similar to: newnotsys

I just added 802.1Q VLAN support to redhat initscripts. And after support was ready, I tried to restart shorewall. Well it blew into pieces. Seems like shorewall can''t handle device names like: eth0.3 very properly. That''s default naming of vlan devices. eth1 is master device and 3 is id of my test vlan. So when I added to interfaces line: home eth0.3 detect seems like

Hello Shorewall users I have a firewall based on RedHat 8.0 and Shorewall. I have 2 interfaces, with 2 ip address on the loc interface, the connection to the internet runs through my company''s network with an ADSL/MPLS line. I need to configure my Shorewall with the possiblity to deny some users'' access to the ''net'' for some subnet. Ex. my son''s

Hi, I have a setup that consist of 2 firewalls connected over dialup and PPP. Each side of the ppp are protected by shorewall. One side of the PPP masquerades everything not addressed to the local network to its eth0 (the net). fw1 <---- ppp (dialup) -----> fw0 <----- NET When making an http request to a site on the Internet from the machine not directly connected to the net (fw1), the

This is a minor release of Shorewall. In this release: 1. A "shorewall try" command has been added. This command attempts to restart Shorewall using an alternate configuration and if that attempt fails, Shorewall is automatically started with the default configuration. This is useful for remote administration where a failed restart of Shorewall can leave you isolated from

Tom, I was upgrading a remote firewall, when upon restart, shorewall found a rule with a wrong zone and decided to not continue and stop itself. The problem now, is I cannot access that firewall over ssh anymore. One suggestion would be to instead of "shorewall stop" to have a basic emergency rule with only ACCEPT:info all all tcp ssh rule instead with DROP all policy. Shorewall could

To all, I have a firewall with 3 NICS. eth0 connects to the Internet eth1 connects to a wired lan eth2 connects to a wireless lan In my rules, I would like to create a zone loc which encompassed eth1 and eth2 and create 2 sub-zones: lan for eth1 and wlan for eth2. Because I only want to open what I need on that firewall and because that firewall is also used for different services (I know

--=-97YF284NV6yShaPqFwb/ Content-Type: text/plain Content-Transfer-Encoding: 7bit I have to say Shorewall is the closest in my mind to a perfect iptables firewall generation script. Thanks Tom for a great product. 2 things that could make it even better in my mind: - instead of using service acronym (don''t know how to call it differently) for rules, it would be great to be able to

Hi, all! Can I enable multicasting via shorewall? I have router with Gentoo Linux (one interface to ISP, one with alises - to local network). Shorewall work perfect! But now I need setup Quagga (zebra) for dynamic routing between one more router via another provider. All routers daemons (zebra, ripd, ospf) used multicasting. In my configuration already enabled allowBcast and etc.

Hola and thanks for any help in advance I installed mandrake 9 a few days ago and wanted to set up some additional rules to shorewall, bu i failed :) What i want to do is basicly route any incomming udp and tcp packets on port 4665 to a workstation behind the router. router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0) connected to dsl modem and gets a dynamic ip

After installing Zebra for ripd to get win2k routes I am getting this May 20 23:24:20 ns1 kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC= SRC=64.42.53.202 DST=64.42.53.207 LEN=92 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=72 May 20 23:25:25 ns1 last message repeated 3 times I am new to zebra, so I am assuming that this is broadcasting to windoz for routes weird !!!

I''m getting an error when shorewall is trying to add the default routes for my multi-isp configuration. I''ve attached a shorewall dump... If anyone can give some input I''d appreciate it. RTNETLINK answers: Invalid argument ERROR: Command "ip -4 route replace default scope global table 254 nexthop via 67.110.119.245 dev eth3 weight 1 nexthop via 66.29.181.113

I have, for the time being, decided to split my dual ISP/single shorewall connection into two shorewall connections/boxes, each handling one ISP. I am running OSPF in the network and so far things are working out fairly well (from a client of the two gateways). $ ip route ls 10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20 192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric

First of all, My apologies for this maybe slight OT post, but I have so much confidence and read so much good replies on this list, that I am still asking my question. I''m looking for a linux distribution to use on our school''s homemade routers. The routers are small miniITX based systems with 2 network interfaces. I added a 4 port D-Link network card in some cases, when I

I am trying to set up my Shorewall box to forward multicast packets to my local net. I do have some problems with mrouted (see below), but I can join and add routes using smcroute. Multicast works when shorewall is disabled. I got a lot of help from the following. http://lists.shorewall.net/pipermail/shorewall-users/2005-January/016674.html I cannot get the multicast packets to pass the fw when

Does anyone have any information or recommendations for ADSL PCI Cards for Linux boxes? E.g. which ones are supported? How much are they? etc. Dirk -- Please Note: Some Quantum Physics Theories Suggest That When the Consumer Is Not Directly Observing This Product, It May Cease to Exist or Will Exist Only in a Vague and Undetermined State.

It is my plan that the upcoming release of Shorewall (1.3.14) will definitely be the last of the 1.3.x releases and will very probably be the last release of Shorewall 1.x.x. I will continue to support Shorewall 1.3 but will be making no more enhancements to it. I will be devoting my time to Shorewall 2. If anyone is interested in taking over the development of Shorewall 1, please let me

What shorewall rules would be required to allow the OSPF routing protocol to pass fw<->loc? Any suggestions would be appreciated. Ben

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

I am running Red Hat Linux 8.0 and I want to install Shorewall. I have downloaded it as LATEST.rpm. I downloaded it to /root/downloads/shorewall. When I issue "rpm -qip LATEST.rpm" I get "Name: shorewall; Version: 1.3.14". The "Installation and Upgrade" page at shorewall.net says "* Install the RPM (rpm -ivh <shorewall rpm>)." Obviously it

... are they possible?, or better yet: Are they enhacements at all? First, make it possible to use the vars defined in the params file usable in the policy and shorewall.conf also. Second, make it possible to specify a pseudo log level like NULL, SWNULL (SW by Shorewall) or an appropiate name that would have the same effect as not specifying a log level at all. These modifications together