search for: vpn2fw

...unning 2.0.8 on a linux 2.6 kernel with ipsec (i.e. no ipsec<n> interfaces). Since ipsec traffic comes in on the same interface as "net" traffic, I have been looking at the rules for "eth0_in" on my ipsec gateway/firewall. I see that "norfc1918" is before "vpn2fw". Since it is common to route rfc1918 addresses over vpn tunnels, would it not make more sense to reverse the order of those two rules? That would eliminate the need to alter the rfc1918 rules file. Thots? b.

...PT ULOG dmz vpn ACCEPT ULOG vpn dmz ACCEPT ULOG fw vpn ACCEPT ULOG vpn fw ACCEPT ULOG Ping from PC at office 1 to office 2 firewall (successful): Shorewall:vpn2fw:ACCEPT: IN=ipsec0 OUT= MAC=00:02:44:7e:04:0e:00:01:64:db:74:70:08:00 SRC=192.168.1.12 DST=192.168.254.252 LEN=84 TOS=00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=11534 SEQ=768 Ping from PC at office 1 to router(192.168.254.254) at office 2 (fail): Shorewall:vpn2loc:ACCEPT: IN=ipsec0 OU...

Hello! I am using shorewall shorewall-2.0.11-1 on fedora core2 (iptables-1.2.9-95.7). My box has 2 physical nic´s plus one virt. ipsec interface for a freeswan-vpn connection. A few days ago, portsentry spit out a lot of connections from windows clients (port 135, 445). Ooops. I review my shorewall settings but could not find a mistake. So I took a win-client and established a second

I have searched your FAQ''s and read the documentation on your site as well as googling. I am not able to figure this out. If you have any ideas can you please help. I am using the linux-ha failover with redundant firewalls. As part of the function of the linux-ha software consists a service called heartbeat which is a connection from each failover node through a serial cable or ethernet.

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at