similar to: Route Filtering with Kernel 2.6.31 and later

Hi Tom, After two weeks of nightmares I decided ask You (and anyone reading this mail). Context is as follows: I try to update system on my central router from kernel 2.6.29.6 and Shorewall 4.2.6 (old) to kernel 2.6.31.6 and Shorewall 4.4.4.2 (new). This is LiveCD image boot (Devil-Linux distribution compiled by me), so config is this same. I have established ten OpenVPN tunnels and two

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 ftp://shorewall.net/pub/shorewall/2.0/shorewall-2.0.10 Nothing Earth-shattering here and there is no reason to upgrade if you are not seeing one of the corrected problems. - ----------------------------------------------------------------------- Problems corrected in version 2.0.10 1) The

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Currently I have shorewal 2.2 installed om my debian 2.6.8 kernel. The firewall machine can access the internet via a ethernet modem fine. The firewall can ping the local network. The local network can ping the firewall server, see the samba files. Howeven teh local network cannot access the internet through the firewall Any suggestions? Rob van Overbruggen Settings and stats: Server: Eth1 :

Hi! I have a strange problem with shorewall on one of our routers. When i configure a rule like ACCEPT loc:192.x.x.x net tcp 80 this rules will only work if i do a tcpdump -i all port 80 After doing the tcpdump the clientrules works. When i don''t use tcpdump before the connection will be refused. Best regards, Kai.

Togan Muftuoglu has just informed me that Shorewall is now available in the following repositories: <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.2> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_11.3> <http://download.opensuse.org/repositories/security:/netfilter/openSUSE_Factory> Thanks Togan!! -Tom -- Tom Eastep

In case you haven''t guessed by recent development list traffic, RC 1 is now available for testing. There are no new features since Beta 3 -- Just bug fixes. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car

In case you haven''t guessed by recent development list traffic, RC 1 is now available for testing. There are no new features since Beta 3 -- Just bug fixes. Thank you for testing, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car

Beta 2 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair from Shorewall 4.5.17.1. 2) The following warning message could be emitted

Beta 1 is now available for testing. New Features: 1) AUTOMAKE=Yes now causes all directories on the CONFIG_PATH to be searched for files newer than the script that last started/restarted the firewall. 2) FORMAT-2 actions may now specify default parameter values using the DEFAULTS directive. DEFAULTS <def1>,<def2>,... Where <def1> is the default

Beta 1 is now available for testing. New Features: 1) AUTOMAKE=Yes now causes all directories on the CONFIG_PATH to be searched for files newer than the script that last started/restarted the firewall. 2) FORMAT-2 actions may now specify default parameter values using the DEFAULTS directive. DEFAULTS <def1>,<def2>,... Where <def1> is the default

RC 1 is now available for testing. Problems corrected: 1) All sample .conf files have been changed to specify FORWARD_CLEAR_MARK= rather than FORWARD_CLEAR_MARK=Yes That way, systems without MARK support will still be able to install the sample configurations and FORWARD_CLEAR_MARK will default to Yes on systems with MARK support. 2) The install scripts in the

RC 1 is now available for testing. Problems corrected: 1) All sample .conf files have been changed to specify FORWARD_CLEAR_MARK= rather than FORWARD_CLEAR_MARK=Yes That way, systems without MARK support will still be able to install the sample configurations and FORWARD_CLEAR_MARK will default to Yes on systems with MARK support. 2) The install scripts in the

Greetings shorewall users, I''m running into a problem and hoping someone might have a simple idea how to fix it. I have shorewall configured on a linux fw with 2 port DNAT rules to an internal server for openvpn from external clients. Everything works fine there. I have a problem when the fw is rebooted however. When it comes back up, interfaces are brought up before shorewall is

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 An Ubuntu 10.04 server running Shorewall 4.4.6.1 hosts three KVM virtual servers on the default libvrt virbr0 bridge at the default vnet+ bridge ports. The bridge and ports are on a separate private subnet (192.168.122.0/24). Each bridge port and the bridge itself are in the dmz, there are two physical interfaces and private local subnets in loc, and

Hi all, I Try use shorewall rules with time element but its never works, the rules look like this HTTPS(REJECT) loc net:69.63.181.11,69.63.181.12,69.63.184.142,69.63.187.17,69.63.187.19 localtz&timestart=20:00&timestop=20:10&weekdays=Mon,Tue,Wed,Thu,Fri This rules for block https access to facebook site at working hours & day My system is Debian lenny, shorewall 4.4.4.2 kernel

Tom, or whomever reads this, when I say disconnect I mean close out IE6, sorry for so unclear on this point. My IP address never changes unless I unplug the modem. I have had the same IP address for ... well since I had to reset it to hook it up to my Linux box.which was 2 weeks ago. If I set DHCP on my eth1 interface that will contradict the static address I have assigned to it,

(anonymous post) I have a simple 2 interface firewall setup and all is good, almost. I am hosting virtual websites and DNS behind shorewall no problem. However I am trying to use SFTP via a different port number and have no luck even though Putty works well. Is there anything weird to sftp and shorewall? My lab uses a different firewall (firestarter) and it works OK. I am using; DNAT net

Package: xen-utils-3.2-1 Version: 3.2.0-5 Severity: important $vifnum is undefined when this is called. Starting XEN control daemon: xend/etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory /etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory /etc/xen/scripts/network-route: line 27:

I''m playing around with VLAN''s and I have a VLAN capable (layer 2) smart switch. I see a steady stream of martians in the logfile if I have the routefilter option set on the loc zone interfaces in /etc/shorewall/interfaces. I have two interfaces in the loc zone, eth1 and vlan2 respectively. vlan2 is an 802.1q trunk going towards the switch. Is this the expected behavior in