If you want a cleaner log file, create this file
/etc/rsyslog.d/00-shorewall.conf :
if $msg contains 'Shorewall' then {
action(type="omfile" file="/var/log/shorewall.log")
# if ($syslogfacility == 0 and $syslogseverity >= 4) then stop # warning
# if ($syslogfacility == 0 and $syslogseverity >=
Tom
I attempted to follow the instructions below. But I failed the
gzip test.
Jim
On 12/12/2017 03:27 PM, Tom Eastep wrote:
On 12/12/2017 03:07 PM, jamby wrote:
Tom
On my system I get a file "shorewall-init.log" is that the dump you
referring to? Otherwise most messages
Tom
I think I got it right in the later message with the
shorewall_dump.txt file.
Bill
It originally was /var/log/messages but I changed it to
/var/log/shorewall but nothing ever is written there.
Even after the change it was writing to /var/log/messages. I was
hoping to have a
On 12/12/2017 03:23 PM, jamby wrote:
> Tom & Bill
>
> Attached is the output of the "shorewall dump" command.
>
> I changed LOGFILE = /var/log/shorewall but nothing is ever written
> there.
>
Now, neither of your ethernet interfaces has an IP configuration. Looks
like you messed
On 12/12/2017 03:23 PM, jamby wrote:
> Tom & Bill
>
> Attached is the output of the "shorewall dump" command.
>
> I changed LOGFILE = /var/log/shorewall but nothing is ever written
> there.
>
As described in the shorewall.conf manpage and in the FAQs, LOGFILE does
NOT specify where
You were posting excerpts from a log file earlier. Which one was it?
/var/log/messages ? That's where they would be on a Fedora 22 system.
Your shorewall.conf should have:
LOGFILE=/var/log/messages
Bill
On 12/12/2017 6:23 PM, jamby wrote:
Tom & Bill
Attached is the output of the
On 12/12/2017 03:07 PM, jamby wrote:
> Tom
>
> On my system I get a file "shorewall-init.log" is that the dump you
> referring to? Otherwise most messages get dumped into the
> /var/log/messages log file.
>
Here are the instructions from the URL I posted:
If Shorewall is starting
Tom & Bill
Attached is the output of the "shorewall dump" command.
I changed LOGFILE = /var/log/shorewall but nothing is ever written
there.
Thanks
Jim
On 12/12/2017 02:39 PM, Tom Eastep wrote:
On 12/12/2017 01:16 PM, jamby wrote:
Bill
from the FW I can ping out into the
I'm setting up IPSec (LibreSwan) to come into my router. (a CentOS VM)
At 127.0.0.1 in the router are ports 500 and 4500 (which are reverse SSH
tunneled from another machine).
Rather than flanging those ports directly to the outside interface in
the router, I'm hoping for a little added
Tom
On my system I get a file "shorewall-init.log" is that the dump you
referring to? Otherwise most messages get dumped into the
/var/log/messages log file.
Jim
On 12/12/2017 02:39 PM, Tom Eastep wrote:
On 12/12/2017 01:16 PM, jamby wrote:
Bill
from the FW I can ping out into
On 12/12/2017 01:16 PM, jamby wrote:
> Bill
>
> from the FW I can ping out into the internet. And Firefox will
> connect to websites.
> But from 192.168.2.8 neither will work. And nothing shows up the
> messages file.
>
> As frustrated as I am, I am sure its worse for you since you can't
Bill
from the FW I can ping out into the internet. And Firefox will
connect to websites.
But from 192.168.2.8 neither will work. And nothing shows up the
messages file.
As frustrated as I am, I am sure its worse for you since you can't see
what is going on here.
I am sure I have
If you want to accept traffic from the wan zone, add a policy before the wan
all DROP info line:
wan fw ACCEPT
wan all DROP info
OR add a rule:
SECTION NEW
ACCEPT wan:192.168.1.1 fw tcp http
Bill
On 12/12/2017 2:36 PM, jamby wrote:
Bill
Made those changes and
Bill
Made those changes and attached the new files. Still not getting it
to work.
Dec 12 11:19:19 nub3 kernel: Shorewall:wan-fw:REJECT:IN=enp4s0 OUT=
MAC=00:18:f8:0c:9e:a6:b4:75:0e:39:a6:c4:08:00 SRC=192.168.1.1
DST=192.168.1.2 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=56014 DF PROTO=TCP
ok, I'll try..
thanksdino
On Tuesday, December 12, 2017 1:00 AM, Tom Eastep
wrote:
On 12/11/2017 02:49 PM, Tom Eastep wrote:
> On 12/11/2017 07:48 AM, dino muzic via Shorewall-users wrote:
>>
>> Hi,
>>
>> I was trying to DNAT as usually (pass-through external
For Red Hat based systems, yes remove GATEWAY= from
/etc/sysconfig/network and /etc/sysconfig/network-scripts/ifcfg-enp3s0
Ensure that there is a:
GATEWAY=192.168.1.1
DEFROUTE=yes
in /etc/sysconfig/network-scripts/ifcfg-enp4s0
Bill
Tom
Ran that command and got this back
sudo ip route del default via 192.168.1.1 dev enp3s0
RTNETLINK answers: No such process
Attached the files for enp 3/4 s0
Jim
It will be in your Distrobution's network configuration file for enp3s0.
That would be the stanza for that interface in
On 12/12/2017 10:19 AM, jamby wrote:
> On 12/12/2017 10:16 AM, jamby wrote:
>> On 12/12/2017 10:05 AM, Tom Eastep wrote:
>>> On 12/12/2017 09:26 AM, jamby wrote:
Sorry Tom
I am not sure what you mean. Is that the Interfaces file and the
Default info?
#ZONE
On 12/12/2017 10:16 AM, jamby wrote:
On 12/12/2017 10:05 AM, Tom Eastep wrote:
On 12/12/2017 09:26 AM, jamby wrote:
Sorry Tom
I am not sure what you mean. Is that the Interfaces file and the
Default info?
#ZONE INTERFACE OPTIONS
wan enp4s0
On 12/12/2017 10:05 AM, Tom Eastep wrote:
On 12/12/2017 09:26 AM, jamby wrote:
Sorry Tom
I am not sure what you mean. Is that the Interfaces file and the
Default info?
#ZONE INTERFACE OPTIONS
wan enp4s0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
lan
On 12/12/2017 09:26 AM, jamby wrote:
> Sorry Tom
>
> I am not sure what you mean. Is that the Interfaces file and the
> Default info?
>
> #ZONE INTERFACE OPTIONS
> wan enp4s0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
> lan enp3s0
Sorry Tom
I am not sure what you mean. Is that the Interfaces file and the
Default info?
#ZONE INTERFACE OPTIONS
wan enp4s0 dhcp,tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
lan enp3s0 tcpflags,nosmurfs,routefilter,logmartians,dhcp
On 12/12/2017 02:58 AM, Bill Shirley wrote:
> You should define policy for fw:
> fw all ACCEPT
> lan fw ACCEPT
> The order of these is important. They should be at the top. This is
> probably why
> 192.168.2.8 can't talk to the fw (192.168.2.1). Get traffic flowing and
> then narrow
Bill
Made the changes you suggested but still not working. I ran the ip
command and attached a file of the output.
Thanks
Jim
these were trying to ping 205.171.3.65
Dec 12 06:43:21 nub kernel: IPv4: martian source 192.168.1.2 from
192.168.1.1, on dev enp4s0
Dec 12 06:43:21 nub kernel:
You should define policy for fw:
fw all ACCEPT
lan fw ACCEPT
The order of these is important. They should be at the top. This is probably
why
192.168.2.8 can't talk to the fw (192.168.2.1). Get traffic flowing and then
narrow
it down to what is allowed.
In your snat file you're
25 matches
Mail list logo