Displaying 20 results from an estimated 8000 matches similar to: "who gives access? was: why ADD_DNAT_ALIASES missing?"
2004 Aug 10
6
why ADD_DNAT_ALIASES missing?
hi,
is there any reason why there is no such thing as ADD_DNAT_ALIASES in
shorewall.conf or in rules (or am i just missed it)? i think about it
like in masq file if the masquaraded outgoing interface is different
from the default firewall intyerface than i can use ip:<digit> where the
digit is the alias number. since dnat is in the rules it can be used
from there. eg: if would like to dnat
2004 Oct 18
11
how can i log everything?
hi,
it''d be very useful to add some kind of "log everything" option to
shorewall. currently the logging is useful if you know what you would
like to log. but if you don''t know than it''s a problem...
another problem that currently it''s not possible to log the nat table.
at least i can''t find any way (can''t add logging into masq and
2004 Oct 06
4
SNAT is less expensive than MASQ
hi,
in the masq file''s documentation, there is a sentence:
"If you have a static IP on that interface, listing it here makes
processing of output packets a little less expensive for the firewall."
this realy means that SNAT to the primary address is less expensive than
a MASQ rules in the netfilter? is this documented anywhere in
iptables/netfilter?
thanks.
--
Levente
2006 Feb 07
7
Masquerading issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
Shorewall-3.0.3
RH9 (+legacy updates)
eth0: loc: 192.168.1.0/24
eth0:0: loc: 192.168.20.0/24
eth1:: 69.70.32.8/29
I''m worked all day on an issue I found today and I just can''t find a way
to fix my problem.
So, basically, for now, my network looks like this:
Internet
^
|
(69.70.32.8/29)
Firewall
192.168.1.1
2005 Jan 23
15
Idea: permit /etc/shorewall/masq to contain zones, as well as interfaces
Dear All,
Firstly, thank you very much - shorewall is great. I''m not a member of
this list, and please forgive me if I am suggesting something stupid, but
the following occurs to me, and I thought it might be useful.
Why no make it possible to specify zones as well as interfaces in the
/etc/shorewall/masq file ?
Eg: instead of:
eth0 eth1
one might write:
net loc (or masq in
2005 Jan 22
3
DNAT, NAT or ProxyARP?
Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current
2003 Feb 04
1
Totally SNAT confused :)
Hi !
I have setup a complete shorewall now with DMZ, and Private zones and
masq, rules, port-forwarding etc. worx like expected.
BUT
I have a wish to use a couple of more public IP''s and relate those to
inernal servers on the DMZ zone and i am now so confused about it. I have
searched this archive for SNAT port allow
Setup:
3 public adresses on the WAN nic. lets call them 80.80.80.80 -
2005 Jun 26
1
Re: Shorewall-users Digest, Vol 31, Issue 48
On Friday 24 June 2005 20:57, Derek Vincent wrote:
>>Hello all,
>>
>>I have shorewall setup with 3 SNAT entries for external IP address''s to
>>a single IP internal address. I am wondering how to limit access based
>>on the source IP address.
>>ex.
>> EXT IP 1 access only to port 25
>> EXT IP 2 access only to port 443
>> EXT IP 3
2005 Jun 24
1
SNAT multiple IP to single internal IP and limiting access based on external IP
Hello all,
I have shorewall setup with 3 SNAT entries for external IP address''s to
a single IP internal address. I am wondering how to limit access based
on the source IP address.
ex.
EXT IP 1 access only to port 25
EXT IP 2 access only to port 443
EXT IP 3 access only to port 80
I have the SNAT setup correctly and I have 3 accept line in the rules
file (25,80,443) but I can hit
2008 Jan 17
16
Local network rejecting traffic
Hello!
I have this situation / interfaces:
Dsl0 - internet interface
Eth0 - local network
I have linux box with shorewall 2.2. And on the local network I also have a
hardware router. I have connected WAN port with settings of my linux box and
then created one more local network behind hardware router. It works fine.
I then wanted to use VPN function of this hardware router, so i created
2005 Mar 02
3
duplicated dnat entries
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all,
im using shorewall 2.2.1 on a CentOS 4, im newbie with shorewall,
just testing it
i created a dnat rule like this
#ACTION SOURCE DEST PROTO DEST
SOURCE ORIGINAL RATE USER/
# PORT
PORT(S) DEST LIMIT
2003 Feb 23
1
RTSP problems (and SNAT questions)
I am having problems making RTSP connections to a Windows Streaming Media
Server (ie "connecting to media...." but WMP never connects). There are no
error messages in /var/log/messages. It was suggested to me that SNAT might
perform better than MASQ in this respect.
I edited my shorewall/masq file as such:
eth0 eth1 12.34.56.78
or should it be?
eth0 10.0.0.0/24
2005 Jan 07
8
Problem with bridging/routing on three interfaces and DNAT
Hello all,
I have a problem with external access to a postfix mailserver running on my
firewall as a mail-gateway. My setup with shorewall 2.2.0 rc4 is as follows:
eth0 is zone isf - this is an intranet to other companies
eth1 is zone loc - local network
eth2 is zone net - internet, fix ip adress
eth0 and eth1 are bridged
shorewall version
2.2.0-RC4
ip addr show
1: lo: <LOOPBACK,UP> mtu
2005 Mar 02
12
Problem with outgoing Masquerade
I''m having another little problem with my new firewall. I want outgoing port
25 from my mail server to appear on the address 65.223.121.227 so I created
the file masq:
eth2 192.168.124.18 65.223.121.227 tcp 25
eth1 eth5
eth1 eth3
eth1 eth4
eth1 == net0 == 209.189.103.196/27
eth2 == net1 == 65.223.121.237/28
eth3 == dmz0
eth4 == dmz1
eth5 == loc ==
2006 Nov 14
2
NAT/MASQ with multiple external static IPs
Hello everyone,
really not sure if this is a LARTC question or not, but I have several
hundred users all MASQ''d behind a single static IP. Users are reporting
that certain websites are blacklisting that single static external IP
for various reasons.
What I would like to do is use several external IP''s and have a MASQ''d
user getting a random one each time.
Here is
2005 Jan 08
2
static nat address
Hello,
> My server is on Mandrake 10.1 off.
> eth0 is WAN with static IP connected 512 DSL
> eth1 is LAN.
I need a little clarification on static nat
settings in shorewall.
external address - static IP
internal address - ?
for the internal address should I put my eth1 IP
or the general subnet range. For example 192.168.0.0.
I am also not sure about :
Active for firewall system? yes
2004 Aug 17
16
Sanity check please !
I am setting to a shorewall system with 4 NIC''s as per the outline
specification below. Can anyone please have a look and let me know what I
have missed and what I have got wrong as I want to take this system live
ASAP but do not want to kill internet access and the hosting for too long !
I have listed below the system outline & have attached the config files that
I have changed, if
2007 Jun 05
9
PPTP port forwarding question
Hello,
Please see the following picture:
http://www.wilson-kwok.com/pptp.jpg
I used one to one NAT from 210.0.0.1 to 192.168.0.2 for web server,
and then use port forwarding from 210.0.0.1 to 192.168.0.3 for pptp server,
but I cannot connect from my home to pptp server.
Here is the nat file:
210.0.0.1 eth0:2 192.168.0.2
Here is the rules
2005 Jun 06
23
Multi-ISP in 2.4.0
Hello Shorewall list,
I''m a happy Shorewall user since a few years now and everything works fine
for me except one thing that I try to implement since a week, the multi-isp.
I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a
week.
My config is a Debian running a kernel 2.4.27 home made with the
CONNMARK.diff patch applied
I''m using 2 ISP,
2005 Feb 25
6
nat problem
Hi All,
I''m using the Mandrake Linux MultiNetwork Firewall which is a web based
interface to the shorewall firewall.
I have an internal ip address of 172.25.38.1 which I am try to nat to a
public address so that the client pc can ftp to the internet
I have add the following in the nat file:
168.10.10.1 eth3 172.25.38.1 No No
And this to rules:
ACCEPT lan:172.25.38.1 wan tcp