search for: shorwall

This fixes the problem in 1.4.7a where <zone>_frwd chains are missing required rules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

http://shorweall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta5 ftp://shorweall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta5 Problems corrected: 1. A typo in shorewall.conf (NETNOTSYN) has been corrected. New Features: 1. For consistency, the CLIENT PORT(S) column in the tcrules file has been renamed SOURCE PORT(S). 2. The contents of

The 2.0.2 .lrp released yesterday contained the wrong version of /usr/share/shorewall/functions. I have updated the .lrp with the correct version of the functions file. [root@lists shorewall-2.0.2]# ls -l shorwall-2.0.2.lrp -rw-r--r-- 1 root ftp 78325 May 14 06:28 shorwall-2.0.2.lrp [root@lists shorewall-2.0.2]# grep shorwall 2.0.2.md5sums 3ae771fcbfe217006e88e69a597c6455 shorwall-2.0.2.lrp [root@lists shorewall-2.0.2]# You may also update your existing .lrp using the ''functions'...

After gaining some experience with the new release model, it has become apparent to me that a small adjustment is warrented. I previously announced that updates to the stable release would only contain bug fixes. I''m modifying that slightly to allow for small low-risk enhancements; large and/or risky enhancements will still be restricted to the development release. We have seen this

Hi!, I have Fedora 2 installed (Kernel 2.6), 3 interfaces (eth0,eth1,eth2), in the eth1 i have my local network and eth0 the Internet conection, when i do masquerading (eth1 out by eth0) only works for a few minutes. I dont know what i?m doing wrong, or only is an incompability or error between the OS Fedora 2 and the shorewall 2.0.7...i restart the shorewall service ones works anothers doesnt.

I have just uploaded a new version of the 2.0.2b .lrp: http://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp ftp://shorewall.net/pub/shorewall/shorewall-2.0.2b/shorwall-2.0.2b.lrp This version already includes the normal LEAF changes that are present in the shorewall.lrp distributed with Bering and Bering-uClibc. Thanks to K.-P. Kirchdörfer, future versions of the .lrp will already include...

...sac done case $# in 1) ;; 2) OLDVERSION=$2 ;; *) usage ;; esac VERSION=$1 LOGFILE=$LOGDIR/shorewall_build_${VERSION}.log touch $LOGFILE progress_message "Build of Shorewall $VERSION on $(date)" case $VERSION in 2.0.*) CVSPROJ=STABLE XMLPROJ=Shorewall-docs LRP=shorwall-${VERSION}.lrp LRPPROJ=Lrp ;; 2.2.*) CVSPROJ=STABLE2 XMLPROJ=Shorewall-docs2 LRP=shorewall-lrp-${VERSION}.tgz LRPPROJ=Lrp2 ;; 2.3.*) CVSPROJ=Shorewall2 XMLPROJ=Shorewall-docs2 BUILDLRP= ;; 2.4.*) CVSPROJ=Shorewall2 XMLPROJ=Shorewall-docs2 BUILDLRP= ;; *)...

Whilst configuring another shorewall firewall router for another site, I must have made some totally newbie error.... While directly on the cable modem, it works great. But when placed on the LAN side of my existing Shorewall box, the NEW shorwall box could not ping, or look up dns or anything else. If I shutdown shorewall (clear) in the NEW box then it could surf the net and ping etc. When connected to the cable modem directly and shorewall running it works great. It properly obtains a dhcp lease from either my main shorewall box OR my...

Question to the list, Has anyone here had experience using Shorewall (multi-isp configuration) with Snort inline? First, is this possible? Second, if anyone has done this, what documentation, if any did they use to set it up? Third, does snort have to run inline on a firewall (I''m under the impression it does)?

Hi there... I want to use MAC validation for strict computer access rules to our server and LAN. I do not want any computer have ANY kind of access (neither LAN or Internet access, not even get an IP from the dhcp server, or being able to connect to anything manually configuring the IP settings) unless its MAC is on the list. Our server has two interfaces (eth0 & eth1) and 2 zones (net and

I''m currently building a firewall for a network with 2 ISP links. Unfortunately, one of the ISP''s doesn''t support BGP yet, otherwise I would be doing load balancing at the router, instead of the firewall. I''ve been trying to find information on how to get WonderShaper working, but everything I''ve found talks about setting it up for a firewall with one

John, I''m taking the liberty of copying the Shorwall Development list since I believe that these issues will be of interest. On Tue, 6 Aug 2002, Links at Momsview wrote: > Tom, > I''m not sure if you ever saw this document but it describes some of the > reasons you are seeing strange packets > after setting up NEW not SYN >...

...Internap, both of which are actually routed over a single inbound ethernet line from UUNet at our colocation facility: 204.176.148.0/23 and 216.52.83.0/24. This gives us a total of 3 class-C subnets. All packets for these three subnets would land on the ''eth0'' interface of our shorwall host. ----------------- | UUNet Switch | ----------------- | 204.176.76.222/30 | | eth0:204.176.76.221/30 ------------------ | shorewall host | ------------------ | eth1:192.168.0.1/16 | |...

...Hash: SHA1 The packages that I uploaded earlier were unfortunately incorrect. I have uploaded the correct packages. The incorrect md5sums are: 14e8f2bfa08cc5ca2715c8b1179d5eb2 shorewall-2.0.10-1.noarch.rpm 54bcbb2216ad3db9870507cd9716fd99 shorewall-2.0.10.tgz c2fe0acc7f056acb56d089cf8dafa39a shorwall-2.0.10.lrp The correct md5sums are: d5af452d38538b4b994c3c4abab8e012 shorewall-2.0.10-1.noarch.rpm 985ce9215ea9cc0299f0b5450fdbe05e shorewall-2.0.10.tgz 0ec7a65e4ed4ad1db0d2a4cb0c7bd5bf shorwall-2.0.10.lrp If you have downloaded an incorrect file but have not yet installed it, please re-downl...

Content is the same as RC2. http://shorewall.net/pub/shorewall/shorewall-2.0.3 ftp://shorewall.net/pub/shorewall/shorewall-2.0.3 The release will be coming to a mirror near you shortly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

...st. I''m new here, and am staring off with a pretty common question, i think. I want to have my router DNAT incomeing connections for other IP''s than it''s WAN IP. In my other setup, just adding that IP as Destination Address was enough. But that was a bit older Version of Shorwall. In my new Setup, Shorewall 2.0.7 Debian Sarge, i have this line: DNAT net dmz:192.168.100.1 tcp 995 - EXT.IP but no Packets get routet to that Machine.. i can''t even find any corresponding entry in shorewall list, and there are no logs about rejected packets. I...

I have upgraded to trustix 2.1 (kernel 2.4.25-2trfirewall), there is a problem with shorewall (both 1.4.10d and 2.0) and iptables 1.2.9-2tr when I start shorewall I have the following errror: iptables v.1.2.9: Unknown arg ''--icmp-type'' Try ''iptables -h'' or ''iptables --help'' for more information with trustix 2.0 (kernel 2.4.25-2trfirewall)

Hello, This might seem like a strange question but... Is there someway to only allow the Traffic Shaping module of Shorewall to run ? I am already running a bunch of my own firewall and routing scripts and am really interested in the ease of Shorwalls Traffic Shaping module. Does anyone know a way to make it fire up separately without any of the firewall stuff ? (yes I know that sounds bizarre) Thanks very much !!! Any ideas or advice much appreciated. Kind Regards Sylvan ------------------------------------------------------- Thi...

Hello, Since the ipmasq package has been dropped from debian I decided to migrate to shorewall. My setup is pretty simple: [DSL Modem] -eth0- [shorwall/gateway] -eth1- [local network] ipmasq required that I set the MTU on eth0 to 1492. Migrating to shorewall went well, but a small number of web sites would load slow or not at all. Setting the MTU on eth0 to 1492 and setting CLAMPMSS=Yes made things better but I still have problems. Also tri...

...loaded from /etc/shorewall but /etc/shorewall/<sub_dir_of_my_choice>/ so that the main /etc/shorewall/ folder does not get flooded with actions.. I am not a member of the mailing list, so if someone could respond, I would appreciate it. I think it''s the firewall file in /usr/share/shorwall dir i have to edit, under the process_actions1 function, but it''s a little cryptic to me and I can''t find the line to change. Thanks in advance to whoever responds, Dan.