Hi,
I'm trying to setup a DNAT which forwards requests originally directed to
127.0.0.1:8404 to 10.1.3.253:8404.
/etc/shorewall/zones:
#ZONE TYPEOPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
lan
Hi.
I have one server with Hetzner (www.hetzner.de), I installed a Proxmox
VE and I activated one additional IP address and one failover IP
address, so I have 3 IP addresses:
- the main IP address (Proxmox)
- one additional IP address (Virtual Machine)
- one failover IP address that needs to be r
Hi.
I have some clients that uses a Shorewall system as default gateway on
the LAN network 192.168.1.0/24.
The Shorewall system has a static route that redirect requests to
192.168.10.0/24 to the gateway 192.168.1.253, and it works of course.
How I can let all clients on 192.168.1.0/24 go to 192.1
Hi.
I'm using the following REDIRECT rule to redirect to port 125 all
traffic directed to port 25:
REDIRECTnet 125 tcp 25
Now I want a similar rule for localhost traffic too, making this scenario:
If I ask for 127.0.0.1:25 I have to get 127.0.0.1:125,
I'm configuring Shorewall on a server running VMWare which is using
bridged interfaces to the virtual machines.
How I have to setup the rules for the virtual, which have an own IP
address on the bridged interface of VMWare?
Thank you very much for your help!
Bye.
-
Hi.
I have to configure a DNAT rule in Shorewall with a DNS hostname as
destination of the DNAT, because the destination host could be changed
sometimes, but the port needs to be the same.
If I configure a DNAT rule using a DNS hostname (for example
"myhost.mylan.local:12345", Shorewall query the
> However, if you want to use L7-filter, just use the NFQUEUE target in
> Shorewall-perl 4.0.6 to send the traffic you want to be filtered by
> L7-flter to NFQUEUE.
So are you advising me to use ipp2p?
Some people told me that L7-Filter is better than ipp2p, and I like it
because it can recognise
> It is possible, somewhat unpolished, slower than it ought to be, and
> less than perfectly reliable. All that for quite a significant amount
> of work in setting it up.
Couldn't I test it?
How I can use L7-Filter with Shorewall?
Or you advise me to use a proxy instead of L7-Filter?
Hi!
How I can use L7-Filter (http://l7-filter.sourceforge.net/) with Shorewall?
Thank you very much!
Bye.
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.co
What about using the Application Layer Packet Classifier for Linux
(http://l7-filter.sourceforge.net/) to block p2p programs?
A friend of mine told me that in his college he can't use Emule for
all, and HTTPS connections are not disabled.
The network of the college allows the connections to the 22,
> Short answer - you can't !
So the only way is to remove the masquerading and to use a Squid and
allow only the port 80 (not the 443) and disable the connect method on
the port 80?
-
This SF.net email is sponsored by: Micros
Hi.
How I can block all connections from the p2p programs (Emule,
Bittorrent, etc.) with Shorewall?
Thank you very much.
Bye.
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 200
Hi.
I have a firewall configured with Shorewall with 2 zones: loc and net.
The firewall does the masquerading from the loc to the net zones.
I want to make a traffic shaping to let me to have a certain piece of
bandwith when I connect to the firewall from my fixed IP address,
independently from th
Hi.
I'm getting a lot of messages in my /var/log/syslog about martian
source from a lot of clients of my LAN network:
kernel: martian source 255.255.255.255 from 192.168.8.191, on dev eth0
kernel: martian source 192.168.8.2 from 192.168.8.103, on dev eth0
What's the problem?
Thank you very much
> Also, 'Invalid argument' iptables errors often indicate that your iptables
> is incompatible with your kernel. Did you build the iptables in the domU
> against the domU kernel source tree?
I don't know, as I am not the administrator of the dom0 and I have not
compiled the domU kernel...
---
I solved it, I didn't allowed the VPN to access the loc zone and viceversa...
I was stupid! :-)
Thank you very much!
Bye!!
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
h
Hi list!
I am configuring Shorewall on a Xen domU virtual machine.
I configured only the zones, interfaces, rules, policy and shorewall.conf files.
When I run "shorewall check" there aren't no problems, but when I try
to start shorewall I get this error a lot of time:
iptables: Invalid argument
i
Hi.
I configured a pptpd server and my /etc/shorewall/tunnels file is the following:
#TYPE ZONEGATEWAY GATEWAY
# ZONE
pptpserver net 0.0.0.0/0 -
I can connect to the VPN server, but I can't reach the machines in my
LAN (th
> You need 0.0.0.0/0 in the GATEWAY column.
Thank you very much! Now it works!
But this is not documented...
Bye!
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now
Hi.
I have a pptpd server on the wan interface (net), so I configured the
/etc/shorewall/tunnels file as follow:
#TYPE ZONEGATEWAY GATEWAY
# ZONE
pptpserver net
When I check the shorewall configuration I get this error:
ERROR: Unkn
Hi.
I'm configuring a Shorewall system with 3 zones (net, loc, dmz).
To access to the dmz from the net I configured some DNAT rules like this:
DNAT net dmz:192.168.2.1 tcp 22
With this rules I opened only some ports.
Now I'm thinking about the connection from loc to dmz.
I want
Ok, I decided to start to write my own Ulogd-php version... :-)
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJA
Hi.
What system or software are you using to show the iptables log files
(for example the dropped packages tagged as LOG in the Shorewall
rules)?
Thank you very much!
Bye.
-
This SF.net email is sponsored by: Splunk Inc.
Stil
23 matches
Mail list logo
