My 1.3.11 firewall has been running fine for months... Now all of a sudden, my logs are full of: Apr 7 21:16:02 firewall kernel: Shorewall:net2all:DROP:IN=eth0 OUTMAC=00:60:08:3e:7f:d8:00:60:1d:f6:35:50:08:00 SRC=208.191.32.6 DST=64.216.105.3 LEN=83 TOS=0x10 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP SPT=37093 DPT=53 LEN=63 I have this in rules: DNAT net dmz:192.168.2.1 udp 53 - 64.216.105.3 DNAT net dmz:192.168.2.1 tcp 53 - 64.216.105.3 DNS is running fine on 192.168.2.1... Attached find the output of shorewall status.. -- Homer Parker /"\ ASCII Ribbon Campaign BOFH for homershut.net \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net / \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft''s Homepage, on the day an SQL Server bug crippled large sections of the Internet.
Homer wrote:> My 1.3.11 firewall has been running fine for months... Now all of a > sudden, my logs are full of: > > Apr 7 21:16:02 firewall kernel: Shorewall:net2all:DROP:IN=eth0 OUT> MAC=00:60:08:3e:7f:d8:00:60:1d:f6:35:50:08:00 SRC=208.191.32.6 > DST=64.216.105.3 LEN=83 TOS=0x10 PREC=0x00 TTL=62 ID=0 DF PROTO=UDP > SPT=37093 DPT=53 LEN=63 > > I have this in rules: > > DNAT net dmz:192.168.2.1 udp 53 - > 64.216.105.3 > DNAT net dmz:192.168.2.1 tcp 53 - > 64.216.105.3 > > DNS is running fine on 192.168.2.1... Attached find the output of > shorewall status..I regret to inform you that Shorewall 1.3 is no longer supported. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Wed, 2004-04-07 at 21:33, Tom Eastep wrote:> > I regret to inform you that Shorewall 1.3 is no longer supported. > > -TomFigures... Been running fine for a year... Guess it''s time to build a new one... -- Homer Parker /"\ ASCII Ribbon Campaign BOFH for homershut.net \ / No HTML/RTF in email http://www.homershut.net x No Word docs in email telnet://bbs.homershut.net / \ Respect for open standards "Bill Gates reports on security progress made and the challenges ahead." -- Microsoft''s Homepage, on the day an SQL Server bug crippled large sections of the Internet.
Francesca C. Smith wrote:> > When is the planed EOL on 1.4.X ??? >When 2.1.0 is released. I only support two major releases at a time. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Wednesday 07 April 2004 22:48, Homer wrote:> > I regret to inform you that Shorewall 1.3 is no longer supported. > > > > -TomTom, When is the planed EOL on 1.4.X ??? Francesca -- "No Problems Only Solutions" Lady Linux Internet Services Baltimore Maryland 21217
Oh no! Shorewall 1.4.6c is doing such a good job and I hate to give it up...LOL! Well since I am going to have to stop using Red Hat 7.3 and change to Debian 3.0 might just as well change to a better version of Shorewall too! LOL! Now where to start, "Shorewall Quick Start Guide for 2.0.x", "FAQ", "Two Interface Setup Guide", and last of all ask the "shorewall-users@shorewall.net" for help. Thanks for all your work and help with Shorewall Tom! aubrey At 08:02 PM 4/7/04 -0700, you wrote:>Francesca C. Smith wrote: > > >> >> When is the planed EOL on 1.4.X ??? >> > >When 2.1.0 is released. I only support two major releases at a time. > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users>Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm >
Aubrey Kilpatrick wrote:> Oh no! Shorewall 1.4.6c is doing such a good job and I hate to give it > up...LOL! Well since I am going to have to stop using Red Hat 7.3 and > change to Debian 3.0 might just as well change to a better version of > Shorewall too! LOL!Shorewall 1.4 will likely be supported until late winter/early spring of *2005* so there''s no hurry.> > Now where to start, "Shorewall Quick Start Guide for 2.0.x", "FAQ", "Two > Interface Setup Guide", and last of all ask the > "shorewall-users@shorewall.net" for help.Look at the Upgrade Issues -- upgrading from 1.4 to 2.0 is not difficult as there aren''t a lot of changes required to your config. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Thanks Tom, that''s good news about Shorewall 1.4 being supported for a while yet. Gives more time to monitor the users list for questions about 2.0 before changing over. aubrey At 06:48 AM 4/8/04 -0700, you wrote:>Aubrey Kilpatrick wrote: >> Oh no! Shorewall 1.4.6c is doing such a good job and I hate to give it >> up...LOL! Well since I am going to have to stop using Red Hat 7.3 and >> change to Debian 3.0 might just as well change to a better version of >> Shorewall too! LOL! > >Shorewall 1.4 will likely be supported until late winter/early spring of >*2005* so there''s no hurry. > >> >> Now where to start, "Shorewall Quick Start Guide for 2.0.x", "FAQ", "Two >> Interface Setup Guide", and last of all ask the >> "shorewall-users@shorewall.net" for help. > >Look at the Upgrade Issues -- upgrading from 1.4 to 2.0 is not difficult >as there aren''t a lot of changes required to your config. > >-Tom >-- >Tom Eastep \ Nothing is foolproof to a sufficiently talented fool >Shoreline, \ http://shorewall.net >Washington USA \ teastep@shorewall.net > > >_______________________________________________ >Shorewall-users mailing list >Post: Shorewall-users@lists.shorewall.net >Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users>Support: http://www.shorewall.net/support.htm >FAQ: http://www.shorewall.net/FAQ.htm >
On 08 Apr 2004, Tom Eastep wrote:> Aubrey Kilpatrick wrote: > >Oh no! Shorewall 1.4.6c is doing such a good job and I hate to give it > >up...LOL! Well since I am going to have to stop using Red Hat 7.3 and > >change to Debian 3.0 might just as well change to a better version of > >Shorewall too! LOL! > > Shorewall 1.4 will likely be supported until late winter/early spring of > *2005* so there''s no hurry. >Debian Sarge (testing) is currently on shorewall 1.4.10-3 so Debian stable will be on a still earlier version. All the same, congratulations on moving to Debian! Anthony -- ac@acampbell.org.uk || http://www.acampbell.org.uk using Linux GNU/Debian || for book reviews, electronic Windows-free zone || books and skeptical articles
Anthony Campbell wrote:> > Debian Sarge (testing) is currently on shorewall 1.4.10-3 so Debian > stable will be on a still earlier version. All the same, congratulations > on moving to Debian! >Ditto. At this point though, I wouldn''t hesitate to install Sarge for a firewall (provided that the firewall doesn''t run any internet-accessible servers). IMHO, the lack of timely security updates still makes it unsuitable for use on servers. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net