Fixes for the problems are available at http://www1.shorewall.net/pub/shorewall/3.4/shorewall-3.4.2. Read the ''known_problems'' file in that directory to install the fixes. 1) The ''shorecap'' program is not loading kernel modules correctly. This is a concern only if you run Shorewall-lite. 2) The CHAIN variable is not being set before the ''maclog'' extension script is run. This is a concern only if you use that extension script. -Tom - Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
-A INPUT -p 50 -j ACCEPT -A INPUT -p 51 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 500 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 500 -j ACCEPT i have the above in a iptables config and it allows me to use Nortel''s VPN client from inside to access work remotely. had a go of trying to get shorewall to allow the same but so far it has not worked. any ideas? lost in translation, Bill ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
wsbcomm@earthlink.net wrote:> -A INPUT -p 50 -j ACCEPT > -A INPUT -p 51 -j ACCEPT > -A INPUT -m state --state NEW -m tcp -p tcp --dport 500 -j ACCEPT > -A INPUT -m state --state NEW -m udp -p udp --dport 500 -j ACCEPT > > > i have the above in a iptables config and it allows me to use Nortel''s VPN > client from inside to access work remotely. had a go of trying to get > shorewall to allow the same but so far it has not worked. > > any ideas?Yes. Start at the Shorewall home page (http://www.shorewall.net) and click on the ''Documentation'' link in the left-hand pane. There you will find a high-level menu; the first entry in that menu is "Alphabetical Index of All Articles". Please click on that link. Please bookmark the next page displayed so you can refer to in the future. The Nortel VPN client uses IPSEC so I suggest that you click on the link that reads "IPSEC using Kernel 2.6 and Shorewall 2.1 or Later". Then follow the instructions for the setup that most closely resembles your own (probably the client side of the "Mobile System (RoadWarrior)" section). The rules that you quote in your post will be generated by an entry in the /etc/shorewall/tunnels file but you will need to do more than just add that entry. Note that you will not need to worry about configuring Racoon so you can skip those parts of the article -- your Nortel client performs the same function as Racoon and ipsec-tools. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
great! thanks for the help! On Thursday 12 April 2007 07:27, Tom Eastep wrote:> wsbcomm@earthlink.net wrote: > > -A INPUT -p 50 -j ACCEPT > > -A INPUT -p 51 -j ACCEPT > > -A INPUT -m state --state NEW -m tcp -p tcp --dport 500 -j ACCEPT > > -A INPUT -m state --state NEW -m udp -p udp --dport 500 -j ACCEPT > > > > > > i have the above in a iptables config and it allows me to use Nortel''s > > VPN client from inside to access work remotely. had a go of trying to > > get shorewall to allow the same but so far it has not worked. > > > > any ideas? > > Yes. > > Start at the Shorewall home page (http://www.shorewall.net) and click on > the ''Documentation'' link in the left-hand pane. There you will find a > high-level menu; the first entry in that menu is "Alphabetical Index of All > Articles". Please click on that link. > > Please bookmark the next page displayed so you can refer to in the future. > > The Nortel VPN client uses IPSEC so I suggest that you click on the link > that reads "IPSEC using Kernel 2.6 and Shorewall 2.1 or Later". Then follow > the instructions for the setup that most closely resembles your own > (probably the client side of the "Mobile System (RoadWarrior)" section). > The rules that you quote in your post will be generated by an entry in the > /etc/shorewall/tunnels file but you will need to do more than just add that > entry. Note that you will not need to worry about configuring Racoon so you > can skip those parts of the article -- your Nortel client performs the same > function as Racoon and ipsec-tools. > > -Tom------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV