Displaying 20 results from an estimated 4000 matches similar to: "Route Filtering with Kernel 2.6.31 and later"
2009 Dec 16
3
Dual-homing BGP gate problem
Hi Tom,
After two weeks of nightmares I decided ask You (and anyone reading this mail).
Context is as follows:
I try to update system on my central router from kernel 2.6.29.6 and Shorewall
4.2.6 (old) to kernel 2.6.31.6 and Shorewall 4.4.4.2 (new).
This is LiveCD image boot (Devil-Linux distribution compiled by me), so config
is this same.
I have established ten OpenVPN tunnels and two
2004 Oct 25
0
Shorewall 2.0.10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10
ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10
Nothing Earth-shattering here and there is no reason to upgrade if you
are not seeing one of the corrected problems.
- -----------------------------------------------------------------------
Problems corrected in version 2.0.10
1) The
2005 Jun 27
5
Bridging problem with Shorewall and OpenVpn
Hello All,
I am trying to implement OpenVPN on Fedora core Linux 3 with the latest
pathces
installed. This server is used only as firewall/internet gateway/proxy/VPN
server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP
It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12)
connected to the local network.
I use shorewall 2.4 on this machine.
I like to test
2005 May 31
2
Local machine not through firewall
Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall
Any suggestions?
Rob van Overbruggen
Settings and stats:
Server:
Eth1 :
2009 Dec 18
2
Rules only activ after using tcpdump in promiscuous mode
Hi!
I have a strange problem with shorewall on one of our routers. When i
configure a rule like
ACCEPT loc:192.x.x.x net tcp 80
this rules will only work if i do a
tcpdump -i all port 80
After doing the tcpdump the clientrules works. When i don''t use tcpdump
before the connection will be refused.
Best regards,
Kai.
2010 Nov 25
0
Shorewall in OpenSuSE repositories
Togan Muftuoglu has just informed me that Shorewall is now available in
the following repositories:
<http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.2>
<http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.3>
<http://download.opensuse.org/repositories/security:/netfilter/openSUSE_Factory>
Thanks Togan!!
-Tom
--
Tom Eastep
2013 Mar 07
0
Shorewall 4.5.14 RC 1
In case you haven''t guessed by recent development list traffic, RC 1 is
now available for testing.
There are no new features since Beta 3 -- Just bug fixes.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
2013 Mar 07
0
Shorewall 4.5.14 RC 1
In case you haven''t guessed by recent development list traffic, RC 1 is
now available for testing.
There are no new features since Beta 3 -- Just bug fixes.
Thank you for testing,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
2013 Jun 10
0
Shorewall 4.5.18 Beta 2
Beta 2 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes all defect repair from Shorewall 4.5.17.1.
2) The following warning message could be emitted
2011 Jun 18
0
Shorewall 4.4.21 Beta 1
Beta 1 is now available for testing.
New Features:
1) AUTOMAKE=Yes now causes all directories on the CONFIG_PATH to be
searched for files newer than the script that last
started/restarted the firewall.
2) FORMAT-2 actions may now specify default parameter values using the
DEFAULTS directive.
DEFAULTS <def1>,<def2>,...
Where <def1> is the default
2011 Jun 18
0
Shorewall 4.4.21 Beta 1
Beta 1 is now available for testing.
New Features:
1) AUTOMAKE=Yes now causes all directories on the CONFIG_PATH to be
searched for files newer than the script that last
started/restarted the firewall.
2) FORMAT-2 actions may now specify default parameter values using the
DEFAULTS directive.
DEFAULTS <def1>,<def2>,...
Where <def1> is the default
2010 Oct 23
0
Shorewall 4.4.14 RC 1
RC 1 is now available for testing.
Problems corrected:
1) All sample .conf files have been changed to specify
FORWARD_CLEAR_MARK=
rather than
FORWARD_CLEAR_MARK=Yes
That way, systems without MARK support will still be able to
install the sample configurations and FORWARD_CLEAR_MARK will
default to Yes on systems with MARK support.
2) The install scripts in the
2010 Oct 23
0
Shorewall 4.4.14 RC 1
RC 1 is now available for testing.
Problems corrected:
1) All sample .conf files have been changed to specify
FORWARD_CLEAR_MARK=
rather than
FORWARD_CLEAR_MARK=Yes
That way, systems without MARK support will still be able to
install the sample configurations and FORWARD_CLEAR_MARK will
default to Yes on systems with MARK support.
2) The install scripts in the
2009 Dec 26
2
Connection tracking, DNAT, and boot sequence
Greetings shorewall users,
I''m running into a problem and hoping someone might have a simple idea
how to fix it.
I have shorewall configured on a linux fw with 2 port DNAT rules to an
internal server for openvpn from external clients. Everything works fine
there.
I have a problem when the fw is rebooted however. When it comes back up,
interfaces are brought up before shorewall is
2010 Oct 21
10
KVM and bridge
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM
virtual servers on the default libvrt virbr0 bridge at the default
vnet+ bridge ports. The bridge and ports are on a separate private
subnet (192.168.122.0/24). Each bridge port and the bridge itself are
in the dmz, there are two physical interfaces and private local
subnets in loc, and
2009 Dec 17
4
Shorewall time element rules never works ?
Hi all,
I Try use shorewall rules with time element but its never works, the
rules look like this
HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz×tart=20:00×top=20:10&weekdays=Mon,Tue,Wed,Thu,Fri
This rules for block https access to facebook site at working hours & day
My system is Debian lenny, shorewall 4.4.4.2 kernel
2003 Mar 03
3
losing connection
Tom, or whomever reads this, when I say disconnect I mean close out IE6,
sorry for so unclear on this point. My IP address never changes unless I
unplug the modem. I have had the same IP address for ... well since I
had to reset it to hook it up to my Linux box.which was 2 weeks ago. If
I set DHCP on my eth1 interface that will contradict the static address
I have assigned to it,
2004 Nov 29
2
SFTP
(anonymous post) I have a simple 2 interface firewall setup and all is
good, almost. I am hosting virtual websites and DNS behind shorewall no
problem. However I am trying to use SFTP via a different port number and
have no luck even though Putty works well. Is there anything weird to
sftp and shorewall? My lab uses a different firewall (firestarter) and
it works OK.
I am using;
DNAT net
2008 Apr 23
0
Bug#477525: xend with network-route fails to start, missing $vifnum
Package: xen-utils-3.2-1
Version: 3.2.0-5
Severity: important
$vifnum is undefined when this is called.
Starting XEN control daemon: xend/etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory
/etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory
/etc/xen/scripts/network-route: line 27:
2010 Nov 25
13
VLAN martians
I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart
switch. I see a steady stream of martians in the logfile if I have the
routefilter option set on the loc zone interfaces in
/etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1
and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch.
Is this the expected behavior in