similar to: Logging of all connections

I read several posts about SMTP being blocked at ISP. My ISP has the same limitation. My ADSL connection (1 fixed IP) only permits outbound connection to port 25 to their server. None of those posts answered my need. I tried FAQ also. I have several internal email clients/bots that needs to retrieve/send messages, some of then are notebooks. It''s not fair to change SMTP server to the

I have a NetGear FV318 living in my DMZ, with one of its LAN-ports living in my LOC zone. What rules are needed in shorewall to allow a certain subnet to make connections to this device from the net zone? Do I define it as a tunnel in shorewall/tunnels, or do I just allow some selected traffic to the DMZ IP? I am not sure which of the docs are right for me in this case?

My setup 4.9 stable with IPFW. Machine acts as gateway for two machines. What are my options on monitoring activity on my external card? This morning I noticed my DSL modem activity light is blinking non-stop. Looking at /var/log/ don't see anything suspicious. I feel tempted to add "log" to all my ipfw pass rules, but wonder if there isn't a better way. I am mostly concerned

I made a boo boo in my config and put in this rule #PPTP DNAT net:213.67.241.162/217.209.46.204/32 loc:192.168.221.200 tcp 1723 DNAT net:213.67.241.162/32,217.209.46.204/32 loc:192.168.221.200 47 - And the the following happened.. and I wonder why it didn''t complain? I am sure I am just misunderstanding some doc

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

Dear experts, Quick quotation... I have a sendmail server behind the shorewall-2.1.7 server. I would like to do Port forwarding (DNAT) for clients on the internet, who need to access the mail server. Please let me know, which way is the most suitable to accomplish this; using following 2 types of configurations Setup - Internet -- > shorewall -- > sendmail

Hi, I have a cisco sdsl modem to connect to internet via eth1 (192.168.1.2) local is eth0 (192.168.2.254) default gw is 192.168.1.1 the cisco forwards all incoming ports to 192.168.1.2. I connect from outside on port 24562, login is successfull, the ftpserver gives back the external Ip of the cisco as pasv IP to the client (its a setting in the ftpserver). It gives an ip from the pasv range I

Hi, I am running OpenVPN where i have one central hub VPN server, and multiple spoke VPN clients. I can ping from each client to the server and each client to computers on the subnet which the server resides (192.168.2.0/24) so it works ok there. I cannot however, ping from one client to another client. I guess the packet path would go: clienta -> vpn -> shorewall/router -> vpn ->

Hello everyone, is a pleasure to be here. I have a problem with my server, it runs qmail SMTP and protect it with shorewall. Since yesterday I get syn flood attacks on port 25, which means that no longer meet. How can I stop this with shorewall? my setup is as follows. zones: #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks dmz DMZ

Going deeper on last post "[Shorewall-users] logging", I found a very nice package that handles ULOG messages in a web interface, where you can browse the events from a MySql database produced by ULOGD. Real time. The name is: ULOGD-PHP From the site: ------------------------------------------- ulogd-php is able to : show the last hosts that broke packets on your firewall. show the

I''ve installed a bering box acting as a firewall for a lan; the lan is 192.168.1.0/24 the bering box is 192.168.1.254 I''ve installed a squid server 192.168.1.1 It is possible to configure shorewall for a transparent proxy to the squid server? I''ve tryed with REDIRECT loc loc:192.168.1.1:3128 tcp www - !192.168.1.1 in the rules file I get this error: Error:

Does anyone have any recommendations for network monitoring systems that work with CentOS 3 or 4? thanks

Hello All, I have installed Shorewall 2.0.7 and configured , I am using masq to share internet for users. I have problem of perticular sites . I blocked site IP address. and succeeded but i have problem of Public proxy addresses , some user use anonymous proxy Ip and get thru it and use blocked sites. I blocked Public proxy adresses but it lot of them( I mean more than one public proxy

Hi, I am using FreeBSD 8.2 and went to add 4 new disks today to expand my offsite storage. All was working fine for about 20min and then the new drive cage started to fail. Silly me for assuming new hardware would be fine :( The new drive cage started to fail, it hung the server and the box rebooted. After it rebooted, the entire pool is gone and in the state below. I had only written a few

I have a lan with shorewall running as firewall and two local machines, where 10.1.1.2 and 10.1.1.15 are two internal mail servers and where 124.124.124.124 and 123.123.123.123 are the external IPs for the mail servers. The two mail servers need to communicate with each other via smtp (for sending mail from domains hosted on one to the other) but its giving issues. Specificaly when one server

My actual scenario is: -Hundreds PCs in a internal network (fixed IP), divided in +- 6 different subnets -A +- 6 customers with leased lines -A Cisco Catalyst 4006 connecting groups of PCs to corresponding customers (imagine a Call Center company) -Works fine. The problem: Frequently, it''s necessary to migrate dozens PCs from a customer to another. You know, change all IPs and

Hi to all, +-------+ eth1 +-------+ | |==========| | ''network 1'' ----| A | | B |---- ''network 2'' | |==========| | +-------+ eth2 +-------+ A and B are routers # tc qdisc add dev eth1 root teql0 # tc qdisc add dev eth2 root teql0 # ip link set

It is my plan that the upcoming release of Shorewall (1.3.14) will definitely be the last of the 1.3.x releases and will very probably be the last release of Shorewall 1.x.x. I will continue to support Shorewall 1.3 but will be making no more enhancements to it. I will be devoting my time to Shorewall 2. If anyone is interested in taking over the development of Shorewall 1, please let me

Hi all, i have a problem with 2 peers conecting to an asterisk machine, both are conected behind nat without any port mapping in the router, and the * is conected behind other nat with the port 4569 mapped to it address, the problem is: when a peer register to the asterisk the other cant register and viceversa, only gets registration the first one, im using firefly and a hardphone from wuchuan,

Hi all Sorry of my english, hope you understand :) My Shorewall is runnig just fine, and problem with local access to dmz is solved (another mail to list, another day..) I have a setup with heardbeat on http server, and now i want to get on my firewall as well. I just want to know if any have tried that, and get it to work ? Please have a nice day :) Kim --- Outgoing mail is certified Virus