Re: [Shorewall-users] Fallback in a multi-isp configuration

Note: Our setup is a CentOS 6 box, running Shorewall 4.5.4 (from the Prereqs: First off, you should print out the MultiISP document from the Shorewall website and start marking it up with notes: http://shorewall.net/MultiISP.html About 98% of the answers are in the MultiISP file or one of th

Re: [Shorewall-users] lsm configuration issues...

On 9/10/2013 11:24 AM, John Doe wrote: > > -- > /etc/lsm/lsm.conf > -- > > debug=8 > defaults { >name=defaults >checkip=127.0.0.1 >eventscript=/etc/lsm

Re: [Shorewall-users] Changing eth0 to VLANs

On 09/06/2013 02:03 AM, Tom Robinson wrote: > > ... > The problem is when I switch over to VLANning on Shorewall and the > switch I get lots of 'FORWARD:REJECT' log messages when internal clients > try to access the internet and lots of 'INPUT:DROP' log messages when > the clients try to reach the

Re: [Shorewall-users] Looking for a firewall device manager to work with shorewall

On 08/31/2013 05:41 AM, Alan McKay wrote: > Hey folks, > > I'm currently using the shorewall "blacklist" to control my kids' > access to the internet, and in general it works well but is a lot of > work. > > What I'm looking for is something I can run on my Linux firewall that > can do this for me.

[Shorewall-users] quagga zebra + shorewall Strange Problem

Hey all, I am setting up a new Firewall with Shorewall Version 4.5.20 iptables v1.4.18 Kernel 3.10.10 perl v5.16.3 v6.19, protocol version: 6 quagga 0.99.22.3 providers file is ISP110x100-vlan1010.0.11.1 track,loose - ISP220x200-vlan11

Re: [Shorewall-users] Block TOR

On 9/12/2013 10:05 AM, Göran Höglund wrote: > Hi > Are there any ideas how to block Tor exit nodes? > Well, first constraint is that you need to get a list of the TOR exit nodes. Such as finding a real-time black-hole list (a.k.a. RBL) tool. Or getting a list of the exit node IP addresses. htt

[Shorewall-users] DNAT

Hi, I need to port forward a number of external IPs to 1 server on a number of ports. At the moment I have: DNATnet loc:10.10.1.19 tcp 8 DNATnet loc:10.10.1.19 tcp 50 DNATnet loc:10.10.1.19

Re: [Shorewall-users] DNAT

On 09/12/2013 11:02 AM, PH wrote: > Hi, > > I need to port forward a number of external IPs to 1 server on a number of > ports. > At the moment I have: > > DNAT net loc:10.10.1.19 tcp 8 > DNAT net loc:10.10.1.19 tcp 50 > DNAT

[Shorewall-users] Block TOR

Hi Are there any ideas how to block Tor exit nodes? Regards Göran -- How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and global

Re: [Shorewall-users] DNAT

Thank you. That's what I needed. -Original Message- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: 12 September 2013 19:39 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] DNAT On 09/12/2013 11:02 AM, PH wrote: > Hi, > > I need to port forward a number of

Re: [Shorewall-users] shorewall-lite error at start

On 09/12/2013 11:04 AM, matt darfeuille wrote: > Hi, > > My main gateway is a router running on OpenWrt Barrier Breaker > r37816/ Kernel Version3.10.4. > > I installed shorewall-lite from openwrt's repo using opkg but while > trying to start shorewall-lite I get the folowing errors: > > The f

Re: [Shorewall-users] shorewall-lite error at start

On the Shorewall-lite box, what does 'shorewall-lite show config' produce? Tom teas...@shorewall.net http://www.shorewall.net -Original Message- From: matt darfeuille [mailto:matd...@gmail.com] Sent: Thursday, September 12, 2013 1:06 PM To: Shorewall Users Subject: Re: [Shorewall-users]

Re: [Shorewall-users] Fallback in a multi-isp configuration

Thanks. I will try that. -Original Message- From: Thomas Harold [mailto:thomas-li...@nybeta.com] Sent: Thursday, September 12, 2013 11:12 PM To: İlker Aktuna Cc: 'Shorewall Users' Subject: Re: [Shorewall-users] Fallback in a multi-isp configuration On 9/12/2013 3:25 PM, İlker Aktuna wr

Re: [Shorewall-users] Fallback in a multi-isp configuration

On 9/12/2013 1:12 PM, Thomas Harold wrote: > On 9/12/2013 3:25 PM, İlker Aktuna wrote: >> Hi Thomas, >> >> Thanks for this great detailed information. Unfortunately it is still >> not very clear for me what to write instead of your 999.999.999.999 >> example. My wan interfaces are ppp0 and ppp1 . T

Re: [Shorewall-users] shorewall alias interface

I didn't quite understand what you were asking but I'm going to answer what I think you're trying to do. Are you trying to allow 192.168.6.0/24 addresses to query your dns server (the firewall)? If you are you need to: I think you've got your DEST and SOURCE zones mixed. FOR DNS, there's a m

Re: [Shorewall-users] Fallback in a multi-isp configuration

Hi Thomas, Thanks for this great detailed information. Unfortunately it is still not very clear for me whast to write instead of your 999.999.999.999 example. My wan interfaces are ppp0 and ppp1 . They have dynamic IP addresses and their gateways are same because they connect to the same ISP. W

Re: [Shorewall-users] Block TOR

You could get the ips from here: http://torstatus.blutmagie.de/ And then block them by ip On Sep 12, 2013 7:30 AM, "Göran Höglund" wrote: > Hi > Are there any ideas how to block Tor exit nodes? > > Regards Göran > > > >

Re: [Shorewall-users] shorewall-lite error at start

I should have explained a bit more what I already did! I refollowed the provided link with the following steps: one generating the capabilities file on the firewall system then copying it along with shorewallrc to the administrative system. Then on the administrative system in the export director

Re: [Shorewall-users] shorewall alias interface

El 12/09/13 14:18, johnny bowen escribió: I didn't quite understand what you were asking but I'm going to answer what I think you're trying to do. sorry by my poor english :) Are you trying to allow 192.168.6.0/24 addresses to query your dns server (the firewall)?

Re: [Shorewall-users] Fallback in a multi-isp configuration

On 9/12/2013 3:25 PM, İlker Aktuna wrote: > Hi Thomas, > > Thanks for this great detailed information. Unfortunately it is still > not very clear for me what to write instead of your 999.999.999.999 > example. My wan interfaces are ppp0 and ppp1 . They have dynamic IP > addresses and their gateways

Re: [Shorewall-users] quagga zebra + shorewall Strange Problem

Does vlan11 go down down when you stop zebra? If it does try adding "optional" to the interface: vlan11eth?detectoptional On Thu, Sep 12, 2013 at 8:11 AM, HL wrote: > Hey all, > > I am setting up a new Firewall with > > Shorewall Version 4.5.20 > iptables v1.4.18 > Ker

Re: [Shorewall-users] How to Logging FORWARD

Thanks for your reply, but I already use fail2ban with shorewall, I'm wanting to adjust the fail2ban to work with ultrasurf rules, rules for vfstp, ssh, apache are working well. UltraSurf not 2013/9/11 Tom Eastep > On 09/11/2013 05:49 AM, Joseh-Henrique Cetano de Brito e Silva wrote: > > I'm fo

Re: [Shorewall-users] How to Logging FORWARD

On 9/12/2013 4:35 PM, Joseh-Henrique Cetano de Brito e Silva wrote: > Thanks for your reply, but I already use fail2ban with shorewall, I'm > wanting to adjust the fail2ban to work with ultrasurf rules, rules for > vfstp, ssh, apache are working well. UltraSurf not Try something like this: DROP

Re: [Shorewall-users] shorewall-lite error at start

I get the following while running the requested command root@OpenWrt:~# shorewall-lite show config Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite Default VARDIR is /var/lib/shorewall-lite LIBEXEC is /usr/lib SBINDIR is /usr/sbin CONFDIR is /etc LITEDIR is /etc/shorewall-lite/

Re: [Shorewall-users] shorewall-lite error at start

On 9/12/2013 5:23 PM, matt darfeuille wrote: > I get the following while running the requested command > > root@OpenWrt:~# shorewall-lite show config > Default CONFIG_PATH is /etc/shorewall-lite:/usr/share/shorewall-lite > Default VARDIR is /var/lib/shorewall-lite > LIBEXEC is /usr/lib > SBINDIR i

Re: [Shorewall-users] shorewall-lite error at start

I'm running shorewall 4.5.18 and shorewall-lite 4.5.7 MD On 12 Sep 2013 at 17:45, Tom Eastep wrote: Date sent: Thu, 12 Sep 2013 17:45:24 -0700 From: Tom Eastep To: shorewall-users@lists.sourceforge.net Subject:Re: [Shorewall-users] shorewall-lite error at start Send reply to

[Shorewall-users] shorewall-lite error at start

Hi, My main gateway is a router running on OpenWrt Barrier Breaker r37816/ Kernel Version3.10.4. I installed shorewall-lite from openwrt's repo using opkg but while trying to start shorewall-lite I get the folowing errors: The first error i got was "scp: /var/lib/shorewall-lite: No such file

Re: [Shorewall-users] shorewall alias interface

First I need to gather a little information. It sounds like you have two subnets connected to the same switch which are then connected to one ethernet port that has an alias on it. Why are you using two subnets? If you need dhcp on both subnets when a client connects to network it will make a bro