[Shorewall-users] (no subject)

___ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] (no subject)

I have several servers where I'm seeing this. Here's my understanding of the problem: 1)at some time in the past there was a printer at 192.168.3.25 which has now moved (probably DHCP) 2)at that time, the Windows PC at 192 168.1.222 latched onto that address 3)now that Windows PC can

Re: [Shorewall-users] (no subject)

Will Lowe wrote: > Can someone help me understand this particular log message? It is from a > Ricoh Printer on my main net to a computer on an adjacent net which is also > under my control.. Neither the printer nor this computer should be > communicating with each other for any reason. The com

Re: [Shorewall-users] (no subject)

Thank you, I did overlook that. On Thu, May 11, 2017 at 11:20 PM, Roberto C. Sánchez wrote: > On Thu, May 11, 2017 at 11:06:40PM -0500, Will Lowe wrote: > >Can someone help me understand this particular log message? It is > from a > >Ricoh Printer on my main net to a computer on an adjac

Re: [Shorewall-users] (no subject)

On Thu, May 11, 2017 at 11:06:40PM -0500, Will Lowe wrote: >Can someone help me understand this particular log message? It is from a >Ricoh Printer on my main net to a computer on an adjacent net which is >also under my control.. Neither the printer nor this computer should be >comm

[Shorewall-users] (no subject)

Can someone help me understand this particular log message? It is from a Ricoh Printer on my main net to a computer on an adjacent net which is also under my control.. Neither the printer nor this computer should be communicating with each other for any reason. The computer is not maned by anyone.

Re: [Shorewall-users] (no subject)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/28/2016 11:43 AM, Jacob W. Hiltz wrote: > Hello, > > I am trying to figure out how exactly I would limit outgoing > traffic from my LAN going to port 80 (web traffic). The rules below do not limit the traffic to 1mb, and although my download l

[Shorewall-users] (no subject)

Hello, I am trying to figure out how exactly I would limit outgoing traffic from my LAN going to port 80 (web traffic). The rules below do not limit the traffic to 1mb, and although my download limit is 80mbit, when I change a ‘tclcasses’ rule to a limit higher than 20mbit shorewall fails. eth

[Shorewall-users] (no subject)

i am reaving lots of martian broadcats Nov 8 15:37:57 firewall kernel: [ 895.708393] martian source 192.168.0.3 from 192.168.0.1, on dev eth0 Nov 8 15:37:57 firewall kernel: [ 895.708399] ll header: ff:ff:ff:ff:ff:ff:90:f6:52:3f:65:c0:08:00 Nov 8 15:37:59 firewall kernel: [ 897.711647] marti

Re: [Shorewall-users] (no subject)

On 02/14/2013 10:02 AM, Fred Maillou wrote: > Hello, > > Is there any mechanism provided by Shorewall that would handle > MASQ interfaces that are not up when Shorewall starts ? The > documentation mentions - if I remember correctly - that the use > of interfaces for such purpose is obsolete(d)

[Shorewall-users] (no subject)

Hello,   Is there any mechanism provided by Shorewall that would handle MASQ interfaces that are not up when Shorewall starts ?  The documentation mentions - if I remember correctly - that the use of interfaces for such purpose is obsolete(d).  But there are some situations in which an interface m

Re: [Shorewall-users] (no subject)

Anton Zolotarev wrote: > Здравствуйте, Shorewall-users. Zdrawstwuj, Anton Andrzej Odyniec -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, dat

[Shorewall-users] (no subject)

Здравствуйте, Shorewall-users. -- С уважением, Антон Золотарёв, инженер отдела технического обеспечения и информатизации администрации города Трёхгорного Челябинской области e-mail: m...@admin.trg.ru ICQ: 159161915 Skype: voyager_trg Тел.: +7 (35191) 6-06-78 --

Re: [Shorewall-users] (no subject)

Hi Tom, Thanks a lot that did the trick -Original Message- From: Tom Eastep [mailto:teas...@shorewall.net] Sent: Saturday, November 03, 2012 14:14 To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] (no subject) On 11/03/2012 04:24 AM, Bram Jansen wrote: >

Re: [Shorewall-users] (no subject)

On 11/03/2012 04:24 AM, Bram Jansen wrote: > Hi, > > I’m trying to configure shorewall 4.5.8.2 on a debian squeeze box with > the latest backport kernel together with. I like to filter traffic but > for some reason my rules get ignored. > > Kernel+iptables have physdev match support and bridge-nf-c

Re: [Shorewall-users] (no subject)

: [Shorewall-users] (no subject) Hi, I'm trying to configure shorewall 4.5.8.2 on a debian squeeze box with the latest backport kernel together with. I like to filter traffic but for some reason my rules get ignored. Kernel+iptables have physdev match support and b

[Shorewall-users] (no subject)

Hi, I'm trying to configure shorewall 4.5.8.2 on a debian squeeze box with the latest backport kernel together with. I like to filter traffic but for some reason my rules get ignored. Kernel+iptables have physdev match support and bridge-nf-call-iptables is set to 1 as

Re: [Shorewall-users] (no subject)

On 09/28/2012 11:59 AM, Dragan Jurkovic wrote: > On Fri, Sep 28, 2012 at 2:50 PM, Tom Eastep wrote: >> On 09/28/2012 11:37 AM, Dragan Jurkovic wrote: >>> Hi, >>> >>> I have IMAPS server which is behind firewall and accessible from >>> outside by simple DNAT rule: >>> >>> DNATnet

Re: [Shorewall-users] (no subject)

On Fri, Sep 28, 2012 at 2:50 PM, Tom Eastep wrote: > On 09/28/2012 11:37 AM, Dragan Jurkovic wrote: >> Hi, >> >>I have IMAPS server which is behind firewall and accessible from >> outside by simple DNAT rule: >> >> DNATnet loc:192.168.201.X:993 tcp N >> >> NNN

Re: [Shorewall-users] (no subject)

On 09/28/2012 11:37 AM, Dragan Jurkovic wrote: > Hi, > >I have IMAPS server which is behind firewall and accessible from > outside by simple DNAT rule: > > DNATnet loc:192.168.201.X:993 tcp N > > N is non-standard port. > I am havng trouble configuring shor

[Shorewall-users] (no subject)

Hi, I have IMAPS server which is behind firewall and accessible from outside by simple DNAT rule: DNATnet loc:192.168.201.X:993 tcp N N is non-standard port. I am havng trouble configuring shorewall to allow same access form inside. Even after thorough rea

Re: [Shorewall-users] (no subject)

TE> Slava wrote: >> >> >> Sorry, more details >> We divide web traffic in several group, each has CONNMARK for example >> 0x1...0xN, assigned in output chain after Tproxy-Squid. For incoming >> from i-net packets this MARK restored in PREROUTING and traffic go to >> IMQ for shaping. DIVERT set hi

Re: [Shorewall-users] (no subject)

Slava wrote: > > > Sorry, more details > We divide web traffic in several group, each has CONNMARK for example > 0x1...0xN, assigned in output chain after Tproxy-Squid. For incoming > from i-net packets this MARK restored in PREROUTING and traffic go to > IMQ for shaping. DIVERT set his own bit in

Re: [Shorewall-users] (no subject)

TE> On 06/19/2012 11:41 PM, Slava wrote: >> >> TE> Slava wrote: Hello. I am trying to do incoming traffic shaping with Squid-Tproxy-imq: local net -> Tproxy (Squid) -> output connmark 0x81 -> i-net prerouting restore -> imq -> filter DIVERT rule

Re: [Shorewall-users] (no subject)

On 06/19/2012 11:41 PM, Slava wrote: > > TE> Slava wrote: >>> Hello. >>> I am trying to do incoming traffic shaping with Squid-Tproxy-imq: >>> >>> local net -> Tproxy (Squid) -> output connmark 0x81 -> i-net prerouting >>> restore -> imq -> filter >>> >>> DIVERT rule add MARK> 0xff, le

Re: [Shorewall-users] (no subject)

TE> Slava wrote: >> Hello. >> I am trying to do incoming traffic shaping with Squid-Tproxy-imq: >> >> local net -> Tproxy (Squid) -> output connmark 0x81 -> i-net prerouting >> restore -> imq -> filter >> >> DIVERT rule add MARK > 0xff, let OR 0x200, MARK become 0x281 >> >> But in tcclasse

Re: [Shorewall-users] (no subject)

Slava wrote: > Hello. > I am trying to do incoming traffic shaping with Squid-Tproxy-imq: > > local net -> Tproxy (Squid) -> output connmark 0x81 -> i-net prerouting > restore -> imq -> filter > > DIVERT rule add MARK > 0xff, let OR 0x200, MARK become 0x281 > > But in tcclasses i must use m

[Shorewall-users] (no subject)

Hello. I am trying to do incoming traffic shaping with Squid-Tproxy-imq: local net -> Tproxy (Squid) -> output connmark 0x81 -> i-net prerouting restore -> imq -> filter DIVERT rule add MARK > 0xff, let OR 0x200, MARK become 0x281 But in tcclasses i must use mark 1..255 and can't use MASK

Re: [Shorewall-users] (no subject)

Le mardi 5 juillet 2011 02:37, m...@smtp.fakessh.eu a écrit : sorry for the error postfing --  http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7  gpg --keyserver pgp.mit.edu --recv-key 092164A7 pgpuF9BWdT0TI.pgp Description: PGP signature --

[Shorewall-users] (no subject)

--  http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x092164A7  gpg --keyserver pgp.mit.edu --recv-key 092164A7 -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitiv

[Shorewall-users] (no subject)

Hi I am having trouble starting Shorewall6 on Ubuntu 10.04 or 10.10 server. The server currently has Shorewall4 and Shorewall6 4.4.17 installed from the tarball. Shorewall4 starts fine and works as intended. However when I type shorewall6 check (or start) I get the following error: Checking poli

[Shorewall-users] (no subject)

http://discoverysrilanka.com/start.php -- Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Busine

[Shorewall-users] (no subject)

http://statuselectrotech.com/index0005.php -- What happens now with your Lotus Notes apps - do you make another costly upgrade, or settle for being marooned without product support? Time to move off Lotus Notes and

[Shorewall-users] (no subject)

http://studioview.com.br/here.php -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and

[Shorewall-users] (no subject)

http://aigipe.it/here.php -- Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage and VMware View: A highly scal

[Shorewall-users] (no subject)

http://sites.google.com/site/jfgkewjgkjwgjwgwhq/phtv4a -- Centralized Desktop Delivery: Dell and VMware Reference Architecture Simplifying enterprise desktop deployment and management using Dell EqualLogic storage a

[Shorewall-users] (no subject)

shorewall docs say to add these netowrks which confuses me in net map? More so that the two 10.10.11 and 10.10.10 are different networks. SNAT 192.168.1.0/24 vpn 10.10.11.0/24#RULE 1A DNAT 10.10.11.0/24 vpn 192.168.1.0/24 #RULE 1B The entry in /etc/sh

[Shorewall-users] (no subject)

Guilherme Cunha Grupo de Processamento Paralelo e Distribuído (G3PD) Wiki: http://www.guilhermecunha.com.br IM: guilhermecu...@jabber.org Ubuntu User number is # 21803 Linux user number # 470582 -- _

Re: [Shorewall-users] (no subject)

Pieter Donche wrote: > > The last log rotation took place a few hours ago. > > But I noticed already yesterday, that any logging to /var/log/firewall > suddenly ceased yesterday at 19:37. > > I don't understand why, my syslog-ng deamon is still running and > logging in other files specified in

Re: [Shorewall-users] (no subject)

Pieter Donche wrote: > My shorewall is running for over a year on a DELL PC with OpenSUSE 10.2. > > Logging in SUSE linux is done in the file /var/log/firewall > (for all firewall messages (iptables) > > (see also the note "Syslog-ng" in > http://www.shorewall.net/shorewall_logging.html) > The

[Shorewall-users] (no subject)

My shorewall is running for over a year on a DELL PC with OpenSUSE 10.2. Logging in SUSE linux is done in the file /var/log/firewall (for all firewall messages (iptables) (see also the note "Syslog-ng" in http://www.shorewall.net/shorewall_logging.html) These logs are rotated about once a week

[Shorewall-users] (no subject)

Hello Tom. I ask you before about method of stopping RFC1918 traffic on external interface and you advised me follow rule: REJECT! all net:$RFC1918_NETS Can i replace this rule by 'norfc1918' option in 'interfaces' file for this interface? Alex

Re: [Shorewall-users] (no subject)

paul cooper wrote: > gentoo linux and shorewall 3.4.6 > > when i try to start shorewall ( with the one-interface sonfig). Something > starts because i cant access any web pages until i do shorewall clear > following this ( ?abortive) startup > Searching the srchives for libipt_state didnt give any

[Shorewall-users] (no subject)

gentoo linux and shorewall 3.4.6 when i try to start shorewall ( with the one-interface sonfig). Something starts because i cant access any web pages until i do shorewall clear following this ( ?abortive) startup Searching the srchives for libipt_state didnt give anythign arsenal one-interface #

[Shorewall-users] (no subject)

hi, I have been trying to set up shorewall for 2 ISPs and nothing fancy but am facing the problem that smtp,pop,ssh,ping and irc dont go through when I enable the masq. I am running Mandriva 2007. My setup is: eth0 192.168.2.201 - local lan eth2 202.x.x.3 gateway 202.x.x.1 isp1 eth3 222.x.x.

Re: [Shorewall-users] (no subject)

Will Murnane wrote: > On 4/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> cd i have any example of rules for the above > You'll want to allow whatever ports you're using for incoming and > outgoing mail, and perhaps SSH as well. Then block everything else. > This should be straightforward

Re: [Shorewall-users] (no subject)

On 4/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > sorry for my earlier incomplete mail:... > > Dear All, > > I am using CentOS 4 which is used as a mail server running and everything > workin fine > I am new to shorewall and like to install shorewall on the above mail server > > can i insta

[Shorewall-users] (no subject)

sorry for my earlier incomplete mail:... Dear All, I am using CentOS 4 which is used as a mail server running and everything workin fine I am new to shorewall and like to install shorewall on the above mail server can i install shorewall on the mail server or do i need a separate machine cd i h

Re: [Shorewall-users] (no subject) <= ??

Tristan DEFERT wrote: >> ... >> Policies override any rules !!! >> ... Tom Eastep wrote: > ... > > Nonsense!! Policies are default rules which get applied when a new > connection doesn't match any of the rules. Or to say it another way: - rules are exceptions to policies -- Paul

Re: [Shorewall-users] (no subject)

> I would be even happier if i could limit him by his mac address but > thats not to important. See the documentation for rules how MAC addresses are noted in Shorewall, and how to use it in rules. REJECT loc:~00-A0-C9-15-39-78 net karsten -- [ESR] Eric S. Raymond: "How To Ask Question

Re: [Shorewall-users] (no subject)

On Wed, 2007-03-21 at 14:04 +0530, Prasanna Krishnamoorthy wrote: > The order of the rules matters! > > Make sure that the reject rule comes before > > loc all ACCEPT > > fw all ACCEPT > > net all DROP > > all all REJECT While you are correct that the order of rules is important, the above are *p

Re: [Shorewall-users] (no subject) <= ??

Tristan DEFERT wrote: > Le mercredi 21 mars 2007 à 09:00 +0100, Toralf Niebuhr a écrit : >> HI. >> >> My plan is to limit the ip address 192.168.3.150 to the local zone only. >> >> First my policy: >> >> =>>> loc all ACCEPT > Policies override any rules !!! Nonsense!! Policies are defa

Re: [Shorewall-users] (no subject) <= ??

On Wed, Mar 21, 2007 at 09:28:25AM +0100, Tristan DEFERT wrote: > Le mercredi 21 mars 2007 à 09:00 +0100, Toralf Niebuhr a écrit : > > HI. > > > > My plan is to limit the ip address 192.168.3.150 to the local zone only. > > > > First my policy: > > > > =>>> loc all ACCEPT > Policies

Re: [Shorewall-users] (no subject) <= ??

Le mercredi 21 mars 2007 à 09:00 +0100, Toralf Niebuhr a écrit : > HI. > > My plan is to limit the ip address 192.168.3.150 to the local zone only. > > First my policy: > > =>>> loc all ACCEPT Policies override any rules !!! should use reject/drop instead and allow some trafic in rul

Re: [Shorewall-users] (no subject)

The order of the rules matters! Make sure that the reject rule comes before > loc all ACCEPT > fw all ACCEPT > net all DROP > all all REJECT Please resend with relevant details as given in the shorewall.net troubleshooting link. Prasanna.

[Shorewall-users] (no subject)

HI. My plan is to limit the ip address 192.168.3.150 to the local zone only. First my policy: loc all ACCEPT fw all ACCEPT net all DROP all all REJECT and my rules ACCEPT net fw icmp ACCEPT net fw tcp 80 #ACCEPT net fw tcp 20 #ACCEPT net fw tcp 21 ACCEPT net fw tcp ssh ACCEPT net fw tcp 4916