search for: shoreall

The server is back up (sort of) -- the CVS web interface is still malfunctioning. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net

...ed from the Shorewall home page. b) An ''errata'' sub-directory where corrections are available. Currently, the known_problems.txt file for 2.2.0 lists one problem and there are two files in the ''errata'' sub-directory. See: http://shorewall.net/pub/shorewall/2.2/shoreall-2.2.0 ftp://shorewall.net/pub/shorewall/2.2/shoreall-2.2.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

...More flexible. :-) c) Compatible with bw-acct. :-) c) Incompatible with the previous implementation :-( There''s a new Accounting Page available at: http://shorewall.net/AccountingNew.html On top of Snapshot 20030813: a) Move the ''firewall'' file from CVS to /usr/share/shoreall/firewall b) Move the ''accounting'' file from CVS to /etc/shorewall/accounting Sorry for the inconvenience but I really think this implementation is a lot better. Please let me know what you think. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://sh...

...file makes remote firewall administration easier by allowing any IP or subnet to be enabled while Shorewall is stopped. 2. An /etc/shorewall/stopped extension script has been added. This script is invoked after Shorewall has stopped. 3. A DETECT_DNAT_ADDRS option has been added to /etc/shoreall/shorewall.conf. When this option is selected, DNAT rules only apply when the destination address is the external interface''s primary IP address. 4. The QuickStart Guide has been broken into three guides and has been almost entirely rewritten. 5. The Samples have been updated to...

I am a newbie to linux and shorewall. I am reading the shoreall quickstart guides. I am a bit confused about the following statement: ----------- quote -------------- The firewall has two network interfaces. Where Internet connectivity is through a cable or DSL "Modem", the External Interface will be the ethernet adapter that is connected to that &quo...

Dear All, I think I have a useful idea for how shorewall startup could be speeded up in a more automatic manner. Apologies if this is daft, but I think it might work.... Motivation: not all users understand the intricacies of shoreall beyond using the distro setup tool. [And on this particular laptop, shorewall takes 15 seconds during boot.] I have already read this (about shorewall save/restore): http://www.shorewall.net/FAQ.htm#faq34 but the problem is that this is not automatic - it requires intervention from the user. Wh...

I am a new user of shorewall, and am having some difficulty getting it set up on a new Fedora Core 3 system. When I run the shorewall script in the /etc/init.d the following errror message is received. tarting shorewall: ./shorewall: line 26: 10555 Terminated $exec start >/dev/null 2>&1 [FAILED]

hi, it''d be very useful to add some kind of "log everything" option to shorewall. currently the logging is useful if you know what you would like to log. but if you don''t know than it''s a problem... another problem that currently it''s not possible to log the nat table. at least i can''t find any way (can''t add logging into masq and

...05:54.990278 IP 192.168.2.97 > 192.168.2.110: icmp 108: host 192.168.2.97 unreachable 01:05:56.992229 IP 192.168.2.97 > 192.168.2.110: icmp 108: host 192.168.2.97 unreachable This tells me that the ping is getting through the tunnel to the Linux box but can''t get back. If I shutdwon shoreall, I get nothing on the tcpdump when I ping from the Cisco. I have my shorewall setup using the instructions on the site for V2.x and Ipsec using Linux 2.6 and as I say, that is working. The only thing I have added is a change to my masq file: #INTERFACE SUBNET ADDRESS...

I have allowed ALL of the local users to ping the internet but they currently get the following error and cannot access the internet ! I know it is something I have done wrong (I think it is a routing problem but just cannot find out what) The error is:- Reply from 212.219.13.74: destination host unreachable. My eth1 is 10.0.0.1 and the users can ping that OK My eth0 is 212.219.13.74 (connected

I have an internet router powered by gentoo+shorewall2.0.7+adsl(pppoe) but my clients(and gateway) cant access some websites----these sites must be okay,other sites are okay. The I believe it is caused by MTU or MSS, but I have no idea yet. Btw, the unaccessable sites are dynamic, it says: today I cant access www.oracle.com nextday I redail--to get another ip,I can access www.oracle.com. Help!

I am not sure how to accomplish the following example: Local 10.1.10.0/24 <port 14143> to a specific server on the Internet <port 24243> I have seen this called a tcp proxy bridge? I have it running on a NT based proxy but wish to move away from NT. I am running a two-interface firewall with a squid manual proxy for http. All works well except for this requirement. Setup is as

The generic tunnel support that I posted about yesterday has been updated: a) A bug that caused [re]start errors has been corrected. b) A list of zones may now be included in the third column of /etc/shorewall/tunnels; the semantics are the same as for ipsec tunnels. In addition, the ADDRESS column in /etc/shorewall/masq may now contain a comma-separated list of IP ranges/addresses. This enables

Hello, I''ve "emerged" Shorewall 2.0.7 onto my Gentoo pc. Going through the 2 interface quickstart guide I download the 2.0.1 interface sample and untar it. "tar -zxvf two-interfaces.tgz" Maybe a dumb question but I can''t find anything on Google or the Shorewall mail archives that say anything about this. So I''m assuming its me. :P But the

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

Beta 2 is now available for testing. Problems Corrected since Beta 1: 1) References to the obsolete USE_ACTIONS option have been removed from the manpages. 2) NFLOG has been documented for some time as a valid ACTION in the rules files but support for that action was never implemented until this release. 3) The Checksum Target capability detection in the rules compiler was

...t were masqueraded, but couldn''t understand how it would fit my architecture seeing as I had a single laptop, not a second network at the other end. I was getting confused. So I need to understand how to set up the necessary configuration for the setup I''m trying to get to. With shoreall running now, after I bridge, I can''t ping the local network even from the firewall. With shorewall off, I can ping the local network. Any help would be greatly appreciated. Or even a pointer to someone else''s message thread that solves the same problem. Thanks. -- Shamim Isl...

Hello, I want to test Shorewall''s IPsec feature. It requires patched netfilter (and kernel but that''s another story). I didn''t want to replace my distribution''s iptables package with my own compilation so I installed it to another prefix. Now Shoreall uses the iptables command found first in $PATH. I don''t think this is the most elegant way. I think the command should be configurable in shorewall.conf. So I patched my shorewall installation with this rather large but very straightforward patch which allows setting used iptables exec...

Mike Lander wrote: > I am building a shorewall box that the last post has the SSH error and > wanted > some feedback from the list if possible. At first I thought the two ISP''s > I > building this > for had two T-1''s with FQ ip''s as it. I have the box built for this ready > to > go. > Now I find out that one of the T-1''s is