Shorewall rule communication between zones
location: ubuntuforums.com - date: July 31, 2013
I've currently set up my shorewall firewall on my router.
eth0 -> connected to the inet
eth1-> 192.168.1.0/24 (vlan1 | zone sw)
vlan50 -> 192.168.50.0/24 (@eth1 | vlan50 | zone v50)
inet eth0 detect dhcp
sw eth1 detect dhcp
v50 vlan50 detect dhcp
###vlan1 - switch config lan
###eth0 - internet
###vlan50 - private
inet all DROP debug
sw all DROP debug
v50 all DROP debug
v60 all DROP debug
all all REJECT debug
example of OpenVPN behind firewall shorewall
location: linuxquestions.com - date: October 16, 2006
example of OpenVPN behind firewall shorewall
centos Linux 4.4
Pentium 4 HT
Shorewall nested zones
location: linuxquestions.com - date: June 30, 2004
Ok, I've managed to screw up on the shorewall config. I'm on another system so I can type this, so let's see if I can accurately get across what my configuration looks like right now.
I'm setting up a pretty basic network. I have a cable modem connected to a wireless router talking to a wireless bridge. The bridge is connected to a switch on which reside all my computers at the moment. The three permanant ones are WinXP, Win98SE, and MDK 9.2.
I'd like to set up the mandrake box as a web server, but also have it trust my local machines (so ... set them up as a specific zone and allow broader access to that zone). I'm not using the linux box as a firewall for the network, but more as a client/server /on/ the network, so I've only got one ethernet card installed.
I set up the interfaces file something like this:
HOWTO: Custom commands in nautilus (TB Attachment example)
location: ubuntuforums.com - date: November 17, 2005
The sendto extension in breezy only works with evolution
The solution Nautilus Actions
sudo apt-get install nautilus-actions
or click nautilus-actions
you may need to restart nautilus
You will find the application under
System->Preferences->Nautilus Application Actions Configuration
Fill in label - Send Attachment Email via Thunderbird
Fill in Path - mozilla-thunderbird
Fill in Parameters - -compose "attachment=%u"
Select the "Conditions" tab
Fill in Filenames Pattern - *
Check the "Only Files" options
Pre configured Nautilus Actions you can import are available from
includes many options such as
* Merge many PDF files into a single one
* Test a 7z archive for integrity
* Create a 7z archive
* Font installer
* OptiPNG (Optimize PNG images)
Ubuntu 12.04 Shorewall + OpenVpn limited communication
location: linuxquestions.com - date: June 17, 2013
I have some issues with one of my servers (let's call it ServerA). It runs Ubuntu 12.04 with:
- Shorewall (22.214.171.124)
- OpenVPN (2.2.1 x86_64-linux-gnu)
- Squid (3.1.19)
ServerA connects to the internet router by eth0. It connects via eth1 to the internal network. Openvpn is offered via tap0. The interface br0 bridges the interfaces eth1 and tap0.
I can connect from outside (with ClientA) via OpenVPN to the server. I get an IP address from OpenVPN, can ping ServerA (and vice versa) and connect through the proxy to the internet.
BUT: I can not reach any client or server connected to ServerA via eth1.
I spent a lot of time to investigate the issue. I found that my ping from ClientA to ClientB reaches ClientB, but the response packet seems to be dropped by ServerA.
A ping from ClientB to ClientA is also dropped by ServerA.
How can I figure out why ServerA drops the packages from internal LAN (ClientB) to ClientA?
Here are some of my config files. Please let
shorewall firewall rules config
location: linuxquestions.com - date: June 6, 2010
does anyone experienced with this sort of thing see anything wrong with this?
the entries commented out, i have plans for in the future, but not now.
Shorewall not allowing other ports te open as 22
location: ubuntuforums.com - date: August 9, 2012
I have Ubuntu 11.04 desktop as server at home for filesharing and incoming internet. I've installed:
- ISC DHCPd version 4.1.1 (working)
- BIND version 9.7.3
- Shorewall version 4.4.17
My server has 2 connections, ppp0 ( 3g modem, dynamic IP ) and eth0 ( local network ). My server is running on 10.42.43.1 internal.
I've used this guide to install shorewall:
http://ubuntuforums.org/showthread.php?t=926001 and the help from the shorewall setup guide.
Shorewall works and i can acces what i want on my local network and have internet to my computers. I have a portforward stated in the rules section and this works to. I want to open ports 5555 ( webmin ) and 8000 ( VLC mms streaming server ) to the internet. This is the configuration i have:
# Shorewall version 4.0 - Sample Interfaces File for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
# This library is free software; you can redistribute it and/or
# modify it under the t
Solaris 10 with zones, outbound Internet traffic blocked. HElP!
location: linuxquestions.com - date: April 3, 2011
I have a T 2000 box with solaris 10 installed. Three zones were also defined in shared-IP mode.
The box is connected to CISCO 3750G, and the router is a CISCO ASA5510.
This box is inherited from a contract vender change, I have no records on previous admin activities.
The problem: I could not get to the Internet. LAN works fine, I am able to ssh to the box from my PC. The default router has been set from global console.
I can access the Internet from my PC.
So what might block the outbound traffic? Thanks
how to setup shorewall 4 to only allow ports 80 and 22
location: ubuntuforums.com - date: February 21, 2011
I am in the process of setting up my first web server and I was told to use shorewall for the firewall. I got it installed and copied the rules file over but now I cannot figure out how to deny all access except from ports 80 and 22. Do i add it under SECTION ESTABLISHED, SECTION RELATED or SECTION NEW.
I was told to add
HTTP/ACCEPT net $FW
SSH/ACCEPT net $FW
above #LAST LINE however i have a newer version. I feel like im taking crazy pills... any help would be appreciated.
Problem Compiling Linux Device Drivers 3 Example
location: ubuntuforums.com - date: January 23, 2010
I was working through the Linux Device Drivers 3rd Edition, and was compiling the "SCULL" example from Chapter 3.
I ran across the following error in many places in the access.c source file:error: dereferencing pointer to incomplete typeThis occurred in several places, but it seems like all of them occurred where the 'current' macro is being used.
(scull_u_owner != current->uid) && /*allow user */
(scull_u_owner != current->euid) && /*allow whoever did su */
I am using gcc 4.4.1 in Karmic.
It is clear to me that the current macro is recognized, but it is not completely defined in this source module.
Is there a work around? Anyone?
Page: 1 2 3 4 5 6 7 8 9 10