The 2.6 kernel series includes Netfilter ''physdev'' match support. That support makes it feasible for Shorewall to support bridge/firewall configurations. I''m looking for early testers of such support. Requirements: a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in a day or so) plus private updates. b) Running a 2.6 kernel or a 2.4 kernel with physdev match support added. c) Willing to devote enough time to help develop and debug the Shorewall bridge code. Also willing to put up with the instability associated with alpha-level software. The current version of the code supports: 1. Defining a zone in terms of a bridged interface. 2. Allowing ''maclist'' verification on traffic from a bridged interface. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
I would be willing to help. Mike ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users" <shorewall-users@lists.shorewall.net>; "Shorewall Announcements" <shorewall-announce@lists.shorewall.net> Sent: Saturday, February 28, 2004 8:36 AM Subject: [Shorewall-users] Looking for a Volunteer> The 2.6 kernel series includes Netfilter ''physdev'' match support. Thatsupport> makes it feasible for Shorewall to support bridge/firewall configurations. > I''m looking for early testers of such support. > > Requirements: > > a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in aday> or so) plus private updates. > b) Running a 2.6 kernel or a 2.4 kernel with physdev match support added. > c) Willing to devote enough time to help develop and debug the Shorewall > bridge code. Also willing to put up with the instability associated with > alpha-level software. > > The current version of the code supports: > > 1. Defining a zone in terms of a bridged interface. > 2. Allowing ''maclist'' verification on traffic from a bridged interface. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >
On Sat, 28 Feb 2004, Mike Lander wrote:> I would be willing to help.Thanks, Mike -- do you have a working Linux-based bridge? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom:
I am willing to provide what ever assistance I can. I run SuSE 9.0
with kernel 2.4.25, iptables 1.2.9, and bridge-utils 0.9.6. I have just
patched the kernel for ''physdev'' match support. The kernel
will be loaded
onto a PC that I use for testing firewall software, so instability will not
be a problem. This PC currently has three nic cards, though a fourth could be
added for testing purposes if needed.
I have not included support for ebtables in the kernel. If this is required,
would you let me know.
Regards
Steven.
On Saturday 28 February 2004 16:36, Tom Eastep wrote:> The 2.6 kernel series includes Netfilter ''physdev'' match
support. That
> support makes it feasible for Shorewall to support bridge/firewall
> configurations. I''m looking for early testers of such support.
>
> Requirements:
>
> a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in a
> day or so) plus private updates.
> b) Running a 2.6 kernel or a 2.4 kernel with physdev match support added.
> c) Willing to devote enough time to help develop and debug the Shorewall
> bridge code. Also willing to put up with the instability associated with
> alpha-level software.
>
> The current version of the code supports:
>
> 1. Defining a zone in terms of a bridged interface.
> 2. Allowing ''maclist'' verification on traffic from a
bridged interface.
>
> -Tom
On Sun, 29 Feb 2004, Steven Jan Springl wrote:> Tom: > I am willing to provide what ever assistance I can. I run SuSE 9.0 > with kernel 2.4.25, iptables 1.2.9, and bridge-utils 0.9.6. I have just > patched the kernel for ''physdev'' match support. The kernel will be loaded > onto a PC that I use for testing firewall software, so instability will not > be a problem. This PC currently has three nic cards, though a fourth could be > added for testing purposes if needed. > I have not included support for ebtables in the kernel. If this is required, > would you let me know. >Thanks, Steven -- ebtables support is not required. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Experienced Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Saturday, February 28, 2004 4:12 PM Subject: Re: [Shorewall-users] Looking for a Volunteer> On Sat, 28 Feb 2004, Mike Lander wrote: > > > I would be willing to help. > > Thanks, Mike -- do you have a working Linux-based bridge? > > -TomNot sure what you mean by linux bridge ? So probably not. Mike
On Sun, 29 Feb 2004, Mike Lander wrote:> > ----- Original Message ----- > From: "Tom Eastep" <teastep@shorewall.net> > To: "Mailing List for Experienced Shorewall Users" > <shorewall-users@lists.shorewall.net> > Sent: Saturday, February 28, 2004 4:12 PM > Subject: Re: [Shorewall-users] Looking for a Volunteer > > > > On Sat, 28 Feb 2004, Mike Lander wrote: > > > > > I would be willing to help. > > > > Thanks, Mike -- do you have a working Linux-based bridge? > > > > -Tom > Not sure what you mean by linux bridge ? So probably not. >http://bridge.sf.net -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Experienced Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Saturday, February 28, 2004 4:12 PM Subject: Re: [Shorewall-users] Looking for a Volunteer> On Sat, 28 Feb 2004, Mike Lander wrote: > > > I would be willing to help. > > Thanks, Mike -- do you have a working Linux-based bridge?I was thinkng of building a server to help I have a several empty computers in my shop that range from 450mgz to 1000 mgz I could put one together to help. I would help me as well to learn more. Mike
Tom,
This may fall into a project I am building for the Boys and Girls club.
I current have shorewall running in their club there and have had for a
couple of years.
They have two locations, one being the club and the other the admin
office. (Admin office 5 miles away)
Right now they have seperate networks independant from each other.
We need to connect the two buildings now to run a Microsoft Small business
server (Premium with ISA and SQL)
They have a T-1 at the club and ADSL at the admin office. I need a VPN
between the two.
The only bridgeing I have done is with the cisco 675 . And that was I while
ago.
I donate everything I do for them. So would your new firewall and
bridgeing these
two different networks together fit the bill. I think they would be happy to
let us test in their networks.
Mike
----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>
To: "Mailing List for Experienced Shorewall Users"
<shorewall-users@lists.shorewall.net>
Sent: Sunday, February 29, 2004 9:45 AM
Subject: Re: [Shorewall-users] Looking for a Volunteer
> On Sun, 29 Feb 2004, Mike Lander wrote:
>
> >
> > ----- Original Message -----
> > From: "Tom Eastep" <teastep@shorewall.net>
> > To: "Mailing List for Experienced Shorewall Users"
> > <shorewall-users@lists.shorewall.net>
> > Sent: Saturday, February 28, 2004 4:12 PM
> > Subject: Re: [Shorewall-users] Looking for a Volunteer
> >
> >
> > > On Sat, 28 Feb 2004, Mike Lander wrote:
> > >
> > > > I would be willing to help.
> > >
> > > Thanks, Mike -- do you have a working Linux-based bridge?
> > >
> > > -Tom
> > Not sure what you mean by linux bridge ? So probably not.
> >
>
> http://bridge.sf.net
>
> -Tom
> --
> Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
> Shoreline, \ http://shorewall.net
> Washington USA \ teastep@shorewall.net
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
>
Apparently Analagous Threads
- iptables v1.2.7a: Couldn''t load match `physdev'':/lib/iptables/libipt_physdev.so: cannot open shared object file: No such file or directory
- rules - access by mac address
- Few questions
- MAC address verification limitation
- maclist problem on a firewall/bridge/router system with masquerading