similar to: Cannot ping an address on the internet !

Hello, I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2 interface quickstart guide I download the 2.0.1 interface sample and untar it. "tar -zxvf two-interfaces.tgz" Maybe a dumb question but I can''t find anything on Google or the Shorewall mail archives that say anything about this. So I''m assuming its me. :P But the

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

Hi Tom (and others) encase you don''t know my network already ;) here''s a quick run down eth0 lan 192.168.1.1/255.255.255.0 eth1 wan1 172.30.7.4/255.255.240.0 eth2 wan2 202.37.230.93/255.255.255.192 eth3 wan3 203.96.213.73/255.255.254.0 I''ve got routes and rules for all the above interfaces :) I want to add another one, however I fear this might cause some issues I have

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand

What changes would I need to make if there is a 4th interface that is going to a DMZ Thanks Gene

Hi All, I''m using the Mandrake Linux MultiNetwork Firewall which is a web based interface to the shorewall firewall. I have an internal ip address of 172.25.38.1 which I am try to nat to a public address so that the client pc can ftp to the internet I have add the following in the nat file: 168.10.10.1 eth3 172.25.38.1 No No And this to rules: ACCEPT lan:172.25.38.1 wan tcp

I have a strange situation. I have a shorewall firewall with 4 interfaces. This firewall is an internal lab firewall with all 4 networks being private. The configuration is as follows: Eth0: 192.168.10.187 - This is the main lab network Eth1: 10.10.10.1 Eth2: 172.26.4.1 Eth3: 192.168.1.1 I would like to be able to put a host behind this firewall with interfaces on all 3

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

I''m having another little problem with my new firewall. I want outgoing port 25 from my mail server to appear on the address 65.223.121.227 so I created the file masq: eth2 192.168.124.18 65.223.121.227 tcp 25 eth1 eth5 eth1 eth3 eth1 eth4 eth1 == net0 == 209.189.103.196/27 eth2 == net1 == 65.223.121.237/28 eth3 == dmz0 eth4 == dmz1 eth5 == loc ==

I tried to the new GATEWAY option in /etc/shorewal/interfaces file but it didnt work. My network setting consists of 2 ISPs line and i would like to have eth0 to connect to for example, 192.168.15.254 while eth1 connected to 192.168.33.254. I restarted shorewall and nothing is wrong. However, the traffic still goes to the default gateway as shown in "route -n" command. For example, i

Is it possible to somehow build this rule, where net could be any IP on the net? /etc/shorewall/masq #INTERFACE SUBNET ADDRESS PROTO PORT(S) eth3:10.10.10.7 net 10.10.10.1 Thanks, David

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

I''ve installed Shorewall 3.0.5 on a Debian Sarge box, and I''m attempting to route internet traffic through a couple of ISPs, and I''ve come up against some problems. The first is that one of my links is a pppoe connection to a wireless modem, and I can''t configure it to have a static IP address... therefore I can''t see how I can set up the two

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, ok here is my question, I have 2 ISP''s connected to the firewall, and I already set up th routing tables, I have a 256k and a 1.5m connection, and I want a couple pcs from the internal network to masquerade through the 256k connection and the rest through the 1.5m connection, how do I setup this on shorewall??? I am not subscribed to the

Hi everyone! I''m having time out problems when using a DNAT rule. Rule: DNAT:info cmtc loc:192.168.0.158 tcp 8011 Log: Mar 17 17:50:17 gw kernel: [1583997.524924] Shorewall:cmtc_dnat:DNAT:IN=eth3 OUT= SRC=10.1.0.2 DST=10.0.0.2 LEN=60 TOS=0x10 PREC=0x00 TTL=62 ID=4279 DF PROTO=TCP SPT=32791 DPT=8011 WINDOW=5840 RES=0x00 SYN URGP=0 Telnet: root@emudar:~# telnet

Hi! Shorewall Users May I know ..what does it means ? Nov 5 12:43:34 netgw kernel: Shorewall:newnotsyn:DROP:IN=eth0 OUT= MAC=00:05:5d:4e:fc:62:00:d0:95:7a:d5:f1:08:00 SRC=210.59.230.239 DST=211.24.146.50 LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=36787 PROTO=TCP SPT=80 DPT=20291 WINDOW=65160 RES=0x00 ACK FIN URGP=0 Best Regards, Support

Hi, I''m a long time shorewall user and I like it very much. There is only one thing were I''m not always happy with: the config files. There has been discussion on the list about the comments in the files. My concern is that I loose overview over my configuration because of the many config files. Of course there are advantages too but I thinking wether another config format would

I have had Shorewall 2.0.8 up and running for a month or so. Now I need to change some things around. Currently I am running on a private IP scheme and Shorewall is setup based on the 3 interface guide. Now I want to change to a public scheme on my "loc" zone. I have a /24 block of public IP''s. I need my private scheme and public to co-exist so I currently have is eth1 (local)

I have two feeds, one with a static IP and one with a dynamic IP. How can I configure a Multi-ISP setup with the dynamic IP, or can I? I don''t think the gateway will change, just the interface IP. -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com --