Re: [Shorewall-users] problem with rules accept traffic to all zones except firewall (all-)

2008-09-09 Thread Hans
Tom Eastep wrote: > Hans wrote: > >> In doc is written that all- means "All zones except firewall", so why I >> still can connect to firewall from WANs and VLANs. >> When I check log "Accept wan fw" "Accept wan2 fw" "Accept >> vlan2 fw" are created. > > Which version of Shorewall are

Re: [Shorewall-users] Please help in rule setup

2008-09-09 Thread Tom Eastep
Ricardo Kleemann wrote: Where can I find a description of the output for show connections? I see the command syntax and description but not for the actual output. The output is not produced by Shorewall -- depending on your kernel version, it is produced either by cat /proc/net/ip_c

Re: [Shorewall-users] Fwd: internet problems after shorewal restart

2008-09-09 Thread Fabio Correa
Hi :) humm when i modify the rule file for exemple, i have to "/etc/init.d/shorewall restart" for my changes get effect. after that my internet gets slow...to get my internet work fine again i just reconnect the interface. this is the problem. i think now i was more clear :) sorry, my english su

Re: [Shorewall-users] Please help in rule setup

2008-09-09 Thread Tom Eastep
Brad wrote: Let me try to explain what I mean. If I look at netstat output, I can see things like this: tcp0 0 :::192.168.1.245:25 :::202.63.164.4:53400 ESTABLISHED tcp0 0 :::192.168.1.245:25 :::8.12.43.34:2616 TIME_WAIT tcp 12 0 ::

Re: [Shorewall-users] Please help in rule setup

2008-09-09 Thread Brad
> Let me try to explain what I mean. If I look at netstat output, I can see > things like this: > > tcp0 0 :::192.168.1.245:25 :::202.63.164.4:53400 > ESTABLISHED > tcp0 0 :::192.168.1.245:25 :::8.12.43.34:2616 > TIME_WAIT > tcp 12 0

Re: [Shorewall-users] Please help in rule setup

2008-09-09 Thread Ricardo Kleemann
Martin, First I'd like to thank you for your patience. One of the things that is confusing to me is related to outbound traffic. Figuring out the inbound traffic is easy, since I know all the services provided. But determining the outbound to me I see it as a lot more complicated, certainly be

Re: [Shorewall-users] Please help in rule setup

2008-09-09 Thread Martin Leben
Hi Ricardo, (Trying to offload Tom a bit.) The single most important thing I have to say is this: From your original mail it seems like at least one of your machines is infected/pwned/trojaned/rooted. In that situation the first and most important thing to do is to identify WHICH

Re: [Shorewall-users] dynamically adding rules when hosts connect

2008-09-09 Thread Tom Eastep
Tom Eastep wrote: Brian J. Murrell wrote: On Mon, 2008-09-08 at 20:32 -0700, Tom Eastep wrote: Which assumes that the only type of ipset worth creating is iphash -- beware. Indeed. As an aside, by the time the compile script is executed, have all of the config files been opened and their dat

Re: [Shorewall-users] dynamically adding rules when hosts connect

2008-09-09 Thread Tom Eastep
Brian J. Murrell wrote: On Mon, 2008-09-08 at 20:32 -0700, Tom Eastep wrote: Which assumes that the only type of ipset worth creating is iphash -- beware. Indeed. As an aside, by the time the compile script is executed, have all of the config files been opened and their data enumerated into p

Re: [Shorewall-users] Fwd: internet problems after shorewal restart

2008-09-09 Thread Tom Eastep
Fabio Correa wrote: -- Forwarded message -- From: *Fabio Correa* <[EMAIL PROTECTED] > Date: 2008/9/8 Subject: internet problems after shorewal restart To: shorewall-users@lists.sourceforge.net hello al

Re: [Shorewall-users] problem with rules accept traffic to all zones except firewall (all-)

2008-09-09 Thread Tom Eastep
Hans wrote: In doc is written that all- means "All zones except firewall", so why I still can connect to firewall from WANs and VLANs. When I check log "Accept wan fw" "Accept wan2 fw" "Accept vlan2 fw" are created. Which version of Shorewall are you running? Are you using Shore

[Shorewall-users] Fwd: internet problems after shorewal restart

2008-09-09 Thread Fabio Correa
-- Forwarded message -- From: Fabio Correa <[EMAIL PROTECTED]> Date: 2008/9/8 Subject: internet problems after shorewal restart To: shorewall-users@lists.sourceforge.net hello all. I have a strange problem with my firewall...always i have to do a shorewall restart, the internet g

[Shorewall-users] problem with rules accept traffic to all zones except firewall (all-)

2008-09-09 Thread Hans
Hi! I want use shorewall with vyatta router. I want forward traffic between 2 wan connections and a few vlans. Interfaces: wan eth1 wan2 eth2 vlan2 eth3.2 vlan3 eth3.3 ... Default policy drops all possible traffic. In rules: ACCEPT wan all- ACCEPT wan2all- ACCEPT