Re: [Shorewall-users] HELP

Il 16/09/22 16:59, Tim Taylor ha scritto: [...] I am trying to get port 443 to NAT to a server in my DMZ. I can telnet to 443 from inside,  I can telnet to 443 from the firewall, but I get this when trying to telnet to 443 PhxFw1 kernel: SW:net-fw:DROP: IN=bond-ext.5 OUT= MAC=xx:xx:xx:xx:xx

Re: [Shorewall-users] HELP

On Fri, Sep 16, 2022 at 02:59:50PM +, Tim Taylor wrote: > I do not know if this is the correct place, but I am looking for assistance. > If this is not the right place, or if there is a better place, I would > appreciate any assistance. > I am very new to Shorewall, and inherited it from a p

[Shorewall-users] HELP

I do not know if this is the correct place, but I am looking for assistance. If this is not the right place, or if there is a better place, I would appreciate any assistance. I am very new to Shorewall, and inherited it from a previous employee. I am trying to get port 443 to NAT to a server in

Re: [Shorewall-users] Help with routing

Ruth Ivimey-Cook wrote: > > Simon, many thanks for your extended reply! FWIW, the Link is 10GbE while the > Lan is 1GbE. > > I had got as far as option 1, (which creates a host route to the other side), > and another host route to the other ip of the other side. Actually, if you look there ar

Re: [Shorewall-users] Help with routing

Simon, many thanks for your extended reply! FWIW, the Link is 10GbE while the Lan is 1GbE. I had got as far as option 1, (which creates a host route to the other side), and another host route to the other ip of the other side. So in netplan-speak:     enp5s0f0:  // PTP link   addresses:

Re: [Shorewall-users] Help with routing

Ruth Ivimey-Cook wrote: > I want to link two hosts on the same net with a dedicated (fast) link, while > both have access to other computers on the same net via another interface. I > have got the routing sorted, but I keep having to delete automatically-added > network routes (/24 etc) when I

Re: [Shorewall-users] Help with routing

On Mon, 13 Sep 2021 15:17:16 +0100 Ruth Ivimey-Cook wrote: > This isn't a shorewall problem, but I'm hoping for a pointer to help > :-) > > I want to link two hosts on the same net with a dedicated (fast) > link, while both have access to other computers on the same net via > another interface.

[Shorewall-users] Help with routing

This isn't a shorewall problem, but I'm hoping for a pointer to help :-) I want to link two hosts on the same net with a dedicated (fast) link, while both have access to other computers on the same net via another interface. I have got the routing sorted, but I keep having to delete automatica

Re: [Shorewall-users] Help migrating to "new" actions

On 5/3/2020 11:16 AM, Nicola Ferrari (#554252) wrote: Hi list... I've been using shorewall for several years.. Thank you for your great job. Now i'm testing a new machine, with ubuntu, in a "two-interface" config. Everything is working fine.. I'm only getting WARNING: "You are using the depre

[Shorewall-users] Help migrating to "new" actions

Hi list... I've been using shorewall for several years.. Thank you for your great job. Now i'm testing a new machine, with ubuntu, in a "two-interface" config. Everything is working fine.. I'm only getting WARNING: "You are using the deprecated Reject default action. Please see WARNING: "You

Re: [Shorewall-users] Help with isolation

On 01/30/2016 12:22 AM, Iam7of9 Iam7of9 wrote: > I have a two-interface shorewall setup. > I also have a dhcp server which gives a small range of ip address to > unknown host, and allow them on the network. The rest are all fixed > addresses assigned according to macs. > I want to isolate ( not bei

[Shorewall-users] Help with isolation

I have a two-interface shorewall setup. I also have a dhcp server which gives a small range of ip address to unknown host, and allow them on the network. The rest are all fixed addresses assigned according to macs. I want to isolate ( not being able to see the other users) and put certain restricti

Re: [Shorewall-users] Help with Auto Blacklist event

Hi! On 26/03/2015 18:54, Hill, John wrote: > I set up an SSH auto blacklist as the docs explained. > > Using a miodified stock rule in the ?new section > > AutoBL(SSH,-,-,-,REJECT,warn)net$FW tcp22, > > > > Also in the ?new section > > I have a dnat rule fo

[Shorewall-users] Help with Auto Blacklist event

I think I see my dumb mistake: The event adds the SSH ACCEPT for the src ip? I don't need a macro in the rules file for the dst of the event. If I am correct, I would still need a macro for loc? --John Hill -- Dive into th

[Shorewall-users] Help with Auto Blacklist event

I set up an SSH auto blacklist as the docs explained. Using a miodified stock rule in the ?new section AutoBL(SSH,-,-,-,REJECT,warn)net$FW tcp22, Also in the ?new section I have a dnat rule for port to a loc:xxx.xxx.xxx.xxx:22 In ?all section I have SSH(ACCE

Re: [Shorewall-users] Help with configuration bridge/kvm vnet host

On Tuesday 08 April 2014 08.59:04 Tom Eastep wrote: > On 4/7/2014 3:38 AM, Bruno Friedmann wrote: > > > M, I will never find a small enough hole to hide myself in it!!! > > My feeling of missing something evident confirmed, a big thanks Tom. > > > > After fixing the failure, I've tried the co

Re: [Shorewall-users] Help with configuration bridge/kvm vnet host

On 4/7/2014 3:38 AM, Bruno Friedmann wrote: > M, I will never find a small enough hole to hide myself in it!!! > My feeling of missing something evident confirmed, a big thanks Tom. > > After fixing the failure, I've tried the configuration. But I'm a bit puzzle > by the log I get > > I'm

Re: [Shorewall-users] Help with configuration bridge/kvm vnet host

On Friday 04 April 2014 08.44:39 Tom Eastep wrote: > On 4/3/2014 6:00 AM, Bruno Friedmann wrote: > > Dear shorewall users, I'm at a point I need a bit of help on the following > > configuration > > > > A main host directly connected to internet with one physical interface eth0 > > use a bridge >

Re: [Shorewall-users] Help with configuration bridge/kvm vnet host

On 4/3/2014 6:00 AM, Bruno Friedmann wrote: > Dear shorewall users, I'm at a point I need a bit of help on the following > configuration > > A main host directly connected to internet with one physical interface eth0 > use a bridge > I've setup libvirtd/qemu-kvm on it with one vhost using br0/vn

[Shorewall-users] Help with configuration bridge/kvm vnet host

Dear shorewall users, I'm at a point I need a bit of help on the following configuration A main host directly connected to internet with one physical interface eth0 use a bridge I've setup libvirtd/qemu-kvm on it with one vhost using br0/vnet0 The vm has also a public ipv4 address (see k* conf

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

thanks answered my on question by just using the ftp helper no src or dst port. now ftp traffic gets marked. On Wed, Nov 13, 2013 at 1:19 AM, JC Putter wrote: > Tom or anyone > > Last question. > > i have a tcrule to limit ftp as well now and i am using the ftp helper > however i am not seeing

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

Tom or anyone Last question. i have a tcrule to limit ftp as well now and i am using the ftp helper however i am not seeing any hits on the rule. any ideas why? 80 and 443 work 100% now.. see attached On Tue, Nov 12, 2013 at 7:58 PM, JC Putter wrote: > Tom, > > Thank you very much! got it wor

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

Tom, Thank you very much! got it working, after re-reading shorewall.conf man FORWARD_CLEAR_MARK was not set (which if i understand the man correctly it defaults to YES?) after changing it to No, it seems to work now! On Tue, Nov 12, 2013 at 7:10 PM, Tom Eastep wrote: > On 11/12/2013 8:24 AM,

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

On 11/12/2013 8:24 AM, JC Putter wrote: > attached the shorewall dump. > > MARK_IN_FORWARD_CHAIN=No > As I explained in the last email, it is *never* going to work with MARK_IN_FORWARD_CHAIN=No and FORWARD_CLEAR_MARK=Yes. You must change the setting of one or the other or you must do your markin

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

attached the shorewall dump. MARK_IN_FORWARD_CHAIN=No many thanks On Tue, Nov 12, 2013 at 6:07 PM, Tom Eastep wrote: > On 11/12/2013 7:47 AM, JC Putter wrote: > > Tom, > > > > Thank you for you reply. Please accept my apologies for the email format. > > > > Here is my config now, i have MARK

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

On 11/12/2013 7:47 AM, JC Putter wrote: > Tom, > > Thank you for you reply. Please accept my apologies for the email format. > > Here is my config now, i have MARK_IN_FORWARD_CHAIN=No > > > LAN=eth0 > WAN=eth2 > > so traffic now goes to the default class which is good however seems > like my

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

Tom, Thank you for you reply. Please accept my apologies for the email format. Here is my config now, i have MARK_IN_FORWARD_CHAIN=No LAN=eth0 WAN=eth2 so traffic now goes to the default class which is good however seems like my marking isn't working because as shown in tcrules, i've mark tho

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

On 11/11/2013 4:57 AM, JC Putter wrote: > Hi, > > anyone that can maybe assist? > > Thanks > > > On Sun, Nov 10, 2013 at 9:39 AM, JC Putter > wrote: > > Hi, > > i am using shorewall 4.5.21.3 on CentOS 6.4. i have a two interface > firewall, one wan and

Re: [Shorewall-users] Help with Shorewall Traffic Shaping

Hi, anyone that can maybe assist? Thanks On Sun, Nov 10, 2013 at 9:39 AM, JC Putter wrote: > Hi, > > i am using shorewall 4.5.21.3 on CentOS 6.4. i have a two interface > firewall, one wan and the another lan. > > the firewall is doing masquerading for the lan, i am trying to setup some > QoS

[Shorewall-users] Help with Shorewall Traffic Shaping

Hi, i am using shorewall 4.5.21.3 on CentOS 6.4. i have a two interface firewall, one wan and the another lan. the firewall is doing masquerading for the lan, i am trying to setup some QoS policies however finding it difficult to work. Also i need some advise and better explanation, according to

Re: [Shorewall-users] help

On Wed, Sep 25, 2013 at 03:26:34PM +, Myron Ramdhani wrote: > Hi > > I have two different subnets in two separate geographical locations. Each > subnet needs to be able to connect to each other and route traffic vice versa. > On subnet A (10.5.100.0/24), I have a shorewall firewall with a sta

[Shorewall-users] help

Hi I have two different subnets in two separate geographical locations. Each subnet needs to be able to connect to each other and route traffic vice versa. On subnet A (10.5.100.0/24), I have a shorewall firewall with a static IP breaking out onto the internet. On subnet B (10.5.101.0/24), I hav

Re: [Shorewall-users] Help with DNAT and internal client

On Fri, May 18, 2012 at 2:10 PM, Tom Eastep wrote: > On 05/18/2012 09:53 AM, emilianovazq...@gmail.com wrote: > > Hi to everyone! > > > > I'm stuck with this problem. I have a notebook who connects to a dvr > > and have a software client configured to work with no-ip. > > > > When the client is o

Re: [Shorewall-users] Help with DNAT and internal client

On 05/18/2012 09:53 AM, emilianovazq...@gmail.com wrote: > Hi to everyone! > > I'm stuck with this problem. I have a notebook who connects to a dvr > and have a software client configured to work with no-ip. > > When the client is outside the LAN he can connect but when he is on > the LAN (get dhcp

[Shorewall-users] Help with DNAT and internal client

Hi to everyone! I'm stuck with this problem. I have a notebook who connects to a dvr and have a software client configured to work with no-ip. When the client is outside the LAN he can connect but when he is on the LAN (get dhcp ip and work inside shorewall network) he never can connect. Even i

Re: [Shorewall-users] Help

On 12/01/2010 11:45 AM, Tom Eastep wrote: > On 12/01/2010 11:35 AM, Orlandinei Vujanski wrote: >> Do not want to remove Shorewall Tom, I want to pass these commands iptables >> shorewall, how? > > Please read what I wrote. You cannot pass those commands to Shorewall and > without knowing how you h

Re: [Shorewall-users] Help

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le 01.12.2010 20:27, Tom Eastep a écrit : > On 12/1/10 10:55 AM, Orlandinei Vujanski wrote: >> How to put the following rules in shorewall? >> >> iptables -I INPUT -d 172.25.5.192/28 -j ACCEPT >> >> iptables -I OUTPUT -d 172.

Re: [Shorewall-users] Help

On 12/01/2010 11:35 AM, Orlandinei Vujanski wrote: > Do not want to remove Shorewall Tom, I want to pass these commands iptables > shorewall, how? Please read what I wrote. You cannot pass those commands to Shorewall and without knowing how you have configured your firewall, I can't tell you anyth

Re: [Shorewall-users] Help

Do not want to remove Shorewall Tom, I want to pass these commands iptables shorewall, how? 2010/12/1 Tom Eastep > On 12/1/10 10:55 AM, Orlandinei Vujanski wrote: > > How to put the following rules in shorewall? > > > > iptables -I INPUT -d 172.25.5.192/28 -j ACCEPT

Re: [Shorewall-users] Help

On 12/1/10 10:55 AM, Orlandinei Vujanski wrote: > How to put the following rules in shorewall? > > iptables -I INPUT -d 172.25.5.192/28 -j ACCEPT > > iptables -I OUTPUT -d 172.25.5.192/28 -j ACCEPT > > iptables -I FORWARD -d 172.25.5.192/28

[Shorewall-users] Help

How to put the following rules in shorewall? iptables -I INPUT -d 172.25.5.192/28 -j ACCEPT iptables -I OUTPUT -d 172.25.5.192/28 -j ACCEPT iptables -I FORWARD -d 172.25.5.192/28 -j ACCEPT iptables -I INPUT -s 172.25.5.192/28 -j ACCEPT iptables -I OUTPUT -s 172.25.5.192/28 -j ACCEPT iptable

Re: [Shorewall-users] help for newbie on shorewall multiple isp

On 9/16/10 10:22 PM, Lito Kusnadi wrote: > > The lsm I got v0.53 compiled as rpm using centos, i can see lsm triggers > the script (/etc/lsm/script) when a link is down. When the link > recovers, lsm doesn't trigger the script. > > Even the formula in lsm readme file says it can detect the link i

Re: [Shorewall-users] help for newbie on shorewall multiple isp

As a result, I only have 1 link at all time after the first failure happens. I know this is not lsm mailing list, but I just want to find out any feedback from people who's done this. Thank you. --- On Fri, 17/9/10, Tom Eastep wrote: From: Tom Eastep Subject: Re: [Shorewall-users] hel

Re: [Shorewall-users] help for newbie on shorewall multiple isp

On 9/16/10 8:06 PM, Tom Eastep wrote: > On 9/16/10 7:59 PM, Lito Kusnadi wrote: >> I tried to use lsm, seems there's issue with the restore when the failed >> link is up. Then I got this warning when trying to check shorewall: >> WARNING: Interface eth1 is not usable -- Provider AC3 (2) not Added >

Re: [Shorewall-users] help for newbie on shorewall multiple isp

On 9/16/10 7:59 PM, Lito Kusnadi wrote: > I tried to use lsm, seems there's issue with the restore when the failed > link is up. Then I got this warning when trying to check shorewall: > WARNING: Interface eth1 is not usable -- Provider AC3 (2) not Added > > I am trying to revert everything back t

Re: [Shorewall-users] help for newbie on shorewall multiple isp

er (lsm). Thanks Tom. --- On Fri, 17/9/10, Tom Eastep wrote: From: Tom Eastep Subject: Re: [Shorewall-users] help for newbie on shorewall multiple isp To: shorewall-users@lists.sourceforge.net Received: Friday, 17 September, 2010, 3:00 AM On 9/16/10 6:45 PM, Lito Kusnadi wrote: > Thank

Re: [Shorewall-users] help for newbie on shorewall multiple isp

On 9/16/10 6:45 PM, Lito Kusnadi wrote: > Thanks Tom, I got it working. > > Question about link failover, just thinking if the requirement scope > can be expanded :) > > Currently, I am telling shorewall to redirect dmz and loc traffic > inside route_rules. And you mentioned that if I am using

Re: [Shorewall-users] help for newbie on shorewall multiple isp

From: Tom Eastep Subject: Re: [Shorewall-users] help for newbie on shorewall multiple isp To: shorewall-users@lists.sourceforge.net Received: Thursday, 16 September, 2010, 2:32 PM On 9/15/10 10:01 PM, Lito Kusnadi wrote: > Hi Tom, > thank you for your reply. sorry for the text wrapping as I&

Re: [Shorewall-users] help for newbie on shorewall multiple isp

On 9/15/10 10:01 PM, Lito Kusnadi wrote: > Hi Tom, > thank you for your reply. sorry for the text wrapping as I'm using web mail. > > I have attached the gz format of shorewall dump. > > To clarify the objective: > I want to redirect traffic from dmz (eth2) to use AC3 (eth1) link and > redirect t

Re: [Shorewall-users] help for newbie on shorewall multiple isp

9/10, Tom Eastep wrote: > From: Tom Eastep > Subject: Re: [Shorewall-users] help for newbie on shorewall multiple isp > To: shorewall-users@lists.sourceforge.net > Received: Thursday, 16 September, 2010, 2:26 AM > On 9/15/10 5:47 PM, Lito Kusnadi > wrote: > > > I have be

Re: [Shorewall-users] help for newbie on shorewall multiple isp

On 9/15/10 5:47 PM, Lito Kusnadi wrote: > I have been using shorewall for a number of years, but I haven't > really tried to use packet marking or multiple isp before. > > I have a project to build firewall system with 2 isp links. The > target is to set shorewall with 2 isp link, with vrrp for

[Shorewall-users] help for newbie on shorewall multiple isp

I have been using shorewall for a number of years, but I haven't really tried to use packet marking or multiple isp before. I have a project to build firewall system with 2 isp links. The target is to set shorewall with 2 isp link, with vrrp for failover to another shorewall box. However, I wan

Re: [Shorewall-users] [HELP REQUEST]: Connecting multiple VPN interfaces

On 09/14/2010 09:31 AM, David López Zajara (Er_Maqui) wrote: > Well, > > My actual running configuration are these: > zones: > PPTPipv4 > interfaces: > PPTPppp+ You need to add the 'routeback' option on this entry. That will eliminate this problem: Sep 14 18:28:07 FORWARD:REJECT:IN=ppp0

Re: [Shorewall-users] [HELP REQUEST]: Connecting multiple VPN interfaces

Ok, setting the routeback parameter on interfaces are working fine. My running (and OK) configuration now are: interfaces: PPTPppp+- routeback Thanks for all. http://maqui.darkbolt.net/ Linux registered user ~#363219 PGP keys avaiables at KeyServ. ID: 0x4233E9F2 Lo

Re: [Shorewall-users] [HELP REQUEST]: Connecting multiple VPN interfaces

Well, My actual running configuration are these: zones: PPTPipv4 interfaces: PPTPppp+ policy: PPTPall ACCEPT The hosts file are empty. I doesn't change the ip addresses because these lines are from shorewall manual, i've tried with them. But on the moment of writin

Re: [Shorewall-users] [HELP REQUEST]: Connecting multiple VPN interfaces

On 9/14/10 8:05 AM, David López Zajara (Er_Maqui) wrote: > Hi, > > It's my first time writing on the list, for one question: > > If isn't the correct site, please tell me and ignore message. > > I have multiple shorewall configured across my networks, but i have one > problem with one of them: >

[Shorewall-users] [HELP REQUEST]: Connecting multiple VPN interfaces

Hi, It's my first time writing on the list, for one question: If isn't the correct site, please tell me and ignore message. I have multiple shorewall configured across my networks, but i have one problem with one of them: First, include an schema: | |

Re: [Shorewall-users] help with accounting

On 9/6/10 3:16 PM, Ricardo Kleemann wrote: > Hi, > > I'm trying to setup accounting, but I want to get it down to a > particular IP behind the firewall. > > As an example, I could have a simple smtp accounting rule like this: > > smtp:COUNT - eth0eth1tcp 2

Re: [Shorewall-users] help with accounting

On 9/6/10 3:16 PM, Ricardo Kleemann wrote: > Hi, > > I'm trying to setup accounting, but I want to get it down to a > particular IP behind the firewall. > > As an example, I could have a simple smtp accounting rule like this: > > smtp:COUNT - eth0eth1tcp 2

[Shorewall-users] help with accounting

Hi, I'm trying to setup accounting, but I want to get it down to a particular IP behind the firewall. As an example, I could have a simple smtp accounting rule like this: smtp:COUNT   -   eth0    eth1    tcp 25 smtp:COUNT   -   eth1    eth0    tcp 

Re: [Shorewall-users] Help - Please

Thanks Tom This works perfectly. Congratulations. *Orlandinei Vujanski* Information Technology - Network Administrator Porto de Cima Adm. Part. e Serv. S/A - Grupo J.Malucelli (41) 3351-5587 www.jmalucelli.com.br Esta mensagem pode conter informação co

Re: [Shorewall-users] Help - Please

On 04/27/2010 01:58 PM, Orlandinei Vujanski wrote: > Thanks Tom > But my internal equipment only responds on port 2180, how do they > respond to this request? The rules file entry that I gave you generates the same DNAT transformation as your iptables nat table rule. The ACCEPT iptables rule gener

Re: [Shorewall-users] Help - Please

: Orlandinei Vujanski [mailto:orlandi...@gmail.com] Gesendet: Dienstag, 27. April 2010 22:59 An: Shorewall Users; teas...@shorewall.net Betreff: Re: [Shorewall-users] Help - Please Thanks Tom But my internal equipment only responds on port 2180, how do they respond to this request? 2010/4

Re: [Shorewall-users] Help - Please

Thanks Tom But my internal equipment only responds on port 2180, how do they respond to this request? 2010/4/27 Tom Eastep > On 04/27/2010 09:34 AM, Orlandinei Vujanski wrote: > > How do in Shorewall? > > > > > > iptables -t nat -A PREROUTING-d 200.200.10.10 -p tcp - dport 2181 -j > > DNAT

Re: [Shorewall-users] Help - Please

On 04/27/2010 09:34 AM, Orlandinei Vujanski wrote: > How do in Shorewall? > > > iptables -t nat -A PREROUTING-d 200.200.10.10 -p tcp - dport 2181 -j > DNAT - to 10.101.71: 2180 > iptables -A FORWARD -d 10.101.7.1 -p tcp -dport 2180 - syn -j ACCEPT /etc/shorewall/rules: DNAT netloc:10.101.7

[Shorewall-users] Help - Please

How do in Shorewall? iptables -t nat -A PREROUTING-d 200.200.10.10 -p tcp - dport 2181 -j DNAT - to 10.101.71: 2180 iptables -A FORWARD -d 10.101.7.1 -p tcp -dport 2180 - syn -j ACCEPT Thanks --

Re: [Shorewall-users] Help with aliased interface/rules

Tom Eastep wrote: > Stephen Brown wrote: >> I'm using 4.4.0, so that would make RFC1918_STRICT deprecated? >> >> I'm just a little confused now on the network settings for the port that >> is attached to the DSL modem, it's on eth0. >> >> I currently have this setup in /etc/network/interfaces (I'm

Re: [Shorewall-users] Help with aliased interface/rules

Stephen Brown wrote: > I'm using 4.4.0, so that would make RFC1918_STRICT deprecated? > > I'm just a little confused now on the network settings for the port that > is attached to the DSL modem, it's on eth0. > > I currently have this setup in /etc/network/interfaces (I'm running > Debian 5.0 "Le

Re: [Shorewall-users] Help with aliased interface/rules

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm using 4.4.0, so that would make RFC1918_STRICT deprecated? I'm just a little confused now on the network settings for the port that is attached to the DSL modem, it's on eth0. I currently have this setup in /etc/network/interfaces (I'm running De

Re: [Shorewall-users] Help with aliased interface/rules

Stephen Brown wrote: >> I didn't even add a static route. I've a similar setup (Netgear >> DM111P) and the only thing I've had to do is add a rule to allow the >> traffic to that IP address (otherwise it gets blocked by all the >> RFC1918 rules). The modem knows that to reach my public IP it has to

Re: [Shorewall-users] Help with aliased interface/rules

I wrote: >They could probably be narrowed down to : ># RFC1918 >ACCEPT net:192.168.x.1 $FW udp 67-68 >HTTP(ACCEPT)loc net:192.168.x.1 >Telnet(ACCEPT) loc net:192.168.x.1 >Ping(ACCEPT)loc net:192.16

Re: [Shorewall-users] Help with aliased interface/rules

Stephen Brown wrote: > > I didn't even add a static route. I've a similar setup (Netgear >> DM111P) and the only thing I've had to do is add a rule to allow the >> traffic to that IP address (otherwise it gets blocked by all the >> RFC1918 rules). The modem knows that to reach my public IP it

Re: [Shorewall-users] Help with aliased interface/rules

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I didn't even add a static route. I've a similar setup (Netgear > DM111P) and the only thing I've had to do is add a rule to allow the > traffic to that IP address (otherwise it gets blocked by all the > RFC1918 rules). The modem knows that to reach

Re: [Shorewall-users] Help with aliased interface/rules

Roberto C. Sanchez wrote: > > I can't, hence the reason I setup an aliased interface. My LAN is setup >> for 192.168.1.x and the modem is 192.168.2.1, I can't think of any other >> way to do it unless I create a static route maybe? >> >> Open to suggestions :) >> > >That's what I've done when

Re: [Shorewall-users] Help with aliased interface/rules

Stephen Brown wrote: > I can't, hence the reason I setup an aliased interface. My LAN is setup > for 192.168.1.x and the modem is 192.168.2.1, I can't think of any other > way to do it unless I create a static route maybe? > > Open to suggestions :) > That's what I've done when I had a DSL mod

Re: [Shorewall-users] Help with aliased interface/rules

I can't, hence the reason I setup an aliased interface. My LAN is setup for 192.168.1.x and the modem is 192.168.2.1, I can't think of any other way to do it unless I create a static route maybe? Open to suggestions :) Thanks, Stephen On 12/13/09 8:01 PM, Roberto C. Sanchez wrote: > Stephen B

Re: [Shorewall-users] Help with aliased interface/rules

Stephen Brown wrote: > I'm running Shorewall 4.4.0 on a two NIC system. eth0 is facing the > internet on a DSL circuit, and eth1 is facing my local LAN. > > I setup a virtual interface on eth0:0 as 192.168.2.2 to be able to > access the modem configuration, the modem's address is 192.168.2.1 I'm

[Shorewall-users] Help with aliased interface/rules

I'm running Shorewall 4.4.0 on a two NIC system. eth0 is facing the internet on a DSL circuit, and eth1 is facing my local LAN. I setup a virtual interface on eth0:0 as 192.168.2.2 to be able to access the modem configuration, the modem's address is 192.168.2.1 I'm able to get to it ok, but I a

Re: [Shorewall-users] Help: internet access and mac problem

27;s default gateway!!!" Thanks and best regards! 2009-07-19 muiz 发件人： Tom Eastep 发送时间： 2009-07-18 21:51:35 收件人： muiz 抄送： Shorewall Users 主题： Re: [Shorewall-users] Help: internet access and mac problem muiz wrote: > Dear Tom, >Thanks very much for your help! >I

Re: [Shorewall-users] Help: internet access and mac problem

muiz wrote: > Dear Tom, >Thanks very much for your help! >I try to ping those IP address, and get the following results: >a) ping 192.168.1.20 > >> OK >b) ping 192.168.1.250 > >> Host is not exists Sorry -- this is the host I wanted you to ping: 3: eth1: mtu 150

Re: [Shorewall-users] Help: internet access and mac problem

Dear Tom, Thanks very much for your help! I try to ping those IP address, and get the following results: a) ping 192.168.1.20 >> OK b) ping 192.168.1.250 >> Host is not exists c) ping 192.168.0.249 >> Host is not exists d) ping 206.124.146.177 >>

Re: [Shorewall-users] Help: internet access and mac problem

muiz wrote: > Another question: >I want to use MAC address to instead of IP address, it's easy to do this? With Shorewall 3.2, it is impossible. -Tom -- Tom Eastep\ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming lik

Re: [Shorewall-users] Help: internet access and mac problem

muiz wrote: > I tried this: > modified masq file as: > #INTERFACE SUBNET ADDRESS PROTO PORT(S) > IPSEC > eth1192.168.1.0/27 > eth1192.168.1.139 > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > and then updat

Re: [Shorewall-users] Help on router vpn and Shorewall

I mostly forgot (in terms of being sure how to do it without consulting the doc's) how to use VPN. Here is what I have of docs for PtP IPSec VPN with 2 VPN routers: http://manual.ovislinkcorp.com/8000VPN-example.pdf All I had to do is to is set Remote and Local LAN subnets on routers web config

Re: [Shorewall-users] Help on router vpn and Shorewall

Hi! Thanks for your really useful reply Ljubomir! The situation is that I can't try these settings out as I will have an exact weekend (out of office hours) to try out those and I have to finish that task in time. So I'm just studying the cases now. I've learnt that RV082 routers can't route

Re: [Shorewall-users] Help on router vpn and Shorewall

Körtvélyesi Péter wrote: > Hello! > > I have a network configured the following way: > > > > The VPN1 and VPN2 is able to communicate, LAN1 and LAN2 can reach the > internet. > > How should I configure shorewall to enable the communication between > LAN1 and LAN2? I'd need LAN2 to reach all

[Shorewall-users] Help on router vpn and Shorewall

Hello! I have a network configured the following way: The VPN1 and VPN2 is able to communicate, LAN1 and LAN2 can reach the internet. How should I configure shorewall to enable the communication between LAN1 and LAN2?  I'd need LAN2 to reach all hosts in LAN1 (and LAN1 to reach LAN2). Also

Re: [Shorewall-users] HELP! Trying to masq some machines

Excellent! It's working now as I was tryimg! Thanks a lot, and best regards. HeCSa. Shorewall Guy wrote: > HeCSa wrote: > >> Roberto: >> The problem was the line with the "REDIRECT". >> If I comment this line, and then add a line with "ACCEPT" for >> 192.9.201.100, all works as desi

Re: [Shorewall-users] HELP! Trying to masq some machines

HeCSa wrote: > Roberto: > The problem was the line with the "REDIRECT". > If I comment this line, and then add a line with "ACCEPT" for > 192.9.201.100, all works as desired. > Thanks for your lines. I discovered the "dump" command, never used > in the past by me. Roberto was trying

Re: [Shorewall-users] HELP! Trying to masq some machines

Roberto: The problem was the line with the "REDIRECT". If I comment this line, and then add a line with "ACCEPT" for 192.9.201.100, all works as desired. Thanks for your lines. I discovered the "dump" command, never used in the past by me. Best regards, HeCSa. Roberto C. S

Re: [Shorewall-users] HELP! Trying to masq some machines

On Thu, Jan 01, 2009 at 06:19:25PM -0200, HeCSa wrote: > Hello! > I'm trying to build some configuration with some troubles, maybe it's > simple. > I'm using, as firewall / proxy, a machine with Ubuntu Server 8.04 LTS. > Shorewall version is 4.0.6, squid is 2.6STABLE18, using squidguard and > d

[Shorewall-users] HELP! Trying to masq some machines

Hello! I'm trying to build some configuration with some troubles, maybe it's simple. My network has a machine acting as a firewall / proxy server between internal and external zones. Then, my machine has two interfaces, eth0 connected to Internet with a static IP address, and eth1, connected to

Re: [Shorewall-users] Help for TC in Shorewall

Simon Hobson wrote: > Phibee Network Operation Center wrote: > >> no answer ? he don't have a personn that use TC in shorewall on this >> mailing list ? > > Yes, but I personally haven't had the time to sit down and collate the > information you're asking for. I run a setup at work where we shap

Re: [Shorewall-users] Help for TC in Shorewall

Phibee Network Operation Center wrote: >no answer ? he don't have a personn that use TC in shorewall on this >mailing list ? Yes, but I personally haven't had the time to sit down and collate the information you're asking for. I run a setup at work where we shape inbound and outbound traffic wi

Re: [Shorewall-users] Help for TC in Shorewall

Hi no answer ? he don't have a personn that use TC in shorewall on this mailing list ? ;=) Phibee Network Operation Center a écrit : > Hi > > anyone can help me to create a TC Rules on my shorewall 3.2.X ? > Shorewall are on my linux gateway (eth0: Net and Eth1:Lan) > > I have a link: >

[Shorewall-users] Help for TC in Shorewall

Hi anyone can help me to create a TC Rules on my shorewall 3.2.X ? Shorewall are on my linux gateway (eth0: Net and Eth1:Lan) I have a link: eth0 2048kbits 2048kbits (Sdsl) I want create a tc for: eth1 and fw to eth0: All protocol are limited at 1792kbits (a ftp or web download can

Re: [Shorewall-users] Help - I need to allow my normal user for use Shorewall, how?

On Mon, Nov 24, 2008 at 05:47:19PM +0100, Jerome Blion wrote: > On Mon, 24 Nov 2008 00:52:39 +0100, Manuel Gomez <[EMAIL PROTECTED]> wrote: > > Hi, i would like to use shorewall commands with sudo, but i don't know > > how change /etc/sudoers/ for allow it. > > > > What could i change? > > > > Th

Re: [Shorewall-users] Help - I need to allow my normal user for use Shorewall, how?

On Mon, 24 Nov 2008 00:52:39 +0100, Manuel Gomez <[EMAIL PROTECTED]> wrote: > Hi, i would like to use shorewall commands with sudo, but i don't know > how change /etc/sudoers/ for allow it. > > What could i change? > > Thank you very much, I appreciate your help. An idea would be to use a fronte

Re: [Shorewall-users] Help - I need to allow my normal user for use Shorewall, how?

In shorewall users should be somebody that knows how to change sudoers. But i am going to post in sudo users. El dom, 23-11-2008 a las 20:33 -0500, Roberto C. Sánchez escribió: > On Mon, Nov 24, 2008 at 12:52:39AM +0100, Manuel Gomez wrote: > > Hi, i would like to use shorewall commands with sudo

Re: [Shorewall-users] Help - I need to allow my normal user for use Shorewall, how?

On Mon, Nov 24, 2008 at 12:52:39AM +0100, Manuel Gomez wrote: > Hi, i would like to use shorewall commands with sudo, but i don't know > how change /etc/sudoers/ for allow it. > > What could i change? > > Thank you very much, I appreciate your help. > That is a question for a sudo mailing list,

  1   2   >