similar to: NFS config problem

Setting up MAC Verification on eth0... Error: Interface eth0 must be up before Shorewall can start my : /etc/shorewall/shorewall.conf: MACLIST_DISPOSITION=REJECT MACLIST_LOG_LEVEL=info interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 217.96.90.242 noping loc eth0 255.255.255.0 routestopped,maclistmaclist: maclist: #INTERFACE MAC IP

When I install the two-interfaces files in /etc/shorewall on my FC-5 system (with shorewall-3.2.3) and run "services shorewall restart" I get ------------------------------------------------------ cp -a interfaces masq policy routestopped rules zones /etc/shorewall/ ... [root@alfred shorewall]# service shorewall restart ... Determining Zones... ERROR: Zone fw is defined more than once

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

I''ve had some issues with my network, and I''ve had to reconfigure my Gibraltar CD. It runs shorewall 1.4.8, and I have a 2-interface setup, so I downloaded the relevant files from the install page. Masq and such works, but I''m having a problem with my port forwarding. It works for port 22, but it doesn''t seem to work for any other port. I''ve turned

Hello everyone: I have a problem with the shorewall configuration. Let''s me tell you. I have installed shorewall 2.0.4 into a machine with 2.6.8 kernel. This machine works like a software-router: it has 2 netcard eth0 goes to the local network 192.168.0.0/24 eth1 is an interface for ppp0 (there is an ADSL conected) I have defined the Network Zones (net, loc); The Network Interfaces

Hello, I''m working on a Shorewall-1.2 setup on a _remote_ debian (woody) firewall with several live web and mail servers behind it. I know doing this remotely is a *really* bad idea, and I''d rather not be in this situation, but so it goes... Worst case scenario, I lock myself out and have to drive an hour to get physical access to the machine and restore service. Anyhow,

The rule: ACCEPT loc $FW::3128 tcp www doesn''t work propertly, the http access does not redirect to squid but directly exit. what''s wrong? Thanks ------- Dario Lesca (d.lesca@ivrea.osra.it) -------------------------------------- @@@@@@@ this is my shorewall-1.2.13 config: #[/etc/shorewall/common.def]-----------------------------------------------

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

Le mardi 21 juin 2011 15:32, Tom Eastep a écrit : > -------- Forwarded Message -------- > From: Tom Eastep <teastep@shorewall.net> > Reply-to: Shorewall Users <shorewall-users@lists.sourceforge.net> > To: Shorewall Users <shorewall-users@lists.sourceforge.net> > Subject: Re: [Shorewall-users] routestopped 4.2 to 4.4 > Date: Mon, 20 Jun 2011 13:37:02 -0700 >

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

Ok, I hate to be the newbie posting a dumb question, but I can''t get port forwarding to work... in interfaces I have: net eth0 detect dhcp loc eth1 192.168.1.255 routestopped in rules I have: # # Forward FTP connections to 2021 to 192.168.1.3 # ACCEPT net loc:192.168.1.3 tcp 2021 21 So, the end result should be that

Hi Tom and other gurus, I modified SHOREWALL (version 2.0.15) for bridging and I cannot restart it. I got the following error ... Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Policy REJECT for fw to loc using chain all2all Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to fw using chain loc2fw Policy ACCEPT for loc to net

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

Hi, I''m trying to enable ssh (when that works, want to add:pop3s,smtp,web) from the internet to the firewall but it does not work. I managed to DNAT ftp to a host in the loc network (192.168.0.50) successful but I don''t know why SSH: Does not work for me: ACCEPT net fw tcp 22 Works from the loc network: ACCEPT loc fw tcp 22 I have tried also with (no success): AllowSSH

Hi there, Let me just start by saying that I am a bit of a Linux newbie, but that Shorewall seems an excellant product. The issue I''m reporting wont stop me from using it, it still does 99% of what I need. Anyway, I have a resonably simple two interface system. My server (HatMannz, P3-900MHz with a RAID-1 array of 80GB IDE drives running Red Hat 9.0) connects to a cable modem via eth1

Hi Tom, I nearly completed the test and installation related to http://www.shorewall.net/PPTP.htm. However, there is no serious problem when it is operated as it is in the general companies, but there is Client Program for MS-Window that is operated only by Public IP. So I am very concerned about it. I would like to use Internet through Gateway in (B) as local computers in (A) receive Public

I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig05F2F5838E1DC28DCA5557B7 Content-Type: multipart/mixed; boundary="------------040200040609050204020409" This is a multi-part message in MIME format. --------------040200040609050204020409 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi, Using Mandrake 9.0 and

Hello Tom, I''ve been using Shorewall for years without problems. My previous version of shorewall was 1.4.6b-1. Everything worked just fine. Today I upgraded using rpm to 2.0.8-1. After update no one can connect to any interface from net. Server can connect to outside world fine and those described in routestopped have no problem connecting. Any help correcting this problem would be