Displaying 20 results from an estimated 500 matches similar to: "Bug? wildcard interfaces not accepted in fwd chain"
2006 Aug 28
0
[Bug 507] New: tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
Summary: tun99 don't trapped by tun+
Product: netfilter/iptables
Version: linux-2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ip_tables (kernel)
AssignedTo: laforge@netfilter.org
2003 Mar 25
7
DNAT not working after changing BIND to use views
Hello all:
I''ve got a confusing issue. I had a working shorewall configuration
(based on the two interface model) using DNAT for redirection to my HTTP
server. The HTTP server is on my inside network (I know - bad juju, but
one thing at a time). I changed my configuration this morning to use
views in my BIND (named) configuration. Everyone outside the firewall
is able to get in
2009 Aug 21
2
Multiple interfaces in a zone (not a standard case)
Hi,
This subject has been brought up in the forum, but it''s a bit different.
If I have a set of tun interfaces. I already defined tun+ as zone A, and I have excluded tun15 as zone B (a subset of zone A).
I need to add tun16 to zone B.
My config:
/etc/shorewall/interfaces:
A tun+ - routeback
B tun15
/etc/shorewall/
A ipv4
B:A ipv4
I tried to define in
2002 May 27
1
Complex samba setup, requesting advise
I have a rather unusual setup within which I'd like to run samba.
At this point I have:
a) 3 networks (all private IP's)
b) net1, net2 are interconnected by a router.
net1 has a host that also acts as a WINS server and is local master,
domain master, preferred master for it's group. (linux slack7.0, samba
2.0.5)
router between net1, net2 has an IP in each network and samba
2003 Oct 08
2
Problem with /bin/ash
I have /bin/ash from rh8 installation and I have following error when I
tried to change using ash instead of sh with shorewall-1.4.7:
+ eval options=$tap0_options
+ options=
+ list_search newnotsyn
+ local e=newnotsyn
+ [ 1 -gt 1 ]
+ return 1
+ run_user_exit newnotsyn
+ find_file newnotsyn
+ [ -n -a -f /newnotsyn ]
+ echo /etc/shorewall/newnotsyn
+ local user_exit=/etc/shorewall/newnotsyn
+ [
2017 Dec 29
1
OpenVPN server and firewalld
On Fri, Dec 29, 2017 at 10:32 AM, Kenneth Porter <shiva at sewingwitch.com>
wrote:
> How do I insert the iptables rule below using firewalld?
>
> I'm moving up from CentOS 6 to 7 on an office gateway and I'm trying to
> get OpenVPN working to allow home workers to access PCs at the office. I've
> got it all working but only by manually inserting an ACCEPT rule in
2006 Aug 29
7
[Bug 507] tun99 don't trapped by tun+
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=507
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-08-29
2004 May 26
6
Newnotsyn Behavior
Hello,
I''ve been doing some tests on a firewall system running Shorewall 1.4, and
have been getting some unexpected behavior when enabling the "newnotsyn"
option.
In the test setup, I have:
----------------------------------------
/etc/shorewall/interfaces
net eth0 detect routefilter,tcpflags,blacklist
loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn
2020 Jun 28
0
Port forward internal host not working
Hi,
I am trying to reach a Raspberry Pi on my physical LAN
(192.168.10.132), via OpenVPN, from the internet.
The Internet host is 154.77.x.x. This is also the OpenVPN router,
10.8.0.1. The Pi is on 10.8.0.203. I am trying to reach port 3000 from
the internet.
>From the CentOS 7 server, I can access the Pi over OpenVPN:
root at ns1:[~]$ telnet 10.8.0.203 3000
Trying 10.8.0.203...
Connected
2004 Dec 29
5
newnotsyn question
Hi,
I''m running shorewall-2.0.8-1mdk with iptables-1.2.9-7.1.101mdk on
kernel-2.4.22-30mdk, Mandrake 10.1 (kernel-2.6.8.1.10mdk-1-1mdk is
installed, but I haven''t rebooted yet).
I get a significant number of newnotsyn packet denials from existing,
valid connections. Most of these seem to be on port 80 and port 25, and
directionality doesn''t seem to matter (I run
2005 Feb 28
1
Mail server on DMZ
Hello,
I have this problem: when my mail server on the DMZ starts a connection to
the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip
(213.58.230.50). I wouldn''t mind but there is a one customer who rejects the
connection because it makes reverse dns and finds no dns entry for the
firewall ip.
How can i correct this?
Thanks,
MSantos
shorewall
2004 Nov 25
5
newnotsyn responsible for sporadic delays?
Has anyone encountered a situation where packets dropped by the
newnotsyn chain can result in sporadic browsing problems, slowness, and
even timeouts?
I noticed that of the 3300 hits for newnotsyn in our current log (6 hours
worth), over 2700 of them were to/from our proxy servers. And browsing
through them, most *appear* to be otherwise valid packets from remote
web servers that would have
2003 Nov 07
0
Shorewall 1.4.8
Currently at:
http://shorewall.net/pub/shorewall/shorewall-1.4.8
ftp://shorewall.net/pub/shorewall/shorewall-1.4.8
Coming soon to a mirror near you.
This is a minor release of Shorewall.
Problems Corrected since version 1.4.7:
1) Tuomo Soini has supplied a correction to a problem that occurs using
some versions of ''ash''. The symptom is that "shorewall start"
2009 Aug 21
0
1 zone with multiple interfaces (special case)
Hi,
I got an existing solution with shorewall where I can differentiate tun10 from tun+ as different zone.
For example:
/etc/shorewall/zones
A ipv4
B:A ipv4
/etc/shorewall/interfaces
A tun+
B tun10
Now, I have a requirement to add tun11 to zone B.
When I do this in interfaces config:
A tun+
B tun10,tun11
It doesn''t like it (although it''s ok when performing
2005 Mar 07
10
DNS Name problem with mail server on LAN
Hi,
I have a big "name problem" with my internal mail server (10.0.0.152).
It is "seen" on the internet through DNAT (213.58.230.27). Also there is a
MX record pointing to the machine. Everything works fine from the outside.
However i can''t set the mail clients on the lan pointing to the mx record,
because this one points to 213.58.230.27 and the firewall
2003 Feb 25
0
Shorewall Setup.
Hello Tom and others on the list.
Tom - you might recall that the other day (night) I had problems with my
axip setup (protocol 93) and we made some changes to the policy, zones and
interfaces files. You added ''peers and tunl+''
Following that change nothing seemed to work. In fact you wanted to see
the shorewall status file, among other things.
Well - tonight, I carefully put
2003 Feb 27
3
Unknown commments in shorewall status.
I wonder if someone can tell me what these ''unknown'' remarks mean in my
status file. They are only in the last portion of the file and are listed
below. If they mean nothing, I will rest easy. But if not it means
I need to fix something. Your thoughts would be appreciated.
----------------
udp 17 92 src=24.224.173.220 dst=24.222.0.75 sport=1027 dport=53
src=24.222.0.75
2008 Feb 11
2
OpenVPN traffic will not be routed into network / as DefaultGW traffic ... with 1 NIC
Hello!
I''ve the following set-up
RemoteClient1 (Win Vista), RemoteClient2 (Win XP) do both connect to
my OpenVPN box. They can talk to each other, using their 172.16.1.x
tun0 Address on the server.
The server itself (Ubuntu gutsy, OpenVPN: 2.0.9-8, shorewall:3.4.4-1)
has 1 NIC that connects the machine to
a) a DSL-router (forwards several ports to this linux machine,
including the
2005 Mar 31
3
Multiple subnet question
Hi All,
I just added a second subnet and thought I had read all the relevant
FAQ''s and had set things up properly, but a few odd things are
happening.
ZONES:
net Net Internet
loc Local Local networks 192.168
loc2 Local Local networks 10.151
ppp PPP PPP Dial-in
rw RoadWarriors Road Warriors
rw2 RoadWarriors Road
2005 Apr 06
4
Publics IPs in a loc zone
Hi again, I have now configured a 2.0.8 shorewall with two interfaces:
interfaces:
net eth0 detect
loc eth2 detect
masq:
eth0 eth2
the interface eth0 has the 192.168.1.10 ip and its connected to internet
the interface eth2 has the 192.168.2.1 ip and its conected to a
router (CMTS - Cable Modem Termination System)