 17:56:39 localhost kernel: PUB_IN DROP 4 IN=eth0 OUT=

https://bugzilla.netfilter.org/show_bug.cgi?id=1280 Bug ID: 1280 Summary: meta pkttype incompatible? with ingress Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

This will be my last 2.2 release. It contains a couple of small bug fixes that I had laying around. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.5 1) Previously, if PKTTYPE=No in shorewall.conf then pkttype match would still be used if the kernel supported it. 2) A typo in the ''tunnel'' script has been corrected

https://bugzilla.netfilter.org/show_bug.cgi?id=1141 Bug ID: 1141 Summary: trace aborts using pkttype on ingress Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: kernel Assignee: pablo at netfilter.org

hello Tom >Another very likely cause is that Shorewall-shell is generating a pkttype >test to identify multicast packets. This can be unreliable and can be >avoided by setting PKTTYPE=No in shorewall.conf. After using PKTTYPE=No in shorewall.conf , my syslog is clean now. Do you mean that adding the following line in /etc/shorewall/interfaces is suffiscient? dmz eth1

After gaining some experience with the new release model, it has become apparent to me that a small adjustment is warrented. I previously announced that updates to the stable release would only contain bug fixes. I''m modifying that slightly to allow for small low-risk enhancements; large and/or risky enhancements will still be restricted to the development release. We have seen this

I have a firewall rule to drop packets from certain addresses: (email spam) my /etc/sysconfig/iptables begins as: # Generated by iptables-save v1.4.7 on Thu Jun 26 09:11:09 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1:148] -A INPUT -m pkttype --pkt-type multicast -j ACCEPT -A INPUT -s 223.255.229.0/24 -j DROP -A INPUT -s 218.96.0.0/24 -j DROP -A INPUT -s

Hello, I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18 homemade kernel). When I start shorewall I got the following errors. Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30

Hello Tom and others, At first I want to say THANK YOU, for neverending support and development Shorewall firewall. I just upgraded from 1.x version to 2.0.7. I have several networks defined on same interface. These are /30 networks, defined on ethernet interface where hw wifi access point is connected to. I used this configuration to be able to get accounting information about traffic between

G''day all. I''m trying to set up Clam AV scanning of incoming POP3 email to my Thunderbird mail client; I have a standalone laptop with a 56k dialup connection to my ISP. I can''t seem to get port redirection working: I''m trying to redirect incoming POP3 mail from my ISP''s mail server to p3scan which is listening on 127.0.0.1:8110 and will do the AV

Hello !! I ve just install shorewall-common and shorewall-shell I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts fast eth2:172.17.0.0/16 epac eth2:172.18.0.0/16 fsa eth2:172.19.0.0/16 bu eth2:172.20.0.0/16 recto eth2:172.21.0.0/16 dmz eth1:81.91.225.224/27 I receive this error: ERROR: Invalid zone definition for

Hi all, I''m using Fedora Core 2, kernel 2.6.5. I''ve installed shorewall 2.1.9 from rpm package. It seems that there is a builtin action called "dropBcast" drops all broadcast packages on my ethernet interfaces base on package type "pkttype=broadcast". For a particular reason, I need all traffics of broadcast packages are allowed to pass my ethernet

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Hi, I have a big "name problem" with my internal mail server (10.0.0.152). It is "seen" on the internet through DNAT (213.58.230.27). Also there is a MX record pointing to the machine. Everything works fine from the outside. However i can''t set the mail clients on the lan pointing to the mx record, because this one points to 213.58.230.27 and the firewall

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

(anonymous post) I have a simple 2 interface firewall setup and all is good, almost. I am hosting virtual websites and DNS behind shorewall no problem. However I am trying to use SFTP via a different port number and have no luck even though Putty works well. Is there anything weird to sftp and shorewall? My lab uses a different firewall (firestarter) and it works OK. I am using; DNAT net