Displaying 20 results from an estimated 20000 matches similar to: "dropping an existing connection"
2002 Apr 26
9
port forward from local net to local machine
Hi!
I have a Linux shorewall firewall that is the default gw of the network.
I want to redirect all localy originating traffic to port 80 into another
machine on port 8002 into the local network.
This machine is a WIN2000 machine running a commercial software (proxy,
content filtering) that only runs into Windows... :-(
I tried something like this but this doesn''t seem to work:
local
2002 Oct 23
23
"basic two-interface" setup problem
Hi,
I installed the shorewall 1.3.8-2 debian package to my debian testing
machine which serves as the gateway to the internet. Since I have two
other machine connect to internet thru this gateway machine, I also
downloaded the configuration guide for "basic two-interface firewall"
and
followed the instructions. When I try to start the shorewall I get the
following message and can not
2002 Jun 15
4
Serious Bug found in Shorewall 1.3.x
Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0
and 1.3.1. In both versions, where an interface option appears on multiple
interfaces, the option may only be applied to the first interface on which
it appears.
A corrected firewall script for 1.3.1 is available at:
http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall
and
2002 Dec 07
6
More speedups in CVS
The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup
of ''shorewall restart'' on my firewall when compared to 1.3.11a.
Please test with these files -- I don''t anticipate making any more
performance changes for 1.3.12 and I want to be sure that I didn''t break
anything.
-Tom
--
Tom Eastep \ Shorewall
2002 Sep 29
3
Shorewall 1.3.9
Shorewall 1.3.9 is available.
In this release:
1. DNS Names are now allowed in Shorewall config files (I still recommend
against using them however).
2. The connection SOURCE may now be qualified by both interface
and IP address in a Shorewall rule.
3. Shorewall startup is now disabled after initial installation until
the file /etc/shorewall/startup_disabled is removed.
4. The
2002 Nov 20
3
Spam vs. Viruses
I have purchased a license for Vexira MailArmor (an antivirus product) and
the good news is that it is installed and working at shorewall.net. The bad
news is that I have yet to get Vexira running together with SpamAssassin :-(
As things currently stand, list posts will be protected from viruses but
may contain Spam. I''ll continue to work to correct this situation.
-Tom
--
Tom Eastep
2002 Apr 17
3
not quite a shorewall question but..
does anyone know how to enable the "udp loose" function in kernel 2.4.x? one
of my fave games requires this to work on the net and i''d really like to
move away from the 2.2 series kernels.
tia
2002 Nov 11
11
Shorewall Documentation in PDF format
Hey gang,
I was wondering if all that documentation could or has been put into
PDF format. I usually like to download documentation and read it while
I''m sitting comfortably at home and I don''t want to tie up the phone
line all night.
Thanks,
Nino
p.s. If so, please feel free to attach the PDF formatted document to my
e-mail ;-)
2002 Jul 25
5
Shorewall 1.3.5
This will be the last Shorewall release for a while as I''m going to be
focusing on Documentation.
In this release:
1. Empty and invalid source and destination qualifiers are now detected
in the rules file. It is a good idea to use the ''shorewall check''
command before you issue a ''shorewall restart'' command be be sure
that you don''t
2002 Aug 20
5
how to limit connections from certains inet subnet the best way?
Hello all,
i am new to shorewall and i already have a question ;)
i am running a mailserver in my dmz (or actually this will be when =
evertything will be working fine with shorewall) with public ip =
addresses.. i have a subnet of 8 ip addresses (255.255.255.248 mask) and =
i was planning of the classic 3 nic (eth0-2) setup... the dmz should =
work with proxy-arping...=20
now my quesion is
2002 Mar 20
3
Shorewall 1.2.10
This is a minor release of Shorewall.
In this release:
1. A "shorewall try" command has been added. This command attempts to
restart Shorewall using an alternate configuration and if that
attempt fails, Shorewall is automatically started with the default
configuration. This is useful for remote administration where a
failed restart of Shorewall can leave you isolated from
2002 May 17
19
Shorewall 1.3 Beta 1
The 3.1 Beta is now available -- check the Shorewall home page.
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Aug 06
8
converting MASQ from ipchains
Hello,
on my old system I''m using ipchains. Can anyone help me with converting rule
/sbin/ipchains -A forward -j MASQ -s source_addr -d destination_addr 443 -p tcp
to shorewall. I know that I can write
eth0 source_addr
to /etc/shorewall/masq file
but I can''t found where I can specify the destination address.
The reason for this is to allow one user (computer) access only to
2002 Nov 14
5
navigation problems
I am trying to move from MS Windows (of which I am a std user) to Linux and, 10 days ago, I installed Mandrake 9.0, everything is OK except for WEB navigation: even if surely connected, I cannot navigate and the browser answer is always:...host unknown..
Apparently the problem is the firewall (Shorewall) installed by default that rejects all comunication, infact looking in the Firewall settings
2002 Nov 22
3
ftp on 80 port
Still not working
I really have to change 21 port on 80 port, my friend has only www and mail
on his netwok. He has rigorous admin.
I have done :
!! in proftpd.cof :
# Port 21 is the standard FTP port.
Port 80
!! in /etc/shorewall/modules:
loadmodule ip_conntrack_ftp ports=21,80
loadmodule ip_nat_ftp ports=21,80
AFTER THAT AND RESTARTTING PROFTP AND
2002 Dec 05
7
New in CVS
The ''firewall'' script currently in the /Shorewall CVS project:
a) Is approximately 15% faster starting/restarting on my configuration --
please report your experiences with it.
b) Reloads Traffic Control/Shaping as part of "shorewall refresh"
c) Turns off the shell trace after an error has occured (except when the
command being traced is "stop" or
2002 Sep 29
7
[Fwd: Building custom _updown script for freeswan to make it talk with shorewall]
Tuomo Soini wrote:
> You don''t happen to read shorewall-devel mailinglist ?
I read it -- I just didn''t know what to make of your post and it arrived
while I was on vacation.
What exactly are you trying to accomplish that Shorewall isn''t doing for
you now?
e.g.
/etc/shorewall/zones
rw Roadwarriors Road Warriors
/etc/shorewall/interfraces
rw ipsec+
2002 May 14
2
Shorewall.net is back up
Let me know if there are any problems.
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Nov 12
3
''all'' in rules file
I have implemented the ability to specify ''all'' in the SOURCE and
DESTINATION columns of the rules file and I''m not sure I like the result.
The code is in CVS if any of you are interested in giving it a try. If you
do try it, please let me know what you think.
If you specify ''all'' in those columns it must not be qualified (may not be
followed by
2002 Apr 26
4
Burn Out
I think that the time has come for me to back off a bit from my
involvement with Shorewall. I just don''t have enough cycles (or energy) to
keep up the pace of the last several months. As a consequence, I''m going
to do the following:
1. I''m going to stop personally supporting the entry level tools (samples
and quick start guide).
These tools are a source of constant