Displaying 20 results from an estimated 20000 matches similar to: "Dropping established connections"
2005 May 29
12
access deny host (ip) to access the Internet
I''m using shorewall 2.0.x at home as an Internet gateway for family.
However my brother always plays online games overnight, so my parents
asked whether I can do something on the gateway to control the time of
accessing the Internet.
I planned to put a script on crontab to schedule which it will execute
say at 12:00 night daily, the script will execute a command will deny
my brother
2005 Mar 15
5
unable to filter or log vpn traffic
hi all,
i have a classic net topology with two local zone, a firewall/router
with dsl connection
loc1 (192.168.11.0/24)
----- fw ----- net
loc2 (192.168.12.0/24)
now on the local zone 1 (on a WinXP machine) i have installed
OpenVPN 2.x to make a test connection with a company.
OpenVPN is configured as client to use tun on udp
port 10000 with ip 10.0.0.2, on the other
2005 Jun 08
3
DNAT Issue
I have a lan with shorewall running as firewall and two local machines,
where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where
124.124.124.124 and 123.123.123.123 are the external IPs for the mail
servers.
The two mail servers need to communicate with each other via smtp
(for sending mail from domains hosted on one to the other) but its
giving issues.
Specificaly when one server
2010 May 04
7
Packet Not 100% Received
I have problem with my shorewall. We are now doing some stress test with a http application behind the shorewall. Firstly we send 10.000 requests to a http based application with no firewall. It can received 100% requests. But when we put shorewall in front of it then it stats to loose requests. Is there any packet limitation from shorewall all it''s about conntrack? Thanks for the reply.
2004 Dec 22
15
OpenVPN and DNAT
Hello Tom and all,
Quick question: Is it possible to operate an OpenVPN server from behind
a firewall?
Is it as simple as setting it up and placing:
DNAT net loc:192.168.10.20 udp 5000 - ipaddress
--
Paul Slinski -o)
Network Administrator /\
Global IQX, Inc. _\_v
Global IQX is the leader in integrated e-business automation solutions
for the group life and health insurance
2005 Feb 23
13
Snort and Shorewall
Hello
I am looking for a way to have snort to dynamically update my shorewall config.
I have seen software out there but I would like to see if anyone had tried this
first.
Aslo I would like to know if there is a way clear the Netfilter tables when I do
a shorewall restart. The reason being is that when I make a change to my
firewall setting I want all connections to have to re-establish
2003 Jan 04
4
DNS problem
Hello,
Today I restarted the firewall machine during an outage of the ADSL line
overhere. At the boot Shorewall did not start but stopped during start.
The problem was that the ADSL line was down so no DNS server available
to resolve hostnames. I have a hostname in "blacklist" file and
therefore shorewall did not start. Is this problem solvable without
putting an IP address in the
2003 Oct 11
1
Re: Performance problems with bigblacklist
On Sat, 2003-10-11 at 08:45, nomail@yahoo.com wrote:
This is the last time I will put up with your forged from address. I
found your post in my Spam folder and any further posts with a forged
yahoo.com from address will stay in that folder!
> it seems shorewall does not opitmize
> the iptables rules for bigblacklist
> and it slow down my lan
> how to make it first check if it as
2005 May 08
4
not logging some ports?
Hello,
I want not to log some dropped packets going from net to fw, i.e. to
exclude some ports. For example, I get lots of denied SPT=4672 DPT=7476
packets in /var/log/messages. I know I can probably do this by using ulog
or some other logging system and writing some rules to exclude "SPT=4672",
but is it possible for shorewall not to log some ports? Sorry if it is obvious,
but I
2009 Jun 18
9
Redirect port 80 away from Shorewall?
Hi There,
Due to shortage computer, I need to install Apache to my Shorewall box (192.168.1.1)
But the real web server is on another box (192.168.1.2)
I tried to put rule:
DNAT net loc:192.168.168.1 tcp 80
But everytime www connection coming in, it will hit my shorewall
Any solution?
Cheer
Access Yahoo!7 Mail on your mobile. Anytime. Anywhere.
Show me how:
2004 Oct 04
1
Re:
A non-text attachment was scrubbed...
Name: Joke.cpl
Type: application/octet-stream
Size: 0 bytes
Desc: not available
Url : http://lists.shorewall.net/pipermail/shorewall-users/attachments/20041004/b2efa4e8/Joke.obj
2012 Sep 05
2
DNAT issue
Hi,
Sorry, not an experienced shorewall user, this is my first basic setup.
This starts to drive me crazy.
I wanted to use DNAT to forward port 33890 to an internal machine (windows)
port 3389. To reach my workstation when I''m not home.
In my rules :
DNAT:debug net loc:192.168.0.11:3389 tcp 33890 -
pub.lic.ip.add
#SECTION BLACKLIST
#well known port scans
DROP net
2005 Feb 07
2
blacklists and rules
Hi People, what files is processed first?, balcklist or rules, i want to
globally filter imesh, but at the same time allow managers to connect, i.e.
, imesh work on port 1214, i have this:
/etc/shorewall/blacklist
#ADDRESS/SUBNET PROTOCOL PORT
192.168.0.0/16 tcp 1214
192.168.0.0/16 udp 1214
2004 Dec 15
3
[Fwd: 2 ftp serwers problem]
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2004 Nov 11
12
Performance degrade going through firewall
Hi
I am using verion 2.0.10 of Shorewall.
My configuration is as follows:
Eth1 dmz1
------------| __________
| |
|
Eth2 dmz2 | FIREWALL |------| INTERNET |
----------| | _______ | |__________|
| |---------| |
2002 Feb 07
5
Blacklist problems - iptables v1.2.4: Unknown arg ''--log-level''
Hi All,
I have just upgraded to 1.2.5 of shorewall, and thought I would switch on
the blacklisting feature.
All seemed well, I had the log level set to debug...to try it out (like
you do)..no problems...
But when I removed the debug
i.e. in shorewall.conf BLACKLIST_LOGLEVEL= instead of
BLACKLIST_LOGLEVEL=debug
I get .the usual init stuff..then
Setting up Blacklisting...
2004 Sep 13
17
Problem with openvpn tunnel
Hello,
I have the following situation :
Server with 2 nics
1 nics connected to the internet, 1 connected to the LAN
I have OpenVPN running on the system and the following setting in the
tunnels file :
===================================
openvpn:2000 net 62.58.0.226
openvpn:2001 net 62.58.0.226
openvpn:2002 net 62.58.0.226
===================================
All tunnels ran for weeks
2005 Feb 04
13
resending to new external address
Hi folks,
As you''ve no doubt noticed incoming spam recently massively increased. This
has overloaded our current server (24.74.9.226) which does HTTP, SMTP, POP
and IMAP. To help cope with this, I''ve put up a second server (24.74.9.225)
which will be the mail server, leaving the original server to just be a web
server.
Can I use shorewall on the first machine (version
2007 Dec 03
1
blocking
As i can see, if i use Shorewall tools for blocking client
traffic ('blacklist' file, 'shorewall drop') it has effect only
for new connections but existed don't blocks. Can i with Shorewall
stop ALL traffic for definite clients?
Alex
-----------
IRR.BY ('Из рук в руки – Онлайн') – крупнейший в Беларуси
сайт частных объявлений. http://irr.by
2005 Apr 19
14
allow ssh access from net to fw?
Hi,
I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from
the internet to the firewall but it does not work.
I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful
but I don''t know why SSH:
Does not work for me:
ACCEPT net fw tcp 22
Works from the loc network:
ACCEPT loc fw tcp 22
I have tried also with (no success):
AllowSSH