Shorewall users - Jul 2003 - Upgrading Shorewall

Hi,
I have Shorewall 1.2 running and would like to have it upgraded. I have a
custom kernel 2.4.2 and I was wondering if I could upgrade to 1.4.4b ( the
latest stable version). Should I be aware of any issues. I am running 2
interfaces (eth0 internal and eth1 external). Any thoughts or suggestions is
appreciated.
Thanks
Bharath

--------------------------------------------------
Premier Lease and Loan Services <http://www.plls.com> 
E-mail:bnarayan@raidworks.com
Ph: (425) 643-0832
Fax: (425) 649-5915
---------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 4486 bytes
Desc: not available
Url :
http://lists.shorewall.net/pipermail/shorewall-users/attachments/20030703/f67bc551/winmail-0001.bin

On Thu, 2003-07-03 at 15:04, Bharath Sankaranarayan
wrote:
> Hi,
> I have Shorewall 1.2 running and would like to have it upgraded. I have a
> custom kernel 2.4.2
I would definitely consider upgrading your kernel as well.
> and I was wondering if I could upgrade to 1.4.4b ( the
> latest stable version).
The latest stable version is 1.4.5.
> Should I be aware of any issues. I am running 2
> interfaces (eth0 internal and eth1 external). Any thoughts or suggestions
is
> appreciated.
Please see http://www.shorewall.net/upgrade_issues.htm.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Thu, 2003-07-03 at 15:24, Bharath Sankaranarayan
wrote:
> Tom,
> Thanks for your suggestions. What I am not able to find on the upgrade
> issues is, I had used one of the 2 interfaces sample on the Shorewall
> website when I installed 1.2 and I want to make sure that the upgrade will
> be compatible with the rules and the policies. I could not find the 2
> interfaces updated for 1.4.x.
http://www.shorewall.net/pub/shorewall/Samples
> May be I am not looking in the right places.
> For example we have a VPN server behind our Shorewall 1.2 Firewall but the
> PPTP page says that I need to add DNAT command which does not work in 1.2
> version. As our firewall works well for our purpose I don''t want
to upgrade
> and break what is working.
Upgrading always involves risks, especially when you choose to skip one
entire major release of a product.
> Unfortunately we don''t have a spare box to test.
> This was the starting point for the upgrade, also we are unable to connect
> and external VPN ( one session is ok but not multiple simultaneous) I am
> aware that I need to do VPN masq but the notes on masq site is confusing
for
> me. Sorry for rambling and going astray but I thought it will be beneficial
> to explain why I am trying to do what I am doing.
You will need the PPTP connection tracking kernel patch from
netfilter.org (Patch-O-Matic). Unfortunately, using Patch-O-Matic is not
for the novices (or for faint of heart veterans for that matter).

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net