similar to: Said it wrong, but Did it right

Those are just late DNS replies--port 53 is DNS, and the IP you gave points to a DNS server (ns1.gci.net). "dig -x" is your friend :) The connection tracking table used by iptables to masquerade your internal network will only "hold open" a UDP connection for a certain amount of time; if no traffic flows in either direction, the entry in the connection tracking table will be

How does one interpret the mac addresses in the log which seem to have 14 segments... Example, this appears in the log... 00:40:c7:2e:09:c0:00:01:64:4a:70:00:08:00 Yet I can''t find that in the arp table norcomix:~ # arp -an ? (192.168.2.148) at 00:10:4B:6A:AE:E7 [ether] on eth1 ? (192.168.2.149) at 00:D0:B7:1D:F2:F2 [ether] on eth1 ? (24.237.19.16) at 00:10:DC:67:BA:80 [ether] on eth0 ?

The 3.1 Beta is now available -- check the Shorewall home page. -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net

Hello, Which port Smb4K uses? I am not able to use Smb4K on my server for the local network. Thanks Varun

Whilst configuring another shorewall firewall router for another site, I must have made some totally newbie error.... While directly on the cable modem, it works great. But when placed on the LAN side of my existing Shorewall box, the NEW shorwall box could not ping, or look up dns or anything else. If I shutdown shorewall (clear) in the NEW box then it could surf the net and ping etc. When

Begging indulgence of the list - asking here because due to the higher likelyhood of getting an answer... I have an application that often loses connection from one machine to another when one (or more) of the machines has particular brands of 1gig nics, but which runs rock solid when on 10meg nics and some 1 gig nics. The application senses (falsely) that the connection has been shut

Is there a new exploit out for SNMP lately? My shorewall is logging a lot of hits on UDP 161 lately. ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386

hi: Just a litle update: 41/8 allocated to AfriNIC (APR 2005). 73/8 allocated to ARIN (MAR 2005). hope it helps.

Hello, I''m a very happy user of shorewall but I have found a problem or maybe a misconfiguration I made which I can not resolve. I use a fairly large blacklist based on probes, nimda & codered attacks, proxy & relay probes etc. The only problem is that I want to block incoming trafic on all ports FROM a block but it does also block a httpd, ping etc TO a ip in a block what I do

Hello, I want VNC Server,which is outside my network ,add my VNC Client, which is behide shorewall box. How should I config the rule? TIA Thongchai

I''ve set up shorewall with the two-interface mode. pc #1 eth1 ---> ppp0 ---> Internet eth1: 10.10.10.254 eth0: 10.10.10.1 > via a crossover cable pc #2 eth0: 10.10.10.2 (gateway=10.10.10.254) I am able to surf the net with pc #1, but pc #2 is completely cut off from pc #1 and the net. I am also unable to ping from and to pc #2.

Hola and thanks for any help in advance I installed mandrake 9 a few days ago and wanted to set up some additional rules to shorewall, bu i failed :) What i want to do is basicly route any incomming udp and tcp packets on port 4665 to a workstation behind the router. router with mandrake 9, eth0 (192.168.0.1) internal net, eth1(10.0.0.0) connected to dsl modem and gets a dynamic ip

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DeveloperCube is a new project started by veterans of the web development industry. We are proud to announce that we are now the Official Shorewall Support Forum. We are an online community offering discussion geared towards web developers, designers, and administrators of all skill levels. There are topics ranging from how to market your website,

A violent wind storm is expected in western Washington state later today and such storms often produce power/communications outages. I''ll do what I can to keep things running here. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net

First of all, My apologies for this maybe slight OT post, but I have so much confidence and read so much good replies on this list, that I am still asking my question. I''m looking for a linux distribution to use on our school''s homemade routers. The routers are small miniITX based systems with 2 network interfaces. I added a 4 port D-Link network card in some cases, when I

Hi! I have a Linux shorewall firewall that is the default gw of the network. I want to redirect all localy originating traffic to port 80 into another machine on port 8002 into the local network. This machine is a WIN2000 machine running a commercial software (proxy, content filtering) that only runs into Windows... :-( I tried something like this but this doesn''t seem to work: local

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

The ''firewall'' and ''functions'' file in CVS together produce a 30%+ speedup of ''shorewall restart'' on my firewall when compared to 1.3.11a. Please test with these files -- I don''t anticipate making any more performance changes for 1.3.12 and I want to be sure that I didn''t break anything. -Tom -- Tom Eastep \ Shorewall

I''m using shorewall 2.0.x at home as an Internet gateway for family. However my brother always plays online games overnight, so my parents asked whether I can do something on the gateway to control the time of accessing the Internet. I planned to put a script on crontab to schedule which it will execute say at 12:00 night daily, the script will execute a command will deny my brother

Rafa³ Dutko has just discovered a potentially serious bug in version 1.3.0 and 1.3.1. In both versions, where an interface option appears on multiple interfaces, the option may only be applied to the first interface on which it appears. A corrected firewall script for 1.3.1 is available at: http://www.shorewall.net/pub/shorewall/errata/1.3.1/firewall and