similar to: Dropped/Corrupted Log Entries?

Dear All, After installing Shorewall, on a router with 4 NIC, seems running ok. Next day, when connecting from clients, (MS) we keep getting ip conflict for non-conflicting ip addresses. Any help is appreciated. Detals of Startup: + shift + nolock= + ''['' 1 -gt 1 '']'' + trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9 + command=start +

The rule: ACCEPT loc $FW::3128 tcp www doesn''t work propertly, the http access does not redirect to squid but directly exit. what''s wrong? Thanks ------- Dario Lesca (d.lesca@ivrea.osra.it) -------------------------------------- @@@@@@@ this is my shorewall-1.2.13 config: #[/etc/shorewall/common.def]-----------------------------------------------

I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net

Hi all, I have a strange problem in trying to install a transparent proxy (in my internal net not on the shorewall server) according to the instructions as outlined in http://www.shorewall.net/Shorewall_Squid_Usage.html#Local My Network looks the following: Internal Net: 10.0.0.0/24 Squid Server listening on port 3128 (ip 10.0.0.152, DNS name server01) | |

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

Hi list, thank you for Shorewall :) I''m trying to get a simple config to work but i can''t seem to work out how to gain access via ssh to the protected remote machine. But that doesn''t surprise me really as i have just spend well over an hour to find how to limit the lograte AND fill in the logburst in shorewall.conf. I have specified a logfile (not messages) in

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

Hi everybody. I''m sorry to bother you because I''m probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can''t get masq working. Maybe this is because

Shorewall 1.4.7 is now available at: http://shorewall.net/pub/shorewall/shorewall-1.4.7 ftp://shorewall.net/pub/shorewall/shorewall-1.4.7 It will be available at your favorite mirror shortly. The release notes are attached. As always, many thanks go to Francesca Smith for updating the sample configurations for this release. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi: I have a small infrastructure of network of local area, that are based on a computer, with computer and with a Point Access, with Debian Etch 4.0r1. With Shorewall 3.2.6-2. Well. Since I have two cards of network, which of which, I have left like that: Internet --> Router (217.126.221.65) --> eth1 (217.126.221.117) --> eth0 (LAN

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

Hello! We''re using Shorewall 1.4.2 and running into an interesting problem when we try to enable logging of traffic that netfilter classifies as "related" to an existing connection: there doesn''t seem to be a way to do it. Places where we''ve run into this problem are: (1) Attempting to log individual active or passive FTP data connections separately from

Here is my config: dubenda:~ # shorewall version 3.2.1 dubenda:~ # ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

Hello all, I have a question in regards to proxyarp and shorewall, I am new to shorewall and I have 5 static IP address from my ISP. My current setup is that I have one system with three network cards, (eth0 = xx.xx.xx.42, eth1 = 192.168.110.41 eth2 = 10.10.10.41), two systems with two network cards, (eth0 = xx.xx.xx.41 and eth1 = 10.10.10.42/44), I want to get rid of the eth1 of the two systems

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

I have a dsl modem and two static IP addresses: 66.17.65.22 and 66.17.65.161. I am using the standard configuration from the Shorewall Setup Guide for multiple IP addresses and modifications suggested by the Aliased Interfaces Guide. I want to set up a shorewall 2.08 router for my home (Fedora Core 2 / kernel 2.6.8-1.521). I want share an internet connection with some pc''son a local

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

Hello, I have a deriv function that I am feeding to nlme. It works, and I can use it in nls, but when I try to use it in nlme I get Error: subscript out of bounds. I can fit the model using SSasympOrig, instead of the deriv function, but I am trying to reproduce an earlier analysis (done in Splus) and I get slightly different results with SSasympOrig. Here are my calls: This does fit

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH