similar to: Blocking rfc1918 addresses with one exception

Shorewall version 2.2.1 2 Interface setup. eth1: 10.10.1.3 eth0: 192.168.1.2 modem is 192.168.1.1 I need to be able to connect to my adsl modem, but when shorewall is up I get connection rejected. I have added "192.168.1.1 RETURN" above the line "192.168.0.0/16 logdrop # RFC 1918" in "/etc/shorewall/rfc1918" but still getting connection rejected Is there

Andy Wiggin has contribued a Python program that reads http://www.iana.org/assignments/ipv4-address-space and creates a list of reserved subnets suitable for inclusion in /etc/shorewall/rfc1918. The list produced by Andy''s program will be included in the rfc1918 file included in version 1.3.2 (it''s available now from CVS). Thanks Andy! -Tom -- Tom Eastep \ Shorewall -

Is my RFC1918 file obsolete? I have been assigned an ip in the 83.0.0.0/8 range, and of cource a lot of Shorewall systems drop me with a RFC1918 error. So, is my ISP actually giving me a RFC1918 IP, or am I missing something? .

--kXdP64Ggrk/fb43R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello everyone, I''m using Shorewall 1.2.12-1 on Debian 3.0, with the 2.4.17 kernel. I am seeing some interesting log entries, and after reading the documentation at Google and netfilter.org I have a couple questions. To begin, here are the entries I am

I just found this in my firewall log: May 10 08:58:00 fire2 kernel: Shorewall:rfc1918:DROP:IN=eth0 OUT=eth1 SRC=10.10.10.1 DST=192.168.0.3 LEN=66 TOS=0x00 PREC=0xC0 TTL=254 ID=37790 PROTO=ICMP TYPE=11 CODE=0 [SRC=X.X.X.X DST=65.108.14.222 LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=62741 PROTO=UDP INCOMPLETE [6 bytes] ] (bracketed source IP removed for anonymity - it is the public IP address of my

I came across a problem when one of our clients was not able to access any of the servers on our network. This person has never connected to us before and now for this first time was trying to do it from his home is Houston, TX using earthlink cable service provided by Time Warner. All this information, I think, is important because when I started examining my shorewall logs I found out

Hi, I installed the shorewall 1.3.8-2 debian package to my debian testing machine which serves as the gateway to the internet. Since I have two other machine connect to internet thru this gateway machine, I also downloaded the configuration guide for "basic two-interface firewall" and followed the instructions. When I try to start the shorewall I get the following message and can not

Please, help me. Can i forbid and how any outgoing traffic (ping,trace) to rfc1918 networks on my external interfaces? Thank you very much. Aleksandr -------------------- Продукция AcmePower - это зарядные устройства, аккумуляторы формата АА и ААА, сетевые адаптеры, аккумуляторные батареи для фото и видеокамер, ноутбуков и PDA. Гарантия минского сервисного центра.

I have several computers connected to the internet through a DSL router that assigns rfc1918 (192.168.1.x) addresses to the systems connected. I have a server where shorewall is installed with one interface eth0, with a static ip (192.168.1.3). The router is configured to forward all connections from the internet to the linux server. I''d like to know how I can configure shorewall to

In my peculiar setup I need my shorewall router to do one-to-one NAT with RFC1918 addresses. The "external" addresses are 10.215.0.0 and the internal addresses are 192.168.0.0. I can ping, vnc, http, smb from 10.215.144.48 to 10.215.145.237 which is 192.168.44.237 internally. >From 192.168.44.237 I can do http, rdp, ping to 10.215.0.0 hosts. So all seems fine except for the fact

I don't know if this is the right place, but it is a place to start. I have two machines in a co-location facility. They are both on the same physical network segement and have real internet addresses and RFC1918 addresses. We get charged for traffic which goes across the "real" internet addresses which is part of the purpose for the RFC1918 network. The problem is connecting

Updated rfc1918 and bogons files are now available: rfc1918 for Shorewall 2.0.0 and earlier: http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 bogons for Shorwall 2.0.1: http://shorewall.net/pub/shorewall/errata/2.0.1/bogons Thanks go to Thomas Backlund for pointing out that the file was out of date. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool

A new rfc1918 file that reflects the recent IANA allocation of 222/8 and 223/8 may be found at: http://www.shorwall.net/pub/shorewall/errata/1.3.14/rfc1918 ftp://ftp.shorewall.net/pub/shorewall/errata/1.3.14/rfc1918 -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

Hi, all I'm trying to implement kms for pre-nv50 in last cuples of days. My current work[1] is based on the code of nv50 kms & ddx. Basicly, I just blindly port the code to kernel land :). I think I'm getting very close to working state, but it still doesn't work. Current state: 1) vbios parser is synced with ddx 2) i2c works 3) Something shows on internel LVDS panel and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To reflect recent allocations by the IANA, the following files are available: For Shorewall 2.0.0b and earlier: http://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 ftp://shorewall.net/pub/shorewall/errata/1.4.10/rfc1918 For Shorewall 2.0.1 and later: http://shorewall.net/pub/shorewall/errata/2.0.10/bogons

Hi, thanks for a great piece of software! ...at the moment I have a commercial VPN box, which also acts as our firewall. I wish to replace this firewall functionality with a decicated Shorewall firewall, and use the VPN box only for VPN traffic. At the moment, this VPN/Firewall box is at an internet visible address, x.x.x.85 I wish to make the new Shorewall fireall x.x.x.85 and move the VPN to

Hello all, The reserved addresses list seems to be in flux more lately. Since I have several servers that all run Shorewall, updating /etc/shorewall/rfc1918 has become a little tedious. I put together a shell script that can download the latest file, write a new /etc/shorewall/rfc1918 and restart Shorewall. I run this from a cron job and now don''t have to pay much attention to keeping

Hi I had this problem that shorewall blocks all traffic from net when norfc1918 rule is given to my eth0 (net ethernet card). I''ve added: run_iptables -I rfc1918 -s 192.168.7.10 -j ACCEPT To start file but that didn''t help. My configuration: ADSL modem has static 10.***.***.*** ip address to net (ISP does NAT conversion) and my modem does Nat conversion and my firewall eth0

Hi There, we only have a /29 internet routable network from our ISP and a Cisco 1601 router with serial interface doing all the routing. I was thinking of replacing that cisco with a linux box with a sangoma card, also using quagga with ospf on for my internel networks has anyone have expierence with this? thanks Sew

Hello, I have disable_plaintext_auth=yes enabled. ( dovecot-2.0.12 ) But for one internel host I like to allow plaintext. Can somebody point me to the configuration ? I did not found it in the wiki2 ... Thanks Andreas -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429