similar to: R-beta: Become our Partner

Hi everyone, I see that shorewall has "ratelimit" but i''m interested in deny conexions by number of them, not by number/sec. Is connlimit feature supported by shorewall? Or maybe someone have an extraofficial patch for them? Regards, Angel Mieres ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT

Hello, I changed the log path in shorewall.conf, LOGFILE=/var/log/messages to LOGFILE=/var/log/shorewall, and then I touched the shorewall file in /var/log, permission root:root 600, after shorewall restart, no logging messages appear in /var/log/shorewall. so how can I fix this problem ? Thanks !! _______________________________________ YM - 離線訊息

Hi, How can only allow http,ftp,smtp define on outgoing rules ? Thanks _______________________________________ YM - 離線訊息 就算你沒有上網，你的朋友仍可以留下訊息給你，當你上網時就能立即看到，任何說話都冇走失。 http://messenger.yahoo.com.hk ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and

Hello All, is it good to DROP all packets coming from net to other zones, like dmz, loc & fw? or should I REJECT Here is my Policy for packets from net: net $FW DROP info net loc DROP info net dmz DROP info net all DROP info all all

Hi all I need to create following rule (described): All connections from any zone going to server 80.1.1.1 on port 210 in zone DMZ should be redirected to that same IP in same zone but on port 200 So basically for all zones I want to redirect requests for port on server to different port on same server. None of the examples i found in documentation, FAQ or mailing list cover this particular

Hi i don''t understand if i can add Trafic Shaping on a Alias ... I have a lot of Interface with Vlan and i want add QoS on ... i have put into tcdevices: eth1.2002 1900kbit 1900kbit eth1.2003 1900kbit 1900kbit eth1.2004 1900kbit 1900kbit eth1.2005 1900kbit 1900kbit but after i have read this: You may NOT specify the name of an alias (e.g.,

Hi All I have the following setup Users ------- Machine A ----------- Machine B ----------- Machine C >From machine A to B: Ipsec VPN Allows 192.168.10.0/24 (Users) to connect to 192.168.20.0/24 (Network on machine B) >From machine B to C: Ipsen VPN Allows 196.44.33.118 to coccent to 192.168.241.65 (machine C) I want to rewrite 192.168.20.33 to 192.168.241.65 This can be done

When using v2 we would modify the saved /var/lib/shorewall/restore file to modify logging so we had separate counts by the physical device the packets (actually, NEW connections, not total packet counts), such as: -A LogStuff -j LOG etc -A LogStuff -m physdev --physdev-in eth1 -j DROP -A LogStuff -m physdev --physdev-in eth2 -j DROP which gave us an idea where dropped traffic cam from

Hi all Hi everyone Shorewall 3.2.6 and OpenSWAN 2.4.4-18.2 are on SLES10 machine with public fixed IP address on Internet interface. I am trying to establish IPSEC VPN tunnel to network behind D-Link DI-804HV VPN router who is on dynamic IP address. For this I am using dyndns.org alias on DI804 side. Shorewall is stopping all packets comming from DI804 whey trying to establish tunnel. Log on

Hi i want see if my QoS are good because i am not very sure ... the VoIP quality are not very good when i download. I have on my Linux routeur/Firewall Asterisk .. and i have into my config : ================================================ tcdevices: eth0 2000kbit 2000kbit tcclasses: eth0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc eth0 2 full/4 full

Via creative use of the instructions at http://shorewall.net/Multiple_Zones.html#id2497549. But can a zone (in shorewall/interfaces) reference multiple interfaces? I have two openvpn instances running on my server, one bridged (for upstream access to some client vpn''s so I don''t have to request the clients add new subnets to their routing tables) and one routed (for nailed

Now I step by step to configure Shorewall to match my school environment, the following error when I restart the Shorewall. ..End Macro iptables v1.2.11: Unknown arg `--sports'' Try `iptables -h'' or ''iptables --help'' for more information. ERROR: Command "/sbin/iptables -t nat -A loc_dnat -p tcp --sports !

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

I just installed stock shorewall-3.4.2 and shorewall-perl-3.9.0 under Cygwin on this Windows XP system. I downloaded the two-interface sample and modified shorewall.conf by adding "SHOREWALL_COMPILER=perl". I copied a capabilities file from my desktop and: teastep@EASTEPNC6000 ~/Configs/test $ shorewall check . Checking... Checking /home/teastep/Configs/test/zones... Checking

Here is my config: dubenda:~ # shorewall version 3.2.1 dubenda:~ # ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hello All I installed shorewall 3.0.8 on Centos 4.3 with openvz.org kernel it work well i have in this Host 3 virtual servers (VPS) i can access from a VPS to the internet , and with NAt rule (Via Shorewall) i can access from Internet to the 3 VPS. i want that all the 3 VPS can communicate between them. i can''t do a tcp connection from a VPS to an other , in my shorewall log in the

Hello, today I came to my job and I noticed that apache is not running. When I tried to run it, I learned that port 80 uis already in use. Using netstat -aenpl I tried to learn wha proces is using port 80, but I only leatned this: tcp 0 0 172.16.0.1:80 172.16.0.1:35664 SYN_RECV 0 0 - tcp 0 0 172.16.0.1:80 172.16.0.1:43464 SYN_RECV 0 0 - tcp 0 0 172.16.0.1:80 172.16.0.1:33764 SYN_RECV 0 0 - tcp

I am completely new to this.. I am trying to make simple traffic control.. I have read quite some manuals and posts that i found, but i don''t understand much, i think.. My situation is: i have linux server which i am using for firewall for local network.. also on same linux server i have torrentflux for downloading torrents.. What i want to do is to give priority to local clients(2-3

Hi all ... Happy to be back for a question/suggestion again .... I came accross this weird situation. I take care of a site running shorewall 3.0.5 in the firewall and qmail in the DMZ ( mail server ). A remote clients smtp server denies to accept more than one incomming smtp connections from my site :-(. In my site users are always sending mail to this server ( 50 - 60 per day ). So