Ubuntu 12.04 Shorewall + OpenVpn limited communication
location: linuxquestions.com - date: June 17, 2013
I have some issues with one of my servers (let's call it ServerA). It runs Ubuntu 12.04 with:
- Shorewall (22.214.171.124)
- OpenVPN (2.2.1 x86_64-linux-gnu)
- Squid (3.1.19)
ServerA connects to the internet router by eth0. It connects via eth1 to the internal network. Openvpn is offered via tap0. The interface br0 bridges the interfaces eth1 and tap0.
I can connect from outside (with ClientA) via OpenVPN to the server. I get an IP address from OpenVPN, can ping ServerA (and vice versa) and connect through the proxy to the internet.
BUT: I can not reach any client or server connected to ServerA via eth1.
I spent a lot of time to investigate the issue. I found that my ping from ClientA to ClientB reaches ClientB, but the response packet seems to be dropped by ServerA.
A ping from ClientB to ClientA is also dropped by ServerA.
How can I figure out why ServerA drops the packages from internal LAN (ClientB) to ClientA?
Here are some of my config files. Please let
shorewall firewall rules config
location: linuxquestions.com - date: June 6, 2010
does anyone experienced with this sort of thing see anything wrong with this?
the entries commented out, i have plans for in the future, but not now.
Shorewall not allowing other ports te open as 22
location: ubuntuforums.com - date: August 9, 2012
I have Ubuntu 11.04 desktop as server at home for filesharing and incoming internet. I've installed:
- ISC DHCPd version 4.1.1 (working)
- BIND version 9.7.3
- Shorewall version 4.4.17
My server has 2 connections, ppp0 ( 3g modem, dynamic IP ) and eth0 ( local network ). My server is running on 10.42.43.1 internal.
I've used this guide to install shorewall:
http://ubuntuforums.org/showthread.php?t=926001 and the help from the shorewall setup guide.
Shorewall works and i can acces what i want on my local network and have internet to my computers. I have a portforward stated in the rules section and this works to. I want to open ports 5555 ( webmin ) and 8000 ( VLC mms streaming server ) to the internet. This is the configuration i have:
# Shorewall version 4.0 - Sample Interfaces File for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
# This library is free software; you can redistribute it and/or
# modify it under the t
how to setup shorewall 4 to only allow ports 80 and 22
location: ubuntuforums.com - date: February 21, 2011
I am in the process of setting up my first web server and I was told to use shorewall for the firewall. I got it installed and copied the rules file over but now I cannot figure out how to deny all access except from ports 80 and 22. Do i add it under SECTION ESTABLISHED, SECTION RELATED or SECTION NEW.
I was told to add
HTTP/ACCEPT net $FW
SSH/ACCEPT net $FW
above #LAST LINE however i have a newer version. I feel like im taking crazy pills... any help would be appreciated.
Auto Unrar files and move whitelist to another directory
location: linuxquestions.com - date: May 10, 2011
I'm really new to scripting in Linux. And have only just managed to puzzle this out, well sort of...
I'm looking for a script that can be run regularly with Cron.
Check a folder for Rar files every few minutes, Unrar if present, and delete the left over files once done.
Be able to specify the directory of which folder to watch within the script.
Run an extension white list (.avi, .mkv, .mp4) and blacklist (rar files) of files to be moved.
Specify within the script which folder to move found files to.
I've seen a few online that does some of this or much more than this but I'm looking for something that just does this in a simple and efficient way... (Also for the life of me, I just can't get how to edit this to do what I'm looking for)
Could someone help out here please?
Getting Mandrake 9 with Shorewall to Talk to LAN
location: linuxquestions.com - date: December 27, 2002
I am running Mandrake 9 as a server/cable router for my home network. Using Mandrake Control Center I was able to set up the cable connection and IP Masquerading/Forwarding. I also set up the firewall with the Control Center. I asked it to only allow remote access to SSH and HTTP.
The problem is that Control Center does not differentiate between network interfaces or whether or not you're talking about denying access to all ports except coming from the internet or the LAN. Therefore not only can no internet computers connect to anything but SSH on my server, but my LAN workstations can't connect to anything useful either.
I figured out that Mandrake uses Shorewall as its firewall package. I also think that the answer probably lies somewhere in the configuration files in /etc/shorewall.
So does anybody know how how to add a rule to Shorewall on Mandrake 9 that allows all internal traffic to connect to all ports on the server???
Thank you very much in advance for y
Startup scripts not continuing after Shorewall script
location: linuxquestions.com - date: October 10, 2005
I'm trying to configure Sentry Firewall which is based on Slackware and will be using Shorewall to configure iptables. My firewall script is rc.shorewall, which is being called from rc.inet2. My problem comes in when I actually enable rc.shorewall. Anything that runs after Shorewall is being silently skipped. This includes such important daemons as syslogd and sshd.
I've tried adding some "echo" and "sleep" commands to rc.inet2 and rc.shorewall to confirm my suspicion that execution isn't returning after Shorewall completes. I've also tried running rc.inet2 from the command line with the same results.
What could be causing this to happen? I would have thought that if there was a problem in one step, that wouldn't prefent execution from continuing. Additionally, is there any way to run a startup script with more verbose output to maybe catch the problem?
Thank you in advance to everyone.
secret whitelist for qmail
location: linuxquestions.com - date: January 1, 2005
I have set up the qmail MTA. I want it to only accept emails where the sender has one of a very few email addresses. Obviously I don't want spammers to know these addresses. Is there a simple way to do this with qmail? I have a Debian distribution.
I have already implemented 'only from specific IP addresses' using /etc/tcp.smtp. Unfortunately the range of IP addresses that I can use is not granular enough, hence the need to check the sender as well.
thanks - Chris Murphy
How to remove shorewall
location: ubuntuforums.com - date: May 20, 2008
I'm pretty much a newbie. I installed Shorewall on Server 8.04 and now want to fully remove it. Can anyone tell me how?
Shorewall and iptables service
location: linuxquestions.com - date: October 31, 2006
When i install Shorewall, do i still have to run iptables service or do i have to disable it from starting on boot?
And if i must disable it, can i delete iptables config file?
Page: 1 2 3 4 5 6 7 8 9 10