search for: westerhold

I am considering replacing my old checkpoint and watchguard firewalls witha single Linux box using iptables and shorewall. I have two ISP''s (with separate routing tables), two DMZ''s, at least one VPN to a remote office, and a local trusted network. The configuration will look like: +----------------+ | | net0 ----------+ eth1

I''m havign a HUGE amount of difficulty getting shoreline to work with LVS. We use it here constantly so we know it works. The problem is packets come in, get directed to a webserver, webserver returns the packet to firewall, and then it goes into a black hole. rp_filter is off globally on all interfaces. LVS seems to be working right.... I use shorewall tcrules to mark packets on

Hi there, can anyone point me to the docs needed to support Tagged Vlans through Shorewall. I might just be blind or my understanding of Tagged Vlans isn''t good enough yet to find it. Axel

Sat Mar 22 14:16:55 CST 2003 This post is a bit long, but I want to make sure I am providing the information up front that can help in others helping me solve this mystery. I am having a bit of difficulty getting Shorewall to work with SecuRemote and its FW-1 server. I have attached the "rules" file I am using and the output of "shorewall show nat". The diagram below

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

The patches may be found at: http://shorewall.net/pub/shorewall/contrib/IPSEC ftp://shorewall.net/pub/shorewall/contrib/IPSEC I found these patches on the netfilter-devel list and make no warranties as to how well they work (or not). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

I set up an ipsec/racoon vpn tunnel test environment. The gateway machines are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and 10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10. The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice versa and they can both use the net via NAT, however 192.168.0.30 and 192.168.0.31 cannot directly

Hi all, its a real nightmare for me. Although i have read and searched the web for two weeks i can`t get shorewall to work. problem is that we have only one server that acts as fileserver (samba, nis, nfs) and router/firewall for the lan. the server has two interfaces eth0 = lan and eth1 = internet. The only what we need is full access from the lan to the firewall and restricted access

I have problems connecting IPSEC VPN clients on the masqueraded network to outside VPN servers. It looks like this: ipsec-user | 192.168.1.10 (DHCP assigned) | | 192.168.1.1 fw-1 (shorewall, Linux 2.6) | 20.20.20.20 (internet) | 30.30.30.30 fw-2 (IPSEC VPN endpoint) | 192.168.100.1 | | 192.168.100.2 server ipsec-user (a road warrior) is supposed to create an IPSEC tunnel to his home