similar to: Problem with sending mail from mail server behind firewall.

Hi, Trying to figure out why I cannot get access to dell.com Their site is up because I can browse using a different firewall. Trying to find out where the logs are located and what log files it would write to if it were to deny browsing to a website. I can see the [UNREPLIED] when using the shorewall status. Was hoping to know what logfile it is writing it to. Thanks in advance, Elmer

Unreplied message when i try to connect to an internal system I''ve set up a shorewall 3.0.5 system on Fedora core 4 When i want to connect from an external computer to one in my network it does not reply. I connect from 212.19.195.160 to 212.178.64.74 trough port 8080 The rule i made is: DNAT  net   loc:192.168.0.20:80  tcp  8080 - 212.178.64.74 (and 192.168.0.20 can be reached

Hello, I''ve finally managed to setup a firewall with freeswan 2.04 using the kernel crypto api (backported from kernel 2.6). (Almost) everything seems to work fine if I disable shorewall, but packets are filtered whe shorewall is active. I''ve already read a past thread on the subject and I followed all the hints and it actually partially works: my lan I can access the remote

Hi all, I''m new to shorewall and have been struggling with several problems for several days now. Most of them are solved, but one still persists. The firewall is running on my server under Debian Sarge (Kernel 2.6) I''ve got three network interfaces: ppp0 (DSL Internet) eth1 (lan) ath0 (wlan) eth1 and ath0 are bridged together to br0. The problem is, that Samba (also running

I''m having a problem with the Shorewall firewall and CUPS printing interfering with each other. My Linux firewall machine is acting as both a CUPS server and client for all of my tests. Shorewall 2.0.13 CUPS 1.1.22-2 Linux kernel 2.6.9 CUPS was working fine to print to my Epson C84 (network connected via a Netgear PS101 print server using lpd://PS101.IP.address/raw ) until I

Hi !, I have this problem. On a Mandrake 10.0 server with all the updates (Kernel 2.6.3-15mdk, iptables-1.2.9-7mdk and shorewall-2.0.3a-1mdk), one of our internal users have to FTP some files to our external web server. I think we have the correct configuration and rules in shorewall, and have read the http://www.shorewall.net/FTP.html document. Still, our users can''t FTP to the

Dear Community, sorry for the somewhat dumb question. Maybe someone has any pointer to how to setup the RED queue to mark pakets with ECN. In particular what are appropriate parameter settings for limit, min, max, etc. All my trials end up with either "RTNETLINK answers: Invalid argument", although the command line (at least for me) looks fine in regard to what is said on the

I''ve installed a bering box acting as a firewall for a lan; the lan is 192.168.1.0/24 the bering box is 192.168.1.254 I''ve installed a squid server 192.168.1.1 It is possible to configure shorewall for a transparent proxy to the squid server? I''ve tryed with REDIRECT loc loc:192.168.1.1:3128 tcp www - !192.168.1.1 in the rules file I get this error: Error:

---------- Original Message ---------------------------------- From: "Jim Van Eeckhoutte" <jim@vaneeckhoutte.com> Reply-To: <jim@vaneeckhoutte.com> Date: Mon, 8 Jul 2002 15:27:14 -0700 this is shorewall status output: tcp 6 431899 ESTABLISHED src=192.168.20.5 dst=64.4.12.45 sport=2185 dport=1863 src=64.4.12.45 dst=63.25.123.58 sport=1863 dport=2185 [ASSURED] use=1

the establishment of an openvpn link sometimes fails. I tracked it down to network traffic with wrong Sourceport in the answer packet (should be 1300 not 1024): 2 1.119309000 aaa.185.165 bbb.162.192 UDP 58 Source port: 1300 Destination port: 1300 3 1.119446000 bbb.162.192 aaa.185.165 UDP 66 Source port: 1024 Destination port: 1300 and a collateral entry in the connection tracking table

I have the need to know how many connection the server has, i run this command but i don't know how to sum all the results and get a final number. any ideas? netstat -an | grep -E 'tcp|udp' | awk '{print $6}' | sort | uniq -c | sort -n ?? 1 CLOSE_WAIT ?? 1 FIN_WAIT_2 ?? 1 LAST_ACK ?? 1 TIME_WAIT ?? 4 SYN_SENT ? 15 ? 37 LISTEN ? 44 ESTABLISHED

Hi, I run a small system with an older version of shorewall (1.4.2). It has been extremely solid for a long time. But recently I have noticed the connection table filling up, which has never happened before. My guess is that the box is getting hit with floods. The system only has 64M of ram and the conntrack_max is set to 4096 based on the ram. I have temporarily increased it to 8192 so that it

Typically (or at least somewhat occasionally) after a reboot of my shorewall[-lite] machine I find that I end up with conntrack table entries for unNATted connections such as: # conntrack -L -p udp --dport 5060 -d 99.232.11.14 udp 17 59 src=10.75.22.8 dst=99.232.11.14 sport=5060 dport=5060 packets=5472 bytes=3031488 [UNREPLIED] src=99.232.11.14 dst=10.75.22.8 sport=5060 dport=5060 packets=0

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and

Hi. I have strange troubles with DNATing UDP packets. The situation: 1. We have local network 10.10.0.0/16 2. We have a "server network" 192.168.1.0/25 connected with local network by a router 10.10.100.1 (other ip 192.168.1.1). 3. Web server is located at 192.168.1.2 4. There are HW pingers in the net 10.10.0.0/16 whose do ping 10.10.100.1 every second. The ping is the UDP packet

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49 ------- Additional Comments From laforge@netfilter.org 2003-02-14 08:39 ------- what patches from patch-o-matic do you use? Do you know how to reproduce this behaviour? ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

Hi, I get frequent logfile entries from Shorewall similar to the following: Nov 25 11:22:51 10.0.0.248 kernel: Shorewall:net2mill:DROP:IN=eth2 OUT=eth0 SRC=202.96.117.50 DST=10.0.0.10 LEN=56 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=ICMP TYPE=11 CODE=0 [SRC=10.0.0.10 DST=202.101.167.133 LEN=48 TOS=0x00 PREC=0x00 TTL=1 ID=13591 DF PROTO=TCP INCOMPLETE [8 bytes] ] Could someone explain what the

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

https://bugzilla.netfilter.org/show_bug.cgi?id=1203 Bug ID: 1203 Summary: 'DisableExternalCache On' seems to be broken Product: conntrack-tools Version: unspecified Hardware: All OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: conntrack-daemon Assignee:

Hi Rowland, On 18/07/19 15:52, Rowland penny via samba wrote: > my plan would be to: > > TURN OFF DC2 I did it on Friday afternoon after my numerous attempts to demote DC2 failed. This fixed one issue - made the network shares appear again across all clients. A new one has been discovered though on one of our CentOS 5.11 boxes. Any command (like sudo or ssh) that needs authentication