similar to: losing connection

Whilst configuring another shorewall firewall router for another site, I must have made some totally newbie error.... While directly on the cable modem, it works great. But when placed on the LAN side of my existing Shorewall box, the NEW shorwall box could not ping, or look up dns or anything else. If I shutdown shorewall (clear) in the NEW box then it could surf the net and ping etc. When

http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.3 Problems Corrected: 1) If a zone is defined in /etc/shorewall/hosts using <interface>:!<network> in the HOSTS column then startup errors occur on "shorewall [re]start". 2) Previously, if "shorewall status" was run on a system whose kernel lacked

Hola and thanks for any help in advance I installed mandrake 9 a few days ago and wanted to set up some additional rules to shorewall, bu i failed :) What i want to do is basicly route any incomming udp and tcp packets on port 4665 to a workstation behind the router. router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0) connected to dsl modem and gets a dynamic ip

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Release Notes are attached Changes since last Snapshot: a) The per-interface dynamic blacklisting chains are now displayed by "shorewall monitor" b) IP Traffic Accounting support has been added. c) Rules may now be rate-limited. d) Bridge interfaces (br[0-9]) may now appear in entries in the

Hello, I''m a very happy user of shorewall but I have found a problem or maybe a misconfiguration I made which I can not resolve. I use a fairly large blacklist based on probes, nimda & codered attacks, proxy & relay probes etc. The only problem is that I want to block incoming trafic on all ports FROM a block but it does also block a httpd, ping etc TO a ip in a block what I do

How does one interpret the mac addresses in the log which seem to have 14 segments... Example, this appears in the log... 00:40:c7:2e:09:c0:00:01:64:4a:70:00:08:00 Yet I can''t find that in the arp table norcomix:~ # arp -an ? (192.168.2.148) at 00:10:4B:6A:AE:E7 [ether] on eth1 ? (192.168.2.149) at 00:D0:B7:1D:F2:F2 [ether] on eth1 ? (24.237.19.16) at 00:10:DC:67:BA:80 [ether] on eth0 ?

I''ve set up shorewall with the two-interface mode. pc #1 eth1 ---> ppp0 ---> Internet eth1: 10.10.10.254 eth0: 10.10.10.1 > via a crossover cable pc #2 eth0: 10.10.10.2 (gateway=10.10.10.254) I am able to surf the net with pc #1, but pc #2 is completely cut off from pc #1 and the net. I am also unable to ping from and to pc #2.

http://shorewall.net/pub/shorewall/Snapshots ftp://shorewall.net/pub/shorewall/Snapshots Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

First of all, My apologies for this maybe slight OT post, but I have so much confidence and read so much good replies on this list, that I am still asking my question. I''m looking for a linux distribution to use on our school''s homemade routers. The routers are small miniITX based systems with 2 network interfaces. I added a 4 port D-Link network card in some cases, when I

The first 1.4.0 Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes. 2. Interface names of the form

The first release candidate is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta The only change between Beta 1 and RC1 is that the ''check'' command is back in RC1. Function from 1.3 that has been omitted from this version includes: 1) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4

Here is the proposed content -- I''m looking for a Beta to start in the next week or so with release around the middle of next month. The main focus of 1.4 will be to provide external behavior similar to the upcoming 2.0 release. Function from 1.3 that has been omitted from this version includes: 1) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4

This is a roll up of the following fixes: * There is an updated rfc1918 file that reflects the resent allocation of 222.0.0.0/8 and 223.0.0.0/8. * The documentation for the routestopped file claimed that a comma-separated list could appear in the second column while the code only supported a single host or network address. * Log messages produced by ''logunclean'',

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The

The following is taken from the Release notes for 2.2.3 (which will be released in a month or so). 2) There has been ongoing confusion about how the /etc/shorewall/routestopped file works. People understand how it works with the ''shorewall stop'' command but when they read that ''shorewall restart'' is logically equivalent to ''shorewall

I get this enabling the option "routestopped" in my interface (eth0, net, one interface): Failed to apply configuration : Compiling... Compiling /etc/shorewall/zones... Compiling /etc/shorewall/interfaces... ERROR: Invalid Interface option (routestopped) : /etc/shorewall/interfaces (line 11) Means that routestopped don''tt work, is it? Then, what could i do? Thank you very

--==========1809029384========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline This corrects a more serious problem -- the ''find_hosts_by_option'' routine was broken which means that ''routestopped'' and ''maclist'' were also broken. -Tom -- Tom Eastep \ Shorewall -

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=infointerfaces:#ZONE INTERFACE BROADCAST OPTIONSnet ppp0 217.96.90.242 nopingloc eth0 255.255.255.0 routestopped,maclistmaclist:#INTERFACE MAC IP ADDRESSES (Optional)eth0

Shorewall 1.4.7 is now available at: http://shorewall.net/pub/shorewall/shorewall-1.4.7 ftp://shorewall.net/pub/shorewall/shorewall-1.4.7 It will be available at your favorite mirror shortly. The release notes are attached. As always, many thanks go to Francesca Smith for updating the sample configurations for this release. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently