similar to: masq - pings and connections get dropped after PREROUTING?

Displaying 20 results from an estimated 12000 matches similar to: "masq - pings and connections get dropped after PREROUTING?"

2004 Sep 29
10
DNAT + Masq Problem - Yes I read the FAQ I promise
I have a debian woody machine acting as a firewall for a small network. I am trying to do a simple DNAT to port 80 on the protected webserver and masquerade all traffic from the protect subnet outbound. After having read the FAQ and various posts regarding problems with DNAT I''m afraid I''m no closer to a solution. Based on the output from "shorewall show nat" I
2007 Mar 20
2
New Perl-based Compiler
My experimentation with a Perl-based compiler for Shorewall is beginning to bear fruit. Here is a timing from the main firewall at shorewall.net using the Perl-based compiler. That compiler generates a script that uses iptables-restore to configure Netfilter. root@lists:~/shorewall# shorewall restart . Compiling... Shorewall configuration compiled to /var/lib/shorewall/.restart Restarting
2004 Aug 07
11
Traffic shaping?
Ok, shaping on Linux is new to me.. so bear with me if i am just stupid. curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^# TCP_FLAGS_LOG_LEVEL=info TC_ENABLED=Yes CLEAR_TC=Yes TCP_FLAGS_DISPOSITION=DROP curtain:/etc/shorewall# So it should be enabled, right? ---- tcrules ---- 1 eth0 0.0.0.0/0 all 2 eth1 0.0.0.0/0 all 2 eth2 0.0.0.0/0
2004 Aug 24
7
Question about ip_forward in clear_firewall
Firewall users, My apologies as I''m not on this list, so please respond directly as well as to the list. I did try to search the archives and didn''t find any hits, although the search did not like searching for terms with underscores in them (both clear_firewall and ip_forward). I was trying to understand why, when running shorewall stop, even though it echoes IP
2005 Jun 17
4
linux ip forwarding problem
Hi, I have three linux machines, and I want to let one of them forward packets betwen the other two. The forwarding node has two ethernet cards, connecting the two two machines respectively. However, when I ping between the two end points, the forwarding node can receive the ping requests at its eth0, but it never forwards them to its eth1. So is the reverse direction. The forwarding node is
2006 Apr 04
14
Problem with masquerading and bridges
Hello all, I''m somewhat new to networking, and I''m having trouble masquerading connections that are coming over a bridge. The bridge only has a single port for now, but I''m going to add more ports later. I''m basing my configuration on the two-interface quick start guide. I''m using Shorewall 3.0.4 on Ubuntu Dapper. My network looks like this: * The
2006 Mar 15
6
Can't get port forwarded from net to net
I have followed the instructions at http://shorewall.net/FAQ.htm#faq2 along with some coaching on IRC from _Omache to get a machine (with IP address 66.93.22.233) to forward all port 25 traffic to another host in my network (with IP 66.93.22.254). This has not worked. I have tested by trying `telnet 66.93.22.233 25`, expecting to see the SMTP banner on 66.93.22.254. Of course, I don''t
2004 Jul 23
4
shorewall 2.0.3a, (ULOG) doesn''t log anything
Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on
2012 Feb 14
1
iptables nat PREROUTING chain
Is there a way to add a rule to the nat table (CentOS 5.7) that would alter the port number of tcp packets destined for the server itself? I have ip_forwarding enabled, but the packets don't seem to hit the prerouting chain. I have the following redirect rule in the prerouting table. I also tried DNAT, but if the packets don't hit PREROUTING, it won't work either. iptables -t nat
2001 Nov 26
8
RTNETLINK answers: File exists
Can someone tell me what concept I''m missing here. The setup is simple. I have two default routes after ifup operations. I use "ip route del" to remove one, but then decide to add it back. The attempt is refused. Why? # ip route ls 66.95.83.208/28 dev eth1 proto kernel scope link src 66.95.83.210 65.84.205.96/27 dev eth2 proto kernel scope link src 65.84.205.104
2007 Jul 29
12
Shorewall 4.0.0 + Kernel 2.6.21.5-grsec
Hello, My hoster updated its kernel packages... It contained some old problems that should have been fixed. My servers have now a wonderful 2.6.21.5 kernel + grsec running. Both are running Debian 4.0 (stable release). mx:/etc/shorewall# iptables --version iptables v1.3.6 mx:/etc/shorewall# uname -a Linux mx.network-hosting.com 2.6.21.5-grsec-xxxx-grs-ipv4-32 #1 SMP Fri Jul 27 17:18:23 CEST
2012 Apr 09
6
new install CentOS 6.2 and 4.5.1-2 run error.
Hi List, I have a new install of CentOS 6.2 and shorewall 4.5.1-2. I usually have no issues with shorewall until now. When I execute < #shorewall start > I get the following error. root@poweredge > /etc/shorewall# shorewall start Compiling... Can''t locate Shorewall/Compiler.pm in @INC (@INC contains: /usr/share/shorewall /usr/local/lib/perl5 /usr/local/share/perl5
2007 Feb 13
11
Routing problem (RTNETLINK answers: Invalid argument) on multiple internet link.
Hi all, I''m trying to set up a computer with 2 routes to the internet, much as described at http://lartc.org/howto/lartc.rpdb.multiple-links.html .One of my interfaces (eth5, 192.168.2.2) is only used for traffic originating inside the network. The other (eth1, 192.168.1.2) is only used for a VPN, where all (udp) traffic originates from outside our network. I have created a second
2005 Feb 04
3
loc2net no longer working (and I read the FAQ)
Hi all, This is your standard "I can''t *see* the internet" problem, except I think I''ve exhausted all the standard solutions. The only thing different is that my house experienced a power outage and now (after the FW rebooted) local machines can''t "see" out. I''ve got a 2-interface setup, using Shorewall 2.0.15 (installed via Debian).
2009 Dec 17
4
Shorewall time element rules never works ?
Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel
2012 Sep 05
2
DNAT issue
Hi, Sorry, not an experienced shorewall user, this is my first basic setup. This starts to drive me crazy. I wanted to use DNAT to forward port 33890 to an internal machine (windows) port 3389. To reach my workstation when I''m not home. In my rules : DNAT:debug net loc:192.168.0.11:3389 tcp 33890 - pub.lic.ip.add #SECTION BLACKLIST #well known port scans DROP net
2011 Dec 04
6
Shorewall 4.4.27 Beta 1
Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the
2011 Dec 04
6
Shorewall 4.4.27 Beta 1
Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the
2006 Feb 17
2
Packet vanishes after mangle-prerouting.
Can anyone tell me whether I have a routing problem, or an openVPN problem, or something else? I''ve stared at this for so long I think I must be looking in the wrong place! I have 3 machines: Machine A has single ethernet card, eth0, 192.168.5.5 Machine B has eth0, 192.168.5.? on the local net, eth1, 81.2.x.y to the internet, and
2005 Jun 06
23
Multi-ISP in 2.4.0
Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,