similar to: ping

I have registered a project with Sourceforge to produced a Webmin module for Shorewall. http://sourceforge.net/projects/webmin-shorewal/ Anyone interested in participating please email me at enemyofthestate at users.sourceforge.net I am still learning the interface but I think I need your Sourceforge Nym to add you as a developer. -- Stephen Carville Unix and Network Adminstrator

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

Our setup: server running shorewal 4.5.2.2 and watchguard vpn appliance. VPN appliance was supplied by our document flow provider. I want to route traffic to 192.168.2.0/24 via 10.10.10.1 gateway. So I thought it would be a good idea to set it up as another ISP in the providers file. But when I enable it I can reach 192.168.2.0/24 subnet but not internet. Can you please tell what I am doing

This one is a bit complex so if no help is forthcoming, I understand. I have 2 shorewall firewalls (1.3.13) up and running. (both machines running Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have squid setup as a caching/filtering server on each of them. Each of them was originally setup using the Two-interface Quick Start Guide. Then the Squid guide and then the IPSEC

I have the following interfaces loc eth0 net0 eth1 net1 eth2 (net0 and net1 are the two ISP networks) policy loc net0 ACCEPT loc net1 ACCEPT net0 all DROP info proxyarp 209.189.103.204 eth0 eth1 no no params Pellucidar=192.168.124.232 rules DNAT net0 loc:$Pellucidar tcp 22,80,1950,50005 - 209.189.103.204 ACCEPT all all icmp

Hi list, This is my first post there. CONTEXT : -------------- I have a little lan behind a shorewalled box (internet) -- NET_IP [gateway] LOC-IP -- (lan X.Y.0.0) internet -> net zone connected to the gateway via a ppp interface lan -> loc zone connected to the gateway via eth1 NET_IP and LOC_IP are defined in shorewall params file GOAL : --------- i want to forward http and

I have allowed ALL of the local users to ping the internet but they currently get the following error and cannot access the internet ! I know it is something I have done wrong (I think it is a routing problem but just cannot find out what) The error is:- Reply from 212.219.13.74: destination host unreachable. My eth1 is 10.0.0.1 and the users can ping that OK My eth0 is 212.219.13.74 (connected

Hi you all guys/girls from this list, I almost never use email lists, but this problem is driving me crazy. I use shorewall for a long time ( since version 1.2.x) but now I use it where I work, and here we now have 4 different ISP for redundance and because it''s cheaper then 1 ISP and a bigger link. 3 of 4 ISP I have no problems, but on the 4th ISP here goes my problem : I have a

Hello everyone! How are you? Hope you''re well :) Here''s my setup at home: Internet -> (eth1) Comp1 (shorewall, DHCP, dns server, Internet sharing) (eth0) -> Linksys (wireless) ~~~~~~~~~~~~ (wlan0) Comp2 (eth0) -> IP Phone My computer1 is well confiugred, everything was working right and well. I decided to move the IP Phone to the COmputer 2. I was able to make this

Hello, 1) Thanks - shorewall save me a lot of time! 2) I try - exactly: I must :-) - configure a VPN server behind 2 NATs. My situation: RoadWarior - INet - ISP Router (NAT+PortForwarding) - Inetranal Router (running Shorewal, NAT+PortForwarding) - Inetranl VPN Server If RoadWariror try to connect Internal VPN Server then connection failed with "GRE: Bad check chcksum from pppd"

Network Configuration issues I''ve been working on this for 2 days PLEASE HELP! I am having the following issues with network configuration and I cannot ping the external interface to begin troubleshooting the network configuration. I know that the ISP''s router is configured correctly since I have attached it to a small Linksys firewall and was able to ping the 66.240.207.226

Hi everyone.. i have followed this instructions http://devel.elucid8design.com/el8/devel/tutorials/pptp.php to build a vpn server with shorewall. the configuration of my network is: vpn server (with shorewall installed) with 2 interfaces: 192.168.1.2 --> net zone 192.168.0.x --> loc zone when i try to

Tom, I use shorewall 2.2.3 with four network interfaces comprising of three zones. I am able to ping some servers from the internet(net-zone) and not others. I do not want to allow ping by default from internet. I have not copied the files action.drop and action.reject into /etc/shorewall. Nor I have a AllowPing rule in rules file. The policy file is pasted below. #SOURCE DEST POLICY

Sorry if I missed the answer in the docs but how can I drop ICMP silently? Seems that a several IPs in my ISP block suddenly decided to start ping''ing me and I rather not have my logs fill up with all the drop messages. Thanks, Mike

Hi Experts, I am running very basic setup ubuntu 5.04 on HP e-Vectra eth0 talking to SpeedTouch Home ppp0 is PPPOE through eth0 eth1 though USB-ETH is my local network I can ping firewall (192.168.2.254) from local I can ping ISP receiving point from firewall (then this idiots block ICMP!) I cannot ping ISP from local. No packets go out - I checked with ethereal Thanks in advance Alex

Sorry, I guess I haven''t looked passed "Otherwise". All the exact output in the attached file. Ping to the same address from firewall works perfectly A added a few unnecessary ACCEPTs to the 2-zone setup etc after I could not get the ping through the first time Cheers Alex

Hi, I''m using Shorewall and LSM to load-balance 3 ISPs. My configuration works, but when an ISP is disabled, LSM is unable to ping from the associated interface. I understand why it happens : when `shorewall disable isp1` is called, Shorewall flushes the routing table isp1, and removes the nexthop in the balance table. So when I want to ping 8.8.8.8 from eth1, no rule allows it.

I have been approached with a question that I am not sure about... A Shorewall system has only one interface, with a public IP-adress. The same system is the endpoint for a few OpenVPN-tunnels. Is it possible to add an aliased IP to the interface, and NAT traffic to a OpenVPN-endpoint? The endpoint is on 10.4.2.3 and the Shorewall-box has an interface of 10.4.2.1.

Hello, I use Shorewall 2.0.16 on my server. I would like to auhtorized some external desktop to connect my network. The desktop''s IP change always, because they use dynamic addresses and they haven''t static IP. So I would like to filter those desktop...With shorewall, I can use an IP to drop, reject...But in my case, I can use it. So I think to use a filter on the MAC address.

Hi, I am new to VPN an OpenVPN with shorewal. I tryed a lot and read a bounch of howto''s but nothing helped so I came here. I want to tunnel all request to my server 141.48.XXX.XXX from my home network throu port 443. I want to do this because this is the only way I can connect to my server using ssh or ony other tool or port. On Port 80 Apache is running, so I only have the https port