Displaying 20 results from an estimated 10000 matches similar to: "Shorewall 4.5.0"
2012 Feb 20
5
Upgrade from Shorewall 4.4.27.3 to 4.5.0.1
I''d like to ask for clarification on the upgrade procedure using tarballs. In the past, with version 4.4, I have downloaded shorewall-4.4.x.y.tar.bz2 and shorewall6-4.4.x.y.tar.bz2, extracted each, and executed ''install.sh -s'' in each directory.
Now there is a new package shorewall-core-4.5.x.y.tar.bz2. As I understand it, with version 4.5, this core package needs to be
2012 Jan 22
4
Proxyndp issue
Tom
In Shorewall6 4.4.27 the following proxyndp entry:
2001:4d48:ad51:24::f3 eth2 eth0 no no
does not add the required route.
The code produced in /var/lib/shorewall6/.restart is:
qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2 run_ip route add
2001:4d48:ad51:24::f3/128 dev eth2
Splitting the line into 2 separate lines:
qt $IP -6 route del 2001:4d48:ad51:24::f3/128 dev eth2
2012 Jan 21
9
linux kernel 3.2.x gentoo maclist
how to make this work, its seem to me that netfilter is changed more or
less someplaces that shorewall do not support, using 4.4.27 shorewall
and shorewall6
suggestion welcomed
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99!
2012 Mar 12
8
CentOS6/RHEL6 - net.nf_conntrack_max not applied
2012 Jan 18
5
virtual serveres
I am in the process of building a new machine to replace several older
servers. I am considering running several virtual servers on one box,
all linux for host and virtual machines using VirtualBox.
Is it possible/advisable to configure shorewall on the host to act as a
firewall for the virtual machines, each having one or more static public IP address?
Any pointers, suggestions and/or
2012 Jan 31
6
Shorewall and sshdfilter
Hi All!
Been quite a few years and lots of water under the bridge but here I am back!
I have a customer that has now decided they need a bit more bandwidth over and
above their fixed line! They are not in a good area for ADSL because of copper
theft and being a bit to far from the closest DSLAM! They have installed a
wireless link and I have made certain that put it behind my simple iptables
2012 Jan 19
5
net2fw:DROP for L2TP VPN
Hi, I am trying to get L2TP roadwarrior VPN working from http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP but i am making a mistake somewhere, appreciate a fresh set of eyes to help. I have the following interfaces: ppp0 - interneteth0 - local networkrem - client openvpnl2tp - ppp for lt2p clients
I am getting the following error logged when trying to connect into the server with L2TP from a remote
2012 Jan 19
3
Problema link balance and internet bank
Hello
Guys I have problem with internet bank. I have 2 Internet links balancing
mode, thus the bank is charging connection down. I tried to force Internet
traffic (port 80 and 443) for only a link, however it did not work.
How do I make a setting to force the connection to these ports for a
specific link.
Note: I can not use the file as route_rules have neither the source IP (ltsp)
nor of
2012 Jan 02
2
Shorewall 4.5.0 Beta 1
Happy New Year, everyone.
With the new year, comes a new major version of Shorewall. The reasons
for opening a new version are:
1. The packaging and dependencies have changed in this release.
2. There are minor migration issues.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
2012 Jan 02
2
Shorewall 4.5.0 Beta 1
Happy New Year, everyone.
With the new year, comes a new major version of Shorewall. The reasons
for opening a new version are:
1. The packaging and dependencies have changed in this release.
2. There are minor migration issues.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
2012 Jan 11
0
Shorewall 4.5.0 Beta 3
Beta 3 is now available for testing.
Problems Corrected:
1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of
tcinterfaces and tcrules, and causes no ingress policing to be
configured.
2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when
$FW:<address> is entered in the SOURCE column of the tcrules file.
New Features:
1) The
2012 Jan 11
0
Shorewall 4.5.0 Beta 3
Beta 3 is now available for testing.
Problems Corrected:
1) The value ''0'' is once again accepted in the IN_BANDWIDTH columns of
tcinterfaces and tcrules, and causes no ingress policing to be
configured.
2) MARK_IN_FORWARD_CHAIN=Yes no longer generates an error when
$FW:<address> is entered in the SOURCE column of the tcrules file.
New Features:
1) The
2013 Aug 31
23
ERROR: Log level INFO requires LOG Target in your kernel and iptables
Hi,
I have 2 Debian testing boxes running a very similar setup (both running
the latest aptosid kernel); on one of them, since the
iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to
1.4.20-2, shorewall-init can''t start shorewall anymore and for this
reason ifupdown also fails triggering firewall up.
Shorewall can be successfully started later on, and ifupdown starts
2012 Jan 16
4
conntrack entries established before nat
Typically (or at least somewhat occasionally) after a reboot of my
shorewall[-lite] machine I find that I end up with conntrack table
entries for unNATted connections such as:
# conntrack -L -p udp --dport 5060 -d 99.232.11.14
udp 17 59 src=10.75.22.8 dst=99.232.11.14 sport=5060 dport=5060 packets=5472 bytes=3031488 [UNREPLIED] src=99.232.11.14 dst=10.75.22.8 sport=5060 dport=5060 packets=0
2012 Feb 19
3
Shore wall and multi ISPs and ip addresses
Hi All!
I only ever have complex setups.
Customer site has a dedicated leased line from their ISP terminating on a
Cisco router. Router is configuered with the first usable address on a /28
network - 196.x.y.73. The linux firewall is configured with the remaining 5
ip''s, 196.x.y.74 to 196.x.y.78 and 79 as the broadcast. Sounds normal but here
is the twist. The primary or first ip
2012 Mar 12
1
2 Interface router running KVM with virtual hosts
Hi list!
I would like to modernize my server at home which is still running
Shorewall 3. The server will be running CentOS 6.2 but i also want to use
KVM virtualization to run a Windows host on the same box that i can log
in to remotely.
I looked through the documentation samples on the shorewall site and found
several bridging configurations but they do not match my setup, yes it
will
2012 Mar 07
2
RTNETLINK answers: File exists when adding providers
When I attempt to start shorewall (version 4.0.15) I get an RTNETLINK error
(see below).
/var/log/shorewall-init.log
[...]
21:02:18 Creating Interface Chains...
21:02:19 Adding Providers...
RTNETLINK answers: File exists
ERROR: Command "ip route add table 1 129.116.XXX.0/24 dev eth2 proto kernel
s
cope link src 129.116.XXX.30" Failed
21:02:25 Shorewall-generated routing tables and
2013 Jun 21
1
MultiISP.html documentation improvements
Hi all
I have been working with Shorewall connected to two ISPs lately, and I would
like to suggest a couple of improvements to the MultiISP.html documentation
page.
I followed the examples in that page (but the legacy setup and the
USE_DEFAULT_RT one), but I had problems with locally (by the firewall)
generated packets: I wanted them to go out using only one ISP, but if I use
a tcrules rule to
2020 Apr 22
2
Recommendations on intrusion prevention/detection?
> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote:
> The three most common attack vectors, (and attack volumes have never been higher) are:
>
> * Sniffed unencrypted credentials
> (Assume every home wifi router and CPE equipment are compromised ;)
> * Re-used passwords where data is exposed from another site's breach
> (Users WANT to
2012 Sep 03
10
Shorewall 4.5.8 Beta 1
Shorewall 4.5.8 Beta 1 is now available for testing.
----------------------------------------------------------------------------
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
----------------------------------------------------------------------------
1) This release includes the defect repair from Shorewall 4.5.7.1.
2) The restriction that TTL and HL rules could