Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [shorewall]

high-level tool for configuring the Linux Netfilter packet filter

The Shoreline Firewall, more commonly known as “Shorewall”, is high-level tool for configuring Netfilter. You describe your firewall/gateway requirements using entries in a set of configuration files. Shorewall reads those configuration files and with the help of the iptables, iptables-restore, ip and tc utilities, Shorewall configures Netfilter and the Linux networking subsystem to match your requirements. Shorewall can be used on a dedicated firewall system, a multi-function gateway/router/server or on a standalone GNU/Linux system. Shorewall does not use Netfilter's ipchains compatibility mode and can thus take advantage of Netfilter's connection state tracking capabilities.

Official website

95 questions
1
vote
0 answers

shorewall prevents routing from protected zone entities to other protected zone entities

I'm using shorewall as the firewall and gateway for a production site. The site also has a couple of VPNs running into it that are hosted on a different server on the same site (in the protected zone). My setup for the servers on the site (in the…
Guss
  • 2,520
  • 5
  • 32
  • 55
1
vote
1 answer

Clarify the intent of ping rules in a Shorewall configuration

I'm configuring shorewall on a server, and things are going well so far. However, there is one thing I am wondering about. The 'rules' file has, among others, the following lines: # # Drop Ping from the "bad" net zone.. and prevent your log from…
sbrattla
  • 1,456
  • 3
  • 26
  • 48
1
vote
2 answers

Forwarding a call from different subdomains to different internal machines

How do I route traffic from different sub domains to different internal IP addresses? I have set up a Debian router that has one public IP and a domain name pointed to that IP, I would like to have different sub domains reach different internal…
Joelbitar
  • 195
  • 1
  • 1
  • 6
1
vote
1 answer

What service uses UDP port 60059?

I received an email from logcheck that contained a number of attempted connections to UDP port 60059. This email is sent by logcheck. If you no longer wish to receive such mail, you can either deinstall the logcheck package or modify its…
Buggabill
  • 179
  • 2
  • 10
1
vote
0 answers

Multi-ISP firewall setup

We have been trying to move away from a SonicWall firewall for quite some time now. Through much Googling and many hours of trial and error, we have met varying degrees of success through different firewall distros such as m0n0wall, Smoothwall,…
miquella
  • 250
  • 1
  • 5
  • 10
1
vote
3 answers

shorewall on debian proxy server troubleshooting

The setup is: debian proxy-server -> linsys router -> internal ubuntu server Problem is: I can access the ubuntu web server (apache2) by entering 192.168.1.128 in a browser on my debian proxy. However, my shorewall forwarding rule does not make it…
Hersheezy
  • 356
  • 1
  • 16
1
vote
1 answer

Can't ping through PPTP when Shorewall is active

I have a pptpd server and Shorewall running on the same server. The server has two ethernet connections (eth0 -> WAN, eth1 -> LAN) and its IP on the LAN is 10.11.100.201 I can establish a VPN-tunnel from my home computer with no problems, but I…
Jonatan
  • 145
  • 1
  • 7
1
vote
0 answers

OpenVPN client fails to re-connect after internet connection re-established

I'm running miniPC with Debian and shorewall on it + and OpenVPN client. All is running smoothly unless my isp modem loses connection. After the connection to the internet is re-established, the OpenVPN is not able to connect, unless I HW restart or…
zwadar
  • 11
  • 1
0
votes
0 answers

virtmanager: install via debian netinstall, reboot find not boot device, recovery mode can access

I used the virtmanager to create a virtual machine. The install medium is the debian netinstaller (Version 10, buster). Installation works without problems. Rebooting fails: no boot device found Starting the recovery mode from the netinstaller…
Hamatoma
  • 1
  • 1
  • 3
0
votes
1 answer

Shorewall - Allow Remote Client to Ping the Internet

My network address is 192.168.5.0. My host machine is 192.168.5.1 and my client machine is 192.168.5.2. Currently, my client is unable to use the internet browser and even ping the internet. The client can ping the host machine in the local…
alyssaeliyah
  • 71
  • 1
  • 8
0
votes
1 answer

in shorewall, how can I block requests from external hosts when using nested zones?

I have one Debian server with one network interface, I've configured a bridge for KVM and shorewall with two zones in the same interface so I have the "net" zone and the "kvm" for kvm guests, here is the relevant files in…
Lluís
  • 425
  • 1
  • 4
  • 21
0
votes
0 answers

Shorewall blocking outbound traffic to one IP on a vpn tunnel

I'm trying to set up shorewall to block traffic to one particular IP address that is routed over an openvpn tunnel. Naively I have the following shorewall rules in place #Don't allow connection pickup from the net Invalid(DROP) net all …
Peter Nunn
  • 432
  • 1
  • 10
  • 24
0
votes
1 answer

Shorewall - Wildcard filter by source MAC address

I currently have a Debian PC with two network interfaces acting as a router/gateway. I have several cheap IP cameras that try to access external services, presumably for some kind of 'cloud' functionality. This functionality cannot be disabled. I'd…
toxicantidote
  • 103
  • 2
0
votes
1 answer

OpenVPN tunnel up but no traffic from LAN to VPN

The HeadOffice subnet is 192.168.2.0/24. OpenVPN server & shorewall on same box - acting as a gateway AWS subnet is 10.9.1.0/24. Openvpn Client configured for VPN access Tunnel is up and I can ping & SSH from AWS to Headoffice On the HeadOffice box,…
Lucky Chingi
  • 101
  • 7
0
votes
1 answer

How to correctly set up routing on machine with 4 interfaces so that three of interfaces are on the same subnet?

So I have a linux machine with 4 interfaces: enp1s0 enp2s0 enp3s0 enp4s0 What I would to do is have enp1s0 be the WAN interface and acquire its ip address, dns and gateway via DHCP. For the other three interfaces, I would like them to have: IP…
alexpotato
  • 103
  • 3
1 2 3
4
5 6 7