similar to: Q: Does shorewall have a way to log connections processed by rules?

The 3.1 Beta is now available -- check the Shorewall home page. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Shorewall 1.3.4 is available: 1. A new /etc/shorewall/routestopped file has been added. This file is intended to eventually replace the routestopped option in the /etc/shorewall/interface and /etc/ shorewall/hosts files. This new file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped

Good day, I have tried to forward port 8888 on the firewall to port 80 on an internal IP of 10.40.0.202. Please advise which rule to add to the rules file to achieve this. I have tried to add DNAT net loc:10.40.0.202:80 tcp 8888 But still no luck TIA for you assistance Quentin

Hi all wondered if you could help me with this little problem I have. I''m wanting to connect my Xbox to the net for gaming and have the following set-up 3 interfaces on my Linux box eth0 :net (connected to my cable modem) eth1 :me (IP range 192.168.3.0) eth2 :loc (IP range 192.168.0.0) My Xbox is connected through a hub to eth2 I need to forward TCP and UDP packets to my PC which is

Hi, I''m trying to get RAdmin [uses tcp 4889] access to my Windows machine which is behind my firewall. I have zones: gbl : the world loc : my lan fw : firewall I placed the following in my rules file DNAT gbl loc:192.168.0.2 tcp 4889 - When trying to RAdmin I get a cannot conect to server error. 192.168.0.2 is my Windows Machines IP address. Can anyone help me? Shorewall 1.3.9b

Hi I am using a small script that monitors my webservers from inside. If it does not find the test page on the primary webserver it flips DNAT to point to the hot backup webserver. This is the command that it uses: iptables -t nat -D PREROUTING -i eth0 -p tcp -d 65.211.35.209 -j DNAT --to 192.168.1.151 iptables -t nat -A PREROUTING -i eth0 -p tcp -d 65.211.35.209 -j DNAT --to 192.168.1.30

Hi all, I needed to have a kind of MAC support for rule servers as I do DNAT to hosts that are served by a DHCP server. So I did the following : When Shorewall script find a MAC address as a server, it tries to get his IP thru the arp table and then "resolve" the ARP address to the IP address of the client. Of course the main limitation of this is that you''ll have to

The ''firewall'' script currently in the /Shorewall CVS project: a) Is approximately 15% faster starting/restarting on my configuration -- please report your experiences with it. b) Reloads Traffic Control/Shaping as part of "shorewall refresh" c) Turns off the shell trace after an error has occured (except when the command being traced is "stop" or

I want to talk with my friend with microfon with program speak freally. He has firewall (shorewall) on his linux serwer and has other computer as a client and I have the same network connected winh internet. This program use port 2074 to communicate. We have done something like this : DNAT net local:192.168.1.6 tcp 2074 DNAT net local:192.168.1.6 udp 2074 on linux serwer with shorewall (rules

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >

Still not working I really have to change 21 port on 80 port, my friend has only www and mail on his netwok. He has rigorous admin. I have done : !! in proftpd.cof : # Port 21 is the standard FTP port. Port 80 !! in /etc/shorewall/modules: loadmodule ip_conntrack_ftp ports=21,80 loadmodule ip_nat_ftp ports=21,80 AFTER THAT AND RESTARTTING PROFTP AND

I''m beginning to believe that the use of the last column in the rules file to designate redirection/forwarding is too subtle for many users. For 1.3, I think I''ll do something like the following: Current rule: ACCEPT net loc:192.168.1.3 tcp 80 - all New rule: FORWARD net loc:192.168.1.3 tcp 80 Current rule: ACCEPT net fw::3128 tcp 80 - all New rule: REDIRECT net

Helo to all, I am attempting to establish an IPSEC tunnel to a remote freeswan G/W with my laptop. My laptop sits in behind shorewall at home. From the documentation, this is what I Modified in Shorewall: /etc/shorewall/tunnels: ipsec loc 24.65.x.x /etc/shorewall/policy vpn loc ACCEPT loc vpn ACCEPT My question is, have I left anything out?

Hi all Is it possible to just forward port to local computer but not give open access for that port? If I''ve understood right that this rule does give ACCESS from net to loc too: DNAT net loc:192.168.1.5 udp 7777 What I''m trying to say is that it would work so that everything that''s coming from net to that local computers port is DROPed or REJECTed if it''s

Hi, I''ve installed Emule (p2p program) on my client box but I can''t access the servers due to the firewall. I''m getting this blocking errors: Jan 22 01:26:07 servidor kernel: Shorewall:net2all:DROP:IN=eth1 OUT=eth0 SRC=213.22.49.86 DST=192.168.0.3 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=50538 DF PROTO=TCP SPT=46408 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 My rules file

Greetings, I am trying to set up a "Public" share that visitors who do not have accounts in our system have ro access to, while staff members (who do have accounts) have rw access. Our department has visitors who plug laptops into our network who will only be there once, and want to copy some of our software. However, with the following share definition, staff have rw access, but

Shorewall 1.3.9 is available. In this release: 1. DNS Names are now allowed in Shorewall config files (I still recommend against using them however). 2. The connection SOURCE may now be qualified by both interface and IP address in a Shorewall rule. 3. Shorewall startup is now disabled after initial installation until the file /etc/shorewall/startup_disabled is removed. 4. The

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and

does anyone know how to enable the "udp loose" function in kernel 2.4.x? one of my fave games requires this to work on the net and i''d really like to move away from the 2.2 series kernels. tia

Hi all! I posted earlier about the proxy arp configuration = http://shorewall.sourceforge.net/shorewall_setup_guide.htm#NonRouted, = and was probably not sufficiently knowledgeable on the subject. I''ve = gone through a bunch of documents on proxy arp, subnetting with proxy = arp and the documentation at shorewall, and have come up with a setup = that would be perfect for the job at hand