similar to: IP Keeps being Dropped.

I have the problem when my localnetwork do telnet to the net Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2 my files are the following: policy #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net CONTINUE info loc fw ACCEPT info loc loc ACCEPT loc dmz ACCEPT info fw

I would like to cut down on packets logged from "loc2net". I have modified my policy file so that the logging for loc2net is "err" but dns packets and smtp are still being logged. Is it possible to filter these out? On a separate note, if I define ULOG in policy, I get an error on shorewall startup "ULOG not defined" or something of that nature. Sorry about being

Hi, I''m using following rule in /etc/shorewall/rules REJECT:ULOG:P2P loc net ipp2p:all ipp2p iptables -L : Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ULOG all -- anywhere anywhere ipp2p v0.8.2--ipp2p ULOG

Does anyone know what this log entry indicates? What service running on a WinNT server would send out a UDP packet with source port 137 and destination port 1? (I was unable to get any clarity from Google...) --------- May 27 11:01:47 ykrgw kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1 SRC=192.168.3.3 DST=166.84.151.198 LEN=84 TOS=0x00 PREC=0x00 TTL=127 ID=37008 PROTO=UDP SPT=137 DPT=1

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the

Dear Lists. I use shorewall-14.7 at ReHat-9.0 (2.4.26 with Julian Anastasov Patch) for quite long, and everything seem work fine. Untill this morning, i have problem with one rules ACCEPT loc:172.16.0.20,172.16.32.20,172.16.0.230,172.16.0.229,172.16.0.231 net udp 53 - 172.16.0.229 and 172.16.0.231 is my mail gateway (DNAT). DNS server is outside the firewall, Now, the

Hello, I have read the getting started guides, FAQ, etc, so if your response to the following is RTFM, please at least refer me to the appropriate one :) I have shorewall set up as follows: zones: net Net Internet loc Local Local networks dmz DMZ Demilitarized zone policies: loc net ACCEPT dmz net

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

If I''m using eth1 as my lan zone on my router box, it needs a static ip... what do I set the gateway option to in /etc/network/interfaces since this computer is actually the gateway for the rest of the lan? Itself? My "net" NIC''s address? Something else? My lan isn''t getting internet access using the default Shorewall config file (edited per

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

Marta, As Alan pointed out the loc->net policy is Continue, it should probably be loc->net ACCEPT. This is from Tom''s Shorewall Documentation... http://www.shorewall.net/Documentation.htm#Policy CONTINUE - The connection is neither ACCEPTed, DROPped nor REJECTed. CONTINUE may be used when one or both of the zones named in the entry are sub-zones of or intersect with another zone.

Hi everybody. I''m sorry to bother you because I''m probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can''t get masq working. Maybe this is because

Hello all, I am a newbie to Linux firewalls, and am trying to setup shorewall to allow connections from an Oracle client to an Oracle Server. The client tries to connect to the server via port 1521 (it works fine) and once the first connection has been successful, the server sends a redirect to the client to a random high port. So, when the client tries to connect again to the sevrer on that port

Please, help me. Can i forbid and how any outgoing traffic (ping,trace) to rfc1918 networks on my external interfaces? Thank you very much. Aleksandr -------------------- Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер, ноутбуков и PDA. Гарантия минского сервисного центра.

Hi Tom and other gurus, I modified SHOREWALL (version 2.0.15) for bridging and I cannot restart it. I got the following error ... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net

Hi all, This is your standard "I can''t *see* the internet" problem, except I think I''ve exhausted all the standard solutions. The only thing different is that my house experienced a power outage and now (after the FW rebooted) local machines can''t "see" out. I''ve got a 2-interface setup, using Shorewall 2.0.15 (installed via Debian).

Hi, here my system on shorewall: eth0 192.168.108.1 net eth1 192.168.109.1 dmz eth2 192.168.110.1 loc_110 eth3 192.168.111.1 loc I haven''t access from or to server in loc_110 through shorewall. I can use ssh or other types from loc to dmz or from loc to fw, but I can''t use connections to loc_110. I can also use ssh - connection from fw to loc_110 or redirectly. Where is the

This is a minor release of Shorewall. WARNING: This release introduces incompatibilities with prior releases. See http://www.shorewall.net/upgrade_issues.htm. Changes are: a) There is now a new NONE policy specifiable in /etc/shorewall/policy. This policy will cause Shorewall to assume that there will never be any traffic between the source and destination zones. b) Shorewall no longer

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Hi All, I was wondering whether there have been some listening experiments done to test how well spatial information is preserved in the celt signal, e.g. comparison of sound localization performance for the original uncompressed sound and the celt sound (most probably for different bit rates). Best, Pablo -- Pablo F. Hoffmann PostDoc Acoustics Dept. of Electronic Systems Aalborg