similar to: Re: [Fwd: Re: Shorewall and VPN]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello! > > > Machine A > WAN IP: 123.123.123.111 > LAN IP: 192.168.177.1 > > > Machine A wants to connect through an IPsec tunnel to 192.168.176.2 tcp 110 (pop3). > > kernel: Shorewall:all2all:REJECT: > IN= OUT=ppp0 SRC=123.123.123.111 DST=192.168.176.2 > LEN=60 TOS=0x10

Hey First, apologies if this went out twice. I sent the original email from an odd email configuration (essentially from an alias of what I signed up as). I searched and noticed that my post did not appear and I did not get a bounce back so I was confused. I waited a few days before resending. So apologies if this goes out twice. I am not trying to spam. I was hoping someone could help me with

My dcgui-qt (chat/file-sharing program) doesn''t work and I''m pretty sure it''s my firewall settings. dcgui-qt is a direct connect (file sharing & chat) client. According to the FAQ here (http://dcplusplus.sourceforge.net/faq/faq.php) all I should need to do is: ------- #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL #

Hello, I forgot to put my #/etc/shorewall/policy file: # /etc/shorewall/policy ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK # adm net DROP info tlm net DROP info # net adm DROP

I have what strikes me as an odd problem with shorewall. Let me describe my setup. My desktop (alfred) is connected to the network through an ADSL modem. I am running rp-pppoe, and this works perfectly. I have a small home network, with two LANs; an Ethernet LAN (including a machine running Windows XP), and a WiFi LAN, including the laptop (william) I am using now. All the computers except for

I have delete "lo" Zones And Interface and rebuild all the firewall >From Local I ping www.google.fr with DNS resolution DNSMASK installed on the firewall. POSTFIX and Squid+SquidGuard Installed on firewall All clients machines have the IP of Firewall for Dns resolution New Dump joint Without Squid : I surf and all works perfectly With Squid And REDIRECT rule : surf Is VERY TOO

For the last couple of days, I''ve been seeing a bunch of these from 8 different domains from Germany to South Korea, etc. Can anyone give me an idea as to what may be going on? Jan 24 09:37:18 omega kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=xx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=47415 DF PROTO=TCP SPT=53121 DPT=25 WINDOW=5840 RES=0x00 CWR

On Tue, 2003-10-28 at 13:41, AdStar wrote: > Hi Tom, > > I''ve upgraded my firewall to 1.4.7c (and copied the firewall/functions from > the CVS over for the accounting names) > > I still get this reject in my logs. > Oct 29 08:35:08 pyro Shorewall:FORWARD:REJECT: IN=eth1 OUT=eth1 > MAC=00:02:b3:61:64:6e:00:02:b3:5f:c3:5c:08:00 SRC=10.0.100.11 DST=10.0.100.10 >

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

I have problem getting answer on http request from all my local subnets but not from local subnet. Ping and requests on ports 21 22 23 25 110 works fine. I logged port 80 in rules files and I got accept entry same for local subnet and other subnets. Local subnet is 192.168.6 Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT= MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00

Hi, I have shorewall version 1.4.10g on Redhat 9 Local clients are on eth1 in subnet 192.168.3.0/24. eth0 is for the outside (over xdsl with includes a ppp0 interface). Nessus (nessusd) is installed *on the firewall* and managed trough nessus (the client or frontend) running on one of the internal machines. When I was running a scan against 194.152.181.36 I observed several entries like

[ I hope this isn''t a dupe. Evolution crashed on my last send and I see nothing in my logs that leads me to believe the mail made it out before the crash ] Well, it probably is working. I''m probably just misunderstanding something. Given routing rules that look like this: 0: from all lookup local 10000: from all fwmark 0x40 lookup CGCO 10001: from all fwmark 0x80

here''s a snippet from my /var/log/messages: Nov 4 00:24:45 firewall kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=80.143.227.136 DST=165.247.174.243 LEN=76 TOS=0x00 PREC=0x00 TTL=114 ID=41910 PROTO=UDP SPT=9940 DPT=9940 LEN=56 Nov 4 00:24:45 firewall kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=ppp0 SRC=10.0.0.2 DST=4.4.130.47 LEN=76 TOS=0x00 PREC=0x00 TTL=127 ID=26091 PROTO=UDP

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > > #--- file: policy --- > #vpn policies: > loc vpn ACCEPT info > fw vpn ACCEPT info > vpn loc ACCEPT info > vpn fw ACCEPT info > > net

Hello, I am running a web server on my internal network. Clients outside the web can view it but inside the network, they get page cannot be displayed. I have tried shorewall faq 2 but it still doesn''t work. interfaces #ZONE INTERFACE BROADCAST OPTIONS net ppp0 detect dhcp,routefilter,norfc1918,routeback masq eth1 detect routeback masq #INTERFACE SUBNET ADDRESS ppp0 eth1 #LAST LINE --

Hello Mailinglist, please excuse my bad english - but I am not a native speaker. My Network looks like this: Internet --- dyn. IP --- Firewall (shorewall) --- LAN (192.168.X.X) No I try to connect my iphone (from mobile Internet G3) over VPN (l2tp/ipsec) with the firewall. But I can´t open the necessary Port 1701. /var/log/syslog ... Dec 30 00:24:29 router kernel: [226128.293757]

What I''m doing: I have Shorewall on a SuSE 9.0 machine, which is the firewall/router on the network. External interface is eth0 172.16.1.1, internal interface is eth1 10.40.1.1. (I used the Two-interface Linux System Quickstart Guide). All works well with that configuration. I also use PPPD for dial-in clients, and have two modems for incoming calls. Recently I added VPN interface

http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ ftp://ftp1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ Coming soon to a Mirror near you. Problems corrected in 3.0.6 1) A typo in the output of "help drop" has been corrected. 2) Previously, ''shorewall start'' would fail in the presence of a network interface named ''inet''. 3)

I''m not a subscribed user, so please cc me on any replies (fier0@bigfoot.com). I know this has been asked a few times, but i have not been able to find a direct answer. I was using shorewall with 2 nics, and it worked fine, except if that linux box went down then nobody could get out to the internet (and the wife would kick my ass). I''ve now started to use my linksys

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in