similar to: shorewall and ulogd

quick background: RH9 (2.4.20-19.9) Shorewall 1.4.6a-1 ulogd 1.00 Shorewall is working properly. I''ve followed the FAQ instructions and everything appears to be setup correctly. The problem is that I''m trying to get ulog going...but I''m getting: # service ulogd status ulogd dead but subsys locked I''m not sure if I was suppose to, but I also manually created

Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on

I''m trying to get Shorewall to use ulogd for logging, but I''m not seeing any logging in either the file I set up for logs, nor in /var/log/messages (where the logs used to be). I''m running a stock Debian 3.0 woody system, with a custom 2.4.21 kernel. I used all the settings as described on shorewall.net when configuring the kernel. ulogd (0.97-1) and shorewall

Hi List, I read this list for nearly two years and learnt a lot, but now i have a very strange problem I can''t solve.. I have a firewall machine running Debian, which connects a small office to the internet via a DSL-line (with pppoe) and which is running Shorewall. It allows all outbound traffic and accepts pptp, openvpn and ssh-connections (on a non-standard port) from the internet.

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 See if this change to proxy arp is more palatable. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

https://bugzilla.netfilter.org/show_bug.cgi?id=986 Bug ID: 986 Summary: ulogd fails to build against linux headers >= 3.17.0 due to ULOG target removal Product: ulogd Version: SVN (please provide timestamp) Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority:

New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the trace rather than up in the middle of it. 3) "shorewall [re]start" has been speeded up by more than 40% with my

I would like to cut down on packets logged from "loc2net". I have modified my policy file so that the logging for loc2net is "err" but dns packets and smtp are still being logged. Is it possible to filter these out? On a separate note, if I define ULOG in policy, I get an error on shorewall startup "ULOG not defined" or something of that nature. Sorry about being

FYI. I have not been able to determine 100% that logrotate does this, but ulogd appears to stop logging whenever logrotate runs. So far, the only obvious commonality that I see is that logrotate ran and that the /var/log/ulogd/ulogd.syslogemu is completely empty until I restart ulogd. I have proven that the logging is broken by manually performing a network operation that Shorewall normally

Dear all, I have configured both shorewall and shorewall6 on my firewall. Shorewall is using ULOG as logging target and since that did not seem to work I tried using NFLOG in shorewall6. However, nothing is logged in the /var/log files. Three questions: - What am I doing wrong? I just use LOG=NFLOG in the params file. - Can I use NFLOG for shorewall too? - Do I need ulogd when setting the

Hi List, I have just recently set up 2 mint systems with shorewall and have been using the script for a fair amount of time before that. What really ruined my day was the fact that the logging options for the chains'' Policies are in a different place than all the other logging options. I built my kernel with ulogd and spent hours looking for the config options of the policies. Now

Going deeper on last post "[Shorewall-users] logging", I found a very nice package that handles ULOG messages in a web interface, where you can browse the events from a MySql database produced by ULOGD. Real time. The name is: ULOGD-PHP From the site: ------------------------------------------- ulogd-php is able to : show the last hosts that broke packets on your firewall. show the

The first Beta Version is available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the

Hello, I tried Shorewall for the first time today. I am currently using an up-to-date installation of Debian Sid, which has shorewall 4.2.10, shorewall-shell 4.2.10 and shorewall-perl 4.2.10.1. I noticed that even though I had the following /etc/shorewall/policy file, iptables would still show LOG rules at the end of the INPUT and OUTPUT chains instead of ULOG rules. (Other logging related rules

Hi All, I need to be able to make sense from my shorewall logs. I have installed logwatch and it is mailing me reports but the level of detail is just not there. I have set the detail variable to High=10 but I get entries only from the DNS service about denied updates. What am I getting wrong? Tom, will you be kind enough to send me your logwatch config files? Thanks in advance. Ama

http://bugzilla.netfilter.org/show_bug.cgi?id=793 Summary: ulogd -d does not close all fds Product: ulogd Version: SVN (please provide timestamp) Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ulogd AssignedTo: netfilter-buglog at lists.netfilter.org

Hi, I''ve just recently switched off my (lame) hardware firewall onto an old box running linux 2.4.18, iptables 1.2.6 and shorewall 1.2.9. I''m kinda new to linux firewalling myself but so far Shorewall has taken much work from me. While reading myself into iptables I saw that just recently something called ULOG (userspace logging) has been implemented in newer kernels and

Hi Tom and list, Still trying to set up Shorewall logging. I understand that Shorewall require syslog to get logging working, however I have metalog. Is this possible to use metalog as logging facility for Shorewall? I was reading http://www.shorewall.net/shorewall_logging.html and it describes other method ( ULOG ). I understand that I have to compile ULOG support in the kernel... where do I

I''m noticing some weirdness in my ulog files with version 2.0.10. Here is a portion of the log: Jan 7 11:01:37 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0a:95:b2:11:4c:08:00 SRC=192.168.0.100 DST=192.168.0.255 LEN=97 TOS=00 PREC=0x00 TTL=64 ID=44155 CE PROTO=UDP SPT=631 DPT=631 LEN=77 Jan 7 11:01:39 rancor Shorewall:loc2fw:AllowWOL: IN=eth1 OUT=

The first public Beta of Shorewall 1.3.12 is now available: New features include: 1) "shorewall refresh" now reloads the traffic shaping rules (tcrules and tcstart). 2) "shorewall debug [re]start" now turns off debugging after an error occurs. This places the point of the failure near the end of the trace rather than up in the middle of it. 3) "shorewall