Hi Sebastian.
> I've recently set up our shorewall based firewall to use our GrandStream voip
> phones connecting to sipgate.de.
> I'm experiencing some problems as after some time (2-3 hours) the phones are
> still registered but when calling
> so. I can't hear them (but the other side can hea
Hi,
yesterday I got a very strange error on our productive firewall when I
tried a "shorewall restart".
Following the output:
Processing /etc/shorewall/init ...
Setting up Route Filtering...
Setting up Martian Logging...
Setting up Proxy ARP...
Adding Providers...
Setting up Traffic Contr
Hi all,
it's not an explicit shorewall thing, but I'm very desperate at
the moment and hope that someone here has a good idea or hint for
me.
On a shorewall firewall system I have a little VMware image
running, only purpose is to act as IPsec
Hi all,
I set up an IPSEC tunnel according to the tutorial at
http://www.shorewall.net/IPSEC-2.6.html. In the following I will refer
to the picture and rules there.
The company at side B now wants, that all clients from side A appear to
have a single address, say 192.168.200.1. So the question
Ok, I found a missing link in the IPSEC configuration. Things are
working now.
One essential point to mention is, that the declaration of the vpn zone
in /etc/shorewall/zones has to be first, before the declaration of the
net zone. If you don't do this, Shorewall will put the connection into
th
gt; vpn". But not further.
Regards,
Christian
Artur Uszyn'ski wrote:
> W dniu 2007-10-05 10:36, Christian Vieser pisze:
>
>> Hi all,
>>
>> I set up an IPSEC tunnel according to the tutorial at
>> http://www.shorewall.net/IPSEC-2.6.html. In the foll
Hi all,
after a half day searching for an error, sniffing and upgrading to the
newest shorewall version I give up and the problem to you. I have
following configuration in my /etc/shorewall/masq:
#INTERFACE SOURCEADDRESS
vlan7::10.231.0.0/16 192.168.222.0/24
Hi all,
after a half day searching for an error, sniffing and upgrading to the
newest shorewall version I give up and the problem to you. I have
following configuration in my /etc/shorewall/masq:
#INTERFACE SOURCEADDRESS
vlan7::10.231.0.0/16 192.168.222.0/
;setkey -F -P" and now the packets go through.
The typical hassle with old configs remaining somewhere in the system.
Thanks a lot,
Christian
--
Christian Vieser
Tel: +49 (0) 7251.93258-124
Fax: +49 (0) 7251.93258-119
E-Mail: [EMAIL PROTECTED]
-
opt
On Tue, Feb 19, 2008 at 06:10:13AM -0400, Chris Mason wrote:
>> My vlans follow the naming convention you
>> detail above. Given that, how do I refer to them in Shorewall?
>>
Just with the name "vlan780" , "vlan790" like "eth0", "eth1". In linux
(and other Unix OS) a vlan device is handled l
Hello all,
after reading all the Shorewall documentation about multi-ISP and
routing some questions remain.
I have a Shorewall system running connected to two ISPs. Up to now I use
static routes, defined in the linux system, and a default route pointing
to one of the interfaces. I don't use th
Tom Eastep wrote:
>
>> So, what's the difference between defining routing on linux ("route add
>> -net") and using /etc/shorewall/route_roules? Is there any advantage
>> to use the one or other?
> They do totally different things. "route add" (which is deprecated in favor
> of "ip route add")
Hi all,
my officemate asked me recently, if there is any tool available to analyze
the shorewall policies and rules to get a "picture" of the allowed
connections,
or to get a list of allowed connections for a given IP.
Since firewall rules tend to get more complex and confusing over the
time :-
Ok, just putting a few answers together.
Karsten Bräckelmann wrote:
> To put it in other words: Isn't the shorewall configuration sufficient
> to get a picture of allowed traffic?
>
> Since you specifically mentioned "small businesses", how large and
> complicated are your policies and rules
Don Drohman wrote:
> This is an excellent question, and has relevance beyond just
> troubleshooting and maintenance. I don't know how many times an auditor
> has asked the pointed audit question, "What controls (tools and
> processes) do you use to verify the technology in place is configured
> cor
Linux Advocate schrieb:
> i thought vlans could only be done by switches, not by
> shorewall. cant seem to find the doc page about vlan setup
> at the shorewall site. or is the vlan setup done in the OS
> and not thru shorewall?
Exactly. Shorewall doesn't care if an interface is physical or virtu
Hi Tal,
I can only give a hint to your point 1:
1. Communicate between VLANxx to LAN & outside.
>
> providers:
>
> bzq1 1 1main ppp0 - track,balance vlan10
> bzq2 2 2main ppp1 - track,balance vlan20
> zhav1 3 3main ppp2 - tr
Vitaly Burshteyn schrieb:
> How can I block a specific url?
>
> Aka, I don't want anybody hitting mysite.com/fo from outsite the
> firewall???
>
You can simply do it in your web server (.htaccess file with apache).
There you can have even mixed rules, so that your employees have no
authenti
Hi,
I'm running a shorewall box with balancing over three ISPs and have two data
transfers to customers via ftps. All went fine, but suddenly the ftp
jobs didn't work
any more. I discovered, that sometimes the ftps control session left the
firewall on
ISP 1 and the data session on ISP 2. So the
Tom wrote:
>>> Is there a "shorewall way" to solve this problem?
>>
>> I would start with http://www.shorewall.net/MultiISP.html.
>> Sounds like the "track" option may solve this.
>
> I agree that this is another case where 'track' should help.
I'm sorry, but I found no hint in the MultiISP
Tom Eastep wrote:
> Try using the 'SAME' MARK/CLASSIFY target in a tcrule that specifies the
> ftps client's address in the SOURCE column.
Hi Tom,
thank you very much for pointing me to the right direction. Although I
run firewalls for a while now, I have no experience with the abilities
of tcrule
21 matches
Mail list logo
