Displaying 20 results from an estimated 20000 matches similar to: "mark ack with shorewall 2.x"
2012 May 08
19
Shorewall, TPROXY, Transparent Squid and Multiples ISP
Hello,
I wonder if someone could use the TPROXY with Shorewall and
transparent Squid with using the routing rules on shorewall
(tcrules) for hosts / networks (LAN) with multiples providers (WANs)
directly from the internal network on port 80 (with TPROXY
transparent squid or REDIRECT).
On this issue, the routing rules is not work propertly because the
source is the
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH
2004 Oct 17
8
Shorewall and IPP2P
Hi!
I''m wondering whether anyone has successfully set up a bandwidth control
system using ipp2p and shorewall. I have been able to drop connecions
altogether, but I don''t seem to be able to get CONNMARK working with ipp2p.
Any pointers would be greatly appreciated :)
______________________________
Mario R. Pizzolanti
2004 Sep 02
3
Traffic shapping Bug ?
hello ,
i''m currently trying to set-up Traffic Shapping with Shorewall and I have strong
feelings that I found a bug.
I may be mistaken, but I tried everything and can''t get it to work.
I''ve turned ON TC_ENABLED=Yes and CLEAR_TC=Yes
when i start shorewall ( shorewall start ), i get this message :
Setting up Traffic Control Rules...
TC Rule "2 eth1 0.0.0.0/0 tcp
2004 Aug 10
11
who gives access? was: why ADD_DNAT_ALIASES missing?
hi,
there was some email problems and i repeat my question too fast, but
this is the second part of my questions.
- only the rules and policy files give access right? ie. rules in the
FORWARD chain of the filter table in iptables ?
- is a line in masq file automaticaly add an accept rule too? eg. in
msaq file
eth0 <internal ip>
allow connection from <internal ip> (local zona) to the
2004 Jan 31
5
Shorewall 2.0.0 Alpha 1
http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 Mar 15
2
shorewall restart with keepalived (redundant firewalls)
Hello,
First , thanks to Tom for it''s great job ! Netfilter is really easy
and powerfull with shorewall.
So, I have configured two firewalls whith shorewall using keepalived
for the redundant VRRP stuff.
FW-a is MASTER and FW-b is BACKUP.
Everything works correctly and FW-b upgrade to MASTER when FW-a is
down or disconnected. FW-b downgrade to BACKUP when FW-a comes back.
But when I
2004 Nov 08
3
nessusd on shorewall
Hi,
I have shorewall version 1.4.10g on Redhat 9 Local clients are on eth1
in subnet 192.168.3.0/24. eth0 is for the outside (over xdsl with
includes a ppp0 interface).
Nessus (nessusd) is installed *on the firewall* and managed trough
nessus (the client or frontend) running on one of the internal machines.
When I was running a scan against 194.152.181.36 I observed several
entries like
2005 Feb 23
13
Snort and Shorewall
Hello
I am looking for a way to have snort to dynamically update my shorewall config.
I have seen software out there but I would like to see if anyone had tried this
first.
Aslo I would like to know if there is a way clear the Netfilter tables when I do
a shorewall restart. The reason being is that when I make a change to my
firewall setting I want all connections to have to re-establish
2005 Feb 01
5
Shorewall configuration - ''run_iptables''-problem
[This email is either empty or too large to be displayed at this time]
2002 Dec 19
4
Shorewall 1.3.12 Beta1
The first Beta Version is available at:
http://www.shorewall.net/pub/shorewall/Beta
ftp://ftp.shorewall.net/pub/shorewall/Beta
New features include:
1) "shorewall refresh" now reloads the traffic shaping rules (tcrules
and tcstart).
2) "shorewall debug [re]start" now turns off debugging after an error
occurs. This places the point of the failure near the end of the
2005 Sep 29
20
maclist problem on a firewall/bridge/router system with masquerading
Hy,
sorry for my poor english
i think i''m having a very unusual problem and very dificult to track,
but i''ll try to explain it as best as i can.
here is my scenario:
a firewall/bridge composed of 3 ethernet devices and 1 virtual one.
my bridge (br0 ) is composed of eth0, eth1 and tap0
br0:eth0 is my connection to my router (200.244.92.1)
br0:eth1 is my connection to my
2005 May 12
12
New Article at Shorewall.net
This article describes how to implement "Port Knocking" in Shorewall.
http://shorewall.net/PortKnocking.html
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2004 Sep 20
2
After upgrade people can no longer connect
Hello Tom,
I''ve been using Shorewall for years without problems. My previous version of
shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using
rpm to 2.0.8-1. After update no one can connect to any interface from net.
Server can connect to outside world fine and those described in routestopped
have no problem connecting. Any help correcting this problem would be
2006 Mar 09
3
Shaping questions
Hello Shorewall users,
I have some questions I am hoping someone can answer. I have searched
around the archives but so far I have been unable to find answers. I
am trying to configure traffic shaping on my router/firewall box
running Shorewall 3.0.5/kernel 2.4.31 and have run into some
problems/questions.
My basic set up is: 1500/256kbit ADSL (PPPoE/ppp0) -> Shorewall box
2005 May 09
12
shorewall suddenly dropping all from outside
Hi List,
I read this list for nearly two years and learnt a lot, but now i have
a very strange problem I can''t solve..
I have a firewall machine running Debian, which connects a small
office to the internet via a DSL-line (with pppoe) and which is
running Shorewall. It allows all outbound traffic and accepts pptp,
openvpn and ssh-connections (on a non-standard port) from the
internet.
2005 Feb 18
7
$FW in tcrules
Hi Folks,
I''m a new user to Shorewall, it came installed on the redWall firewall
that I am using and I''m really happy with both projects! Thanks for all
your work on it!
I have a question about tcrules and $FW. I''m doing source policy
routing and need to be able to add an output rule to the mangle chain
with a source that is specific network, not 0.0.0.0/0. It
2007 Jun 27
3
Adding custom iptables rules to shorewall
Hi,
I''m trying to add following iptables rules to shorewall:
iptables -I INPUT -d 192.168.1.1
iptables -I OUTPUT -s 192.168.1.1
What should I put in my custom action or any ware else?
I need these rules for munin accounting.
iptables -L INPUT -v -n -x
Chain INPUT (policy DROP 5 packets, 260 bytes)
pkts bytes target prot opt in out source
destination
7175
2005 Jun 04
3
[Fwd: [shorewall-coding] Shorewall2 functions, 1.39, 1.40]
Skipped content of type multipart/mixed-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://lists.shorewall.net/pipermail/shorewall-devel/attachments/20050604/bee263f3/signature.bin
2005 Feb 23
9
shorewall friendly way of limiting ssh brute force attacks?
I was wondering if anyone had implemented rules like this in shorewall:
http://blog.andrew.net.au/tech
I see tons of brute force attempts on the machines I administer, and I like
the idea of limiting them without the need for extra daemons scanning for
attacks.
Thanks,
Dale
--
Dale E. Martin - dale@the-martins.org
http://the-martins.org/~dmartin