similar to: Rules Help for newbie

Is anyone using user sets? I''m considering dropping support for them in 2.0 in favor of just listing individual user/groups in the rules file. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi, I followed the instructions in the section "Squid (transparent) Running on the Firewall" on http://www.shorewall.net/Shorewall_Squid_Usage.html to setup Squid transparently on a Linux gateway. My net is as follows: loc subnet --- fw Linux Gateway --- ADSL router 192.168.1.0/24 192.168.1.92 (eth1) WAN.WAN.WAN.2 (gw = WAN.WAN.WAN.WAN (eth0) 192.168.1.92) (gw =

Hi When I start shorewall, the multicast stream is stopped. My config: Windows VLC Client-----eth0:192.168.254.1/24--fw---eth1:191.168.254.254/16-------------------------Linux VLC Streaming server 192.168.254/24 lan wan (but it''s really a internal lan !) 191.168.1.21/16 on the FW/shorewall route add -net 224.0.0.0 netmask

Hi all well im using two interfaces.. e.g: eth0:202.188.9.2 is WAN and eth1;192.168.1.1 is LAN.. when im in LAN let say from 192.168.1.9 i cant open WAN IP address e.g: 202.188.9.2 .. why? how to set this?... i only can open 192.168.1.1 .. if possible i want to have both accessable.. thanks rgds amir

Hi , I have a dude. I have four nic. Lan, wan, dmz1 and dmz2. I use proxy arp for dmz1 and work great. But in dmz2 have 2 machine with heartbeat. IP are type 192.168.x.x If use nat work fine from wan to dmz2, but from lan ?? how to access valid ip ?? Sorry for my bad english :)

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

Hi - I have shorewall-1.3.8-1 on a RH 7.3 machine that acts as a firewall for my network. It was running the other day just fine, but today I have problems getting to the firewall. It is a frame-relay network with Cisco routers. Everything is 192.168.x.x / 24. I can''t ping the firewall from the WAN, but can from the main LAN. Sounds like a routing issue to me, but it was working for

hi list, i got a small problem. here is my setup: WAN | | | bridged $FW-------DMZ | | masqueraded | LOCAL my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 * eth0 is connected to the WAN * eth1 is connected to my DMZ * eth2 is connected to LOCAL network i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 * my router

Hello, My server is Mandrake10.1 eth0 is WAN with static IP eth1 is LAN I would like all traffic from 2 client - 192.168.0.253 and 192.168.0.248 on the lan to go straight to outgoing interface. I am not sure whether to use DNAT or ACCEPT. Can anybody clarify ? Thanks Varun

Hi All, I''m using the Mandrake Linux MultiNetwork Firewall which is a web based interface to the shorewall firewall. I have an internal ip address of 172.25.38.1 which I am try to nat to a public address so that the client pc can ftp to the internet I have add the following in the nat file: 168.10.10.1 eth3 172.25.38.1 No No And this to rules: ACCEPT lan:172.25.38.1 wan tcp

Hi, I have been running Shorewall (v 2.0.15 nowadays) for some time to act as a firewall between my LAN and my ISP where I have a fixed IP WAN address. Recently, I got an allocation of a /28 range of public IPs to do a DMZ. The ISP tells me that they are routing the /28 range via the existing WAN address. The WAN address is not part of the /28 range. This setup should be fairly simple, from

I don''t think this has anything to do with Shorewall but I am not too familiar with iptables stuff yet so I''m not sure. Running Shorewall shorewall-1.4.9 on Mandrake Linux release 9.2 (FiveStar) for i586 Kernel 2.4.22-37mdk. Run "nmap -sP 192.168.x.x/24" (for example), where 192.168.x.x/24 is the LAN. You can do this from a firewall/router, or even from a

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None fw net ACCEPT None None net Any

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear all, I''m a bit confused on the rules and would like your help. I''ve 4 NIC, eth0 --> WAN (net) eth1 --> OSPF1 (bb1) eth2 --> OSPF2 (bb2) I would like to enable all the icmp function (ping and traceroute) Wonder what effect will the following policy make. bb0 all ACCEPT info bb1

Hello, My server is on Mandrake 10.1 off. eth0 is WAN with static IP connected 512 DSL eth1 is LAN. I have enabled shorewall and it has blocked access to the net on my server. My default shorewall settings are : Source zone Destination zone Policy Syslog level Traffic limit loc net ACCEPT None None net Any

Please excuse my ignorance as I''m a linux newbie. Basically I have a setup of an adsl ethernet modem (nated and then everything forwarded to the external ip of my Mandrake mnf firewall) connected to the mnf firewall which then connects to the lan. internet <--> adsl modem <--> mnf firewall <--> lan There''s only 2 nics in the mnf firewall so it''s a

I am running Mandrake Linux 9.2 with Shorewall 1.4, and GAIM direct connect does not work, and it did before on my hardware router. Upon connection attempts, the program reports that the connection was attempted at 0.0.0.0:5190 for any user, and then promptly fails. The syslog does report that the packets were blocked. These are my stanzas in the rules file for shorewall configuration: DNAT

Hello, > My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN. I need a little clarification on static nat settings in shorewall. external address - static IP internal address - ? for the internal address should I put my eth1 IP or the general subnet range. For example 192.168.0.0. I am also not sure about : Active for firewall system? yes

Hello, My hoster updated its kernel packages... It contained some old problems that should have been fixed. My servers have now a wonderful 2.6.21.5 kernel + grsec running. Both are running Debian 4.0 (stable release). mx:/etc/shorewall# iptables --version iptables v1.3.6 mx:/etc/shorewall# uname -a Linux mx.network-hosting.com 2.6.21.5-grsec-xxxx-grs-ipv4-32 #1 SMP Fri Jul 27 17:18:23 CEST

Hello, > My server is on Mandrake 10.1 off. > eth0 is WAN with static IP connected 512 DSL > eth1 is LAN. I am little confused about NAT. I have a static IP from ISP I want to do a NAT on eth0. What should I use in shorewall masquerading or static nat ? Thanks Varun