similar to: Shorewall 3.4.x - Error when (re) starting - segmentation fault

Hello, My hoster updated its kernel packages... It contained some old problems that should have been fixed. My servers have now a wonderful 2.6.21.5 kernel + grsec running. Both are running Debian 4.0 (stable release). mx:/etc/shorewall# iptables --version iptables v1.3.6 mx:/etc/shorewall# uname -a Linux mx.network-hosting.com 2.6.21.5-grsec-xxxx-grs-ipv4-32 #1 SMP Fri Jul 27 17:18:23 CEST

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

Hello, please excuse me if this has been discussed or even solved before, but I could not find it in the archives. I''m in the process of migrating several gateways to shorewall-lite, keeping the configfiles on one central adminstrative machine, basically following the guide at http://www.shorewall.net/CompiledPrograms.html . As I understand it, the local /etc/shorewall directory on the

Hi, enabling this line in hosts file "WAN eth2:0.0.0.0/0!1.0.0.0/8,10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16 routeback,blacklist,tcpflags" results in this error message -- Preparing iptables-restore input... Running /usr/sbin/iptables-restore... iptables-restore v1.3.8: error creating chain ''ACCEPT'':File exists Error occurred at line: 29 Try

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

Hi, usually my shorewall inst. uses compiler=perl. While some tests I changed my config to compiler=shell, and in this case I get an error like this: -------------------------------------------------------- Setting up TCP Flags checking... iptables v1.3.8: host/network `169.254.0.0/16!169.254.1.0'' not found Try `iptables -h'' or ''iptables --help'' for more

Hi list! I am configuring Shorewall on a Xen domU virtual machine. I configured only the zones, interfaces, rules, policy and shorewall.conf files. When I run "shorewall check" there aren''t no problems, but when I try to start shorewall I get this error a lot of time: iptables: Invalid argument ip6tables v1.3.6: can''t initialize ip6tables table `filter'': Bad

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi: I have a small infrastructure of network of local area, that are based on a computer, with computer and with a Point Access, with Debian Etch 4.0r1. With Shorewall 3.2.6-2. Well. Since I have two cards of network, which of which, I have left like that: Internet --> Router (217.126.221.65) --> eth1 (217.126.221.117) --> eth0 (LAN

Hi all, I''ve shorewall 3.2.6-2, kernel 2.4.27, iptables 1.3.6.0debian1-5 on a debian sarge machine. >From yesterday shorewall can''t start anymore and in the shorewall-init.log I''ve this: ERROR: Rule "REDIRECT lan 8081 tcp 80 " requires NAT which is disabled /sbin/shorewall: line 527: 17071 Terminated $SHOREWALL_SHELL ${SHAREDIR}/compiler

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

In helping a user on IRC today, I was dismayed to find that a bug that was supposedly fixed in Shorewall 3.4.4 was not fixed. Furthermore, I found that the bug is present as far back as 3.2.6 (I didn''t look back further since 3.2.6 was the release where the user (re-) discovered the bug. If HIGH_ROUTE_MARKS=No, then PREROUTING and OUTPUT marking rules are behaving as if TC_EXPERT=Yes was

Hello, We have a video conference server using tcp and udp 3001 prot in internal, external user said that can''t connect to video server and held on 3001 fail, the following is file configuration, nat: 1.2.3.4 eth1:3 192.168.0.18 rule: video/ACCEPT net loc:192.168.0.18 marco.video: PARAM - - tcp 3000 PARAM - -

Hello Tom, now here''s my dump file as .zip attachment, but named .txt, because the list-server rejected the .zip, then my second try (uncompressed) was rejected because of the size. What I was doing is connecting from remote side of an ipsec tunnel (behind gw 212.168.178.226), from a windows machine with 192.168.246.20 to the firewall-system (remote ip 217.19.188.182 / internal ip is

Guys, Just a quick check. From what i have read in the shorewall site, intrazone traffic is allowed completely by shorewall i.e. there is no filtering or packet size limiting ,etc,etc. I ask this becos after getting shorewall up and running well, someone has complained that they cannot print pdf files larger than 100k at one go but that they have to print one page at a time. Some details;

Hi Shorewall Users :) I have found shorewall firewall and seems to be interesting. I need to setup a configuration my my network users because i only have 50gb of traffic per month. I want to know if the shorewall can make a 48gb per month limit, but everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count. Can shorewall do that ? -- Sem Mais Rui Oliveira 351 - Portugal

Hi. What system or software are you using to show the iptables log files (for example the dropped packages tagged as LOG in the Shorewall rules)? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files

Hi, I''ve to restart shorewall when my dynamic IP was changed from my ISP. Of course i can with a shell script do it automatically, but the question is still there.. why ? mess-mate -- "I understand this is your first dead client," Sabian was saying. The absurdity of the statement made me want to laugh but they don''t call me Deadpan

I set up a firewall following: http://www.shorewall.net/MultiISP.html Using shorewall 4.0.5 and a 2.6.22 kernel Attached a dump from shorewall. It''s setup for testing. I have an internal host set to it as the default route. The ipsec.conf file is renamed to keep it from messing up the vpns. Most things are working OK. I''m a bit concerned that all the outgoing nat traffic is