Displaying 20 results from an estimated 800 matches similar to: "Jan 16 17:49:33 murowall kernel: Shorewall:loc2net:CONTINUE:IN=eth0 OUT=eth2 SRC Shorewall:FORWARD:REJECT:IN=eth0 OUT=eth2"
2003 Jan 16
0
Jan 16 17:49:33 murowall kernel: Shorewall Shorewall:FORWARD:REJECT:IN=eth0 O UT=eth2
Marta,
As Alan pointed out the loc->net policy is Continue, it should probably be
loc->net ACCEPT.
This is from Tom''s Shorewall Documentation...
http://www.shorewall.net/Documentation.htm#Policy
CONTINUE - The connection is neither ACCEPTed, DROPped nor REJECTed.
CONTINUE may be used when one or both of the zones named in the entry are
sub-zones of or intersect with another zone.
2007 Nov 20
11
rfc1918 on external interface
Please, help me. Can i forbid and how any outgoing traffic
(ping,trace) to rfc1918 networks on my external interfaces?
Thank you very much.
Aleksandr
--------------------
Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА
и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер,
ноутбуков и PDA. Гарантия минского сервисного центра.
2003 Jan 13
5
Using private & public addresses together i n the Shorewall''s DMZ zone
To rephrase the question, "Can I use masquerading and proxy ARP in the same
zone simultaneously?" It''s not a stupid question--I couldn''t see any reason
why it wouldn''t work, but I had actually try it out to convince myself that
it did (which isn''t a bad thing to do before posting the question to the
list, by the way). In any case, the answer is
2004 Dec 04
7
vpn-zone wide open
Hello!
I am using shorewall shorewall-2.0.11-1 on fedora core2
(iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec
interface for a freeswan-vpn connection.
A few days ago, portsentry spit out a lot of connections from windows
clients (port 135, 445). Ooops.
I review my shorewall settings but could not find a mistake. So I took a
win-client and established a second
2004 Sep 24
10
hopeless - smb over bridged firewall
Dear List!
I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection
to the Internet (ppp0 - eth1 to the modem) and a bridge to the local
lan. The bridged config i''ve made with bridge.html from the shorewall
site. The Bridge is between local net and a openvpn tap device. This
works. I ccan make tunnels, and a can make a lot of things through the
firewall. I can get a list
2005 Feb 04
3
loc2net no longer working (and I read the FAQ)
Hi all,
This is your standard "I can''t *see* the internet" problem, except I think
I''ve exhausted all the standard solutions. The only thing different is
that my house experienced a power outage and now (after the FW rebooted)
local machines can''t "see" out.
I''ve got a 2-interface setup, using Shorewall 2.0.15 (installed via
Debian).
2003 Jun 13
8
Oracle SQL*Net through Shorewall
Hello all,
I am a newbie to Linux firewalls, and am trying to setup shorewall to allow connections from an Oracle client to an Oracle Server. The client tries to connect to the server via port 1521 (it works fine) and once the first connection has been successful, the server sends a redirect to the client to a random high port. So, when the client tries to connect again to the sevrer on that port
2005 Feb 25
4
(no subject)
I am attempting to forward http requests to my external interface, from
internal machines to a machine that is located on the internal interface,
via the firewall rules. Externally, I am able to forward the port to the
webserver located behind the firewall, and I want to use the same
hostname/ip for clients if they are on both sides of the firewall.
Note, that I only want to do just the one port,
2005 Jan 09
19
Shorewall and CUPS printing interference
I''m having a problem with the Shorewall firewall and CUPS printing
interfering with each other. My Linux firewall machine is acting as both
a CUPS server and client for all of my tests.
Shorewall 2.0.13
CUPS 1.1.22-2
Linux kernel 2.6.9
CUPS was working fine to print to my Epson C84 (network connected via a
Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I
2003 Jan 13
7
dmz2dmz?
Hi
My situation:
I have two pc''s with public ip''s (192.159.56.206(webserver) and
84.196.123.65(mail-gateway)) in the dmz. The firewall (84.196.123.66) is
configures with proxyarp, so nothing is changed on the pc''s from when they
were not behind the firewall (i.e. they don''t have the firewall as gateway
(and they each have different gateways, only 84.196.123.65
2005 Jun 10
11
/etc/network/interfaces
If I''m using eth1 as my lan zone on my router box, it needs a static
ip... what do I set the gateway option to in /etc/network/interfaces
since this computer is actually the gateway for the rest of the lan?
Itself? My "net" NIC''s address? Something else?
My lan isn''t getting internet access using the default Shorewall config
file (edited per
2003 Nov 04
1
IP Keeps being Dropped.
here''s a snippet from my /var/log/messages:
Nov 4 00:24:45 firewall kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=80.143.227.136 DST=165.247.174.243 LEN=76 TOS=0x00 PREC=0x00 TTL=114
ID=41910 PROTO=UDP SPT=9940 DPT=9940 LEN=56
Nov 4 00:24:45 firewall kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=ppp0
SRC=10.0.0.2 DST=4.4.130.47 LEN=76 TOS=0x00 PREC=0x00 TTL=127 ID=26091
PROTO=UDP
2004 Dec 29
18
No response on port 80 with Shorewall
I have problem getting answer on http request from all my local subnets
but not from local subnet.
Ping and requests on ports 21 22 23 25 110 works fine.
I logged port 80 in rules files and I got
accept entry same for local subnet and other subnets.
Local subnet is 192.168.6
Dec 29 09:52:40 zinfsrv2 kernel: Shorewall:loc2fw:ACCEPT:IN=eth0 OUT=
MAC=00:09:6b:07:ca:cc:00:10:b5:fa:bd:71:08:00
2005 Feb 21
12
NAT
Hello,
I installed my linux server for 3 months now. It does almost everything
(dns, web & mail server, firewall ...).
I just encounterd two problems with the firewall: behind this server
there are 2 computers: i got emule on one and msn on the other. The
problem is that I can''t configure well the firewall fore these 2 rules.
I''ve added DNAT rules but it
2005 May 27
3
Requesting help with a log entry
Does anyone know what this log entry indicates? What service running on a
WinNT server would send out a UDP packet with source port 137 and
destination port 1? (I was unable to get any clarity from Google...)
---------
May 27 11:01:47 ykrgw kernel: Shorewall:loc2net:DROP:IN=eth0 OUT=eth1
SRC=192.168.3.3 DST=166.84.151.198 LEN=84 TOS=0x00 PREC=0x00 TTL=127
ID=37008 PROTO=UDP SPT=137 DPT=1
2003 Jan 12
10
Shorewall on a file/webserver/router Help
Hi,
I have a install of shorewall I have 2 interfaces(I think)
ppp0[connection device] and eth0 [LAN device],
I want to allow all traffic from the the internet in or aleast port 80 and
CVS and webmin and mail and everything normal to the main machine with
shorewall on it.
I changed to policy file but it just gave me errors as to double interfaces.
I also what still to alow connection sharing
2005 Jan 25
3
IPP2P broken?
Hi,
I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like:
DROP loc net ipp2p
generates:
iptables -A loc2net -j DROP
that''s _wrong_ :)
i have tried playing with debug to no avail, and I''m not that good at bashing...
just to be complete, the suggested status.txt from one of the
2003 Jan 14
1
logging
I would like to cut down on packets logged from "loc2net". I have modified
my policy file so that the logging for loc2net is "err" but dns packets and
smtp are still being logged. Is it possible to filter these out?
On a separate note, if I define ULOG in policy, I get an error on shorewall
startup "ULOG not defined" or something of that nature. Sorry about being
2007 Jun 29
1
ipp2p traffic not rejected
Hi,
I''m using following rule in /etc/shorewall/rules
REJECT:ULOG:P2P loc net ipp2p:all ipp2p
iptables -L :
Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ULOG all -- anywhere anywhere ipp2p
v0.8.2--ipp2p ULOG
2004 Aug 03
2
dns strange problem
Dear Lists.
I use shorewall-14.7 at ReHat-9.0 (2.4.26 with Julian Anastasov Patch)
for quite long, and everything seem work fine.
Untill this morning, i have problem with one rules
ACCEPT
loc:172.16.0.20,172.16.32.20,172.16.0.230,172.16.0.229,172.16.0.231
net udp 53 -
172.16.0.229 and 172.16.0.231 is my mail gateway (DNAT).
DNS server is outside the firewall,
Now, the