Hi,
I have a webserver running in my dmz.
IP: 192.168.2.5.
net = enp1s0, IP = 1.2.3.4 (public ip)
loc = enp2s0, IP = 192.168.1.1
dmz = enp3s0, IP = 192.168.2.1
Let's assume my domain is mydomain.com and public IP is 1.2.3.4.
Hosts on the internet can reach mydomain.com.
Hosts on loc can reach w
On Fri, 30 Aug 2019 at 19:50, Justin Pryzby wrote:
> Or you can add to MASQ and it will use the private IP of the FW.
I'm not sure what you mean here.
I need to get it to use the private IP of the webserver 192.168.2.5 or
make the public IP also work on the webserver to access itself.
I honestl
Hi all:
I see a lot of these messages:
#
May 19 06:25:54 munin kernel: [3093836.996827] Shorewall:net2fw:DROP:IN=eth0 OUT
= MAC=48:5b:39:ac:1b:5e:00:12:da:a4:14:bf:08:00 SRC=77.247.156.58 DST=x.x.x.x
LEN=76 TOS=0x00 PREC=0x00 TTL=53 ID=32900 PROTO=UDP SPT=51327 DPT=38 LEN
Hm, thanks.
# shorewall drop 77.247.156.58
I got tired looking at 77.247.156.58 cluttering my log.
-Original Message-
From: Wayne S [mailto:li...@zuik.net]
Sent: 21. mai 2013 19:36
To: Shorewall Users
Subject: Re: [Shorewall-users] UDP 38 - my log is flooded
At 5/21/2013 12:12 PM, you
Hi all:
I'm running a public ntp server (member of the ntp.org pool) behind my
Shorewall box.
The ntp server is up and running and I see on my status page on ntp.org that
all is well with my ntp server.
However a few hosts are filling my firewall logs with packets that looks to be
ntp packets
>But why are they dropped? Because of SPT != 123?
I don't know.
But that is exactly what I'm trying to find out.
The only rule I have regarding ntp is:
NTP(DNAT) net loc:192.168.1.2
192.168.1.2 is my internal box running ntpd.
All works well but Shorewall is dropping the packets I p
From: Tom Eastep [mailto:teas...@shorewall.net]
Sent: 2. juli 2013 15:04
>I suspect that these hosts were sending packets prior to the firewall starting
>(before the DNAT rule was in place). We often see a similar problem with SIP.
>A un-NATTed connection tracking table >entry gets created for
Hi
I read about the new rpfilter interface option in the shorewall-interfaces man
page and on shorewall.net anti-spoofing page.
I'm running Linux 3.9.8 and Shorewall 4.5.16.1.
Created a test dir /etc/shorewall/test where I modified the interface file to
use "rpfilter" instead of "routefilter"
Hi:
I configured shorewall-init on my debian fw to avoid messages like this:
Jan 6 17:08:54 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e:
00:12:da:a4:14:bf:08:00 SRC=213.162.248.20 DST=81.166.42.2 LEN=76 TOS=00 PREC=0x
00 TTL=56 ID=0 DF PROTO=UDP
twork initialization
On 1/6/2014 8:27 AM, Øyvind Lode wrote:
> Hi:
>
> I configured shorewall-init on my debian fw to avoid messages like this:
>
>
>
> Jan 6 17:08:54 munin Shorewall:net2fw:DROP: IN=eth0 OUT=
> MAC=48:5b:39:ac:1b:5e:
> 00:12:da:a4:14
FW prior to network initialization
On 1/6/2014 12:36 PM, Øyvind Lode wrote:
> No, I do not even have a stoppedrules file:
>
> munin:~$ cat /etc/shorewall/stoppedrules
> cat: /etc/shorewall/stoppedrules: No such file or directory
> munin:~$
>
> I have udp 123 forwarded (DNA
From: Tom Eastep [mailto:teas...@shorewall.net]
On 1/6/2014 1:24 PM, Øyvind Lode wrote:
> Yes:
>
> Jan 6 17:03:24 munin logger: Shorewall Stopped
>
> Jan 6 17:04:12 munin kernel: [1.029009] r8169 :02:00.0 eth0:
> RTL8168d/8
> 111d at 0xc9378000, 4
Hi:
I have a few questions about limiting ssh connections.
I have the following ssh rules in /etc/shorewall/rules:
# Forward ssh to local machine
SSH(DNAT) net loc:192.168.1.2
# Allow ssh to FW from internet
DNATnet fw:192.168.1.1:22 tcp
Both sshd instances is
From: Simon Hobson [mailto:li...@thehobsons.co.uk]
Sent: 9. januar 2014 16:02
To: Shorewall Users
Subject: Re: [Shorewall-users] Limit ssh connections to reduce brute force
attacks
Øyvind Lode wrote:
> In the shorewall-rules man page I found (example 3 - modified to my setup):
>
&g
Hi all:
Sorry for my ignorance but I don't understand these log entries:
Feb 25 04:18:24 munin Shorewall:net2fw:DROP: IN=eth0 OUT= MAC=48:5b:39:ac:1b:5e:
00:12:da:a4:14:bf:08:00 SRC=95.211.197.1 DST=81.166.42.2 LEN=60 TOS=00 PREC=0x00
TTL=120 ID=1036 PROTO=255 MARK=0
Feb 25 04:18:25 munin Shorew
Hi all:
I want to monitor how much traffic a rule generates.
I have a ntp server running behind shorewall and I want to know how much
traffic it generates.
UDP 123 forwarded to 192.168.1.2 which is the ntp server.
Is it as simple as looking at the pkts and bytes columns like this:
munin:~# sh
fw-net means that the traffic is from the firewall itself to the net zone.
-Original Message-
From: merc1...@f-m.fm [mailto:merc1...@f-m.fm]
Sent: 6. august 2014 18:58
To: Shorewall Users
Subject: Re: [Shorewall-users] Suspected Trojan
On Mon, Aug 4, 2014, at 14:32, Tom Eastep wrote:
> O
I recently installed debian stretch on my router/firewall (fresh
install including reformat).
In jessie I simply had to set startup=1 in /etc/default/shorewall to
have shorewall start my firewall at boot.
In stretch setting startup=1 was not enough.
I also had to manually enable shorewall init scri
Hi Roberto,
On 21 November 2017 at 12:40, Roberto C. Sánchez wrote:
>> I even had to replace allow-hotplug with auto on all nics in
>> /etc/network/interfaces to have shorewall startup at boot.
>
> This is strange. I have not encountered this. Can you describe more
> details of your configurati
Hi:
On 21 November 2017 at 17:23, Tom Eastep wrote:
> On 11/21/2017 07:59 AM, Tom Eastep wrote:
>
>>> Rebooted again and now shorewall started automatically when the
>>> firewall boots up.
>>> I found this a bit strange but now it works as expected.
>>>
>>
>> Do you recall what the output of 'sys
Hm, ok I just did the same and I'm unable to reproduce my own findings.
Enabling shorewall with systemctl enable shorewall is sufficient both
on stable 9.2 and sid.
allow-hotplug is used in /etc/network/interfaces and shorewall starts
just fine when booting up.
Thanks and sorry for wasting your ti
Hi all:
I see a lot of the errors below in /var/log/messages on my firewall:
Aug 1 00:47:44 munin kernel: [109008.257109] martian source 192.168.1.5 from
127.0.0.1, on dev eth1
Aug 1 00:48:44 munin kernel: [109068.257384] martian source 192.168.1.5 from
127.0.0.1, on dev eth1
Aug 1 00:49:44
kernel martians
on eth1?
-Original Message-
From: Benny Pedersen [mailto:m...@junc.org]
Sent: 1. august 2012 05:36
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] A lot of kernel martian source messages in
/var/log/messages
Den 2012-08-01 01:28, Øyvind Lode
From: Tom Eastep [mailto:teas...@shorewall.net]
Sent: 2. august 2012 04:32
On 8/1/12 3:24 PM, Bill Shirley wrote:
> If I understand this correctly, some device on your LAN is sending
> packets with a source address of 127.0.0.1. I would want to see those
> packets with tcpdump:
>
> tcpdump -n
From: Tom Eastep [mailto:teas...@shorewall.net]
Sent: 2. august 2012 15:28
On 8/2/12 1:19 AM, Øyvind Lode - Forums wrote:
>
> From: Tom Eastep [mailto:teas...@shorewall.net]
> Sent: 2. august 2012 04:32
> On 8/1/12 3:24 PM, Bill Shirley wrote:
>> If I understand this correct
From: Benny Pedersen [mailto:m...@junc.org]
Sent: 3. august 2012 06:05
> will an firmware update not do ?
I'm actually running latest firmware.
I talked to a friend who's got the same AP and he confirmed that he's having
the same issue with this particular AP.
[Me]
> I'm in the market for a ne
From: Mark van Dijk [mailto:lists+shorew...@internecto.net]
Sent: 28. august 2012 20:18
On Tue, 28 Aug 2012 08:27:31 -0700
Tom Eastep wrote:
> On 08/28/2012 08:18 AM, "José D. Grieco" wrote:
> > I have a debian server with shorewall 4.5.5.3, my rules file has:
> >
> > SSH(ACCEPT)allall
27 matches
Mail list logo
