similar to: (no subject)

------------------ ---------| external ip eth0 | ---------- -------------------------- | |--------------------------- | -------| Internal IP eth1 | -------------------------- | |-------------------------- ---------| external Ip eth2 | ---------- -------------------------- i want to put web and ftp traffic to

Etx1 - First Internet Line - eth0 Ext2 - Second Internet line - eth2 LAN - Local Area Network - eth1 Other traffic - Ext1 -------+-------+--------------- Ext2 ---Web goes Here eth0 | |eth2 +-------+-------+ | ROUTER | +----+------+---+ |eth1 192.168.0.0/24 -----------------+ | 192.168.0.1/24------------------- - Gateway |

Hi everyone. I am so baffled by the following problem: Office 1 is using ADSL and it is building a VPN tunnel with IPSEC to Office 2. Both ends are using shorewall/freeswan firewalls. Diagram: Office1 fw --- VPN TUNNEL --- Office2 fw --- cisco router ----- VLANS | DMZ Office 1 has the following interfaces: 2: eth0:

Hi! I''ve got two FreeS/WAN gateways setup, with one subnet<->subnet tunnel setup, which is working fine. I''ve setup iproute2 to route anything for either subnet via the ipsec0 device using a src address of the local interface. This is to force locally generated traffic (ie, traffic generated on the server) to go through the VPN, rather than out with a source IP of the

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

I am have a shorewall firewall and freeswan ipsec running on a redhat 8.0 Linux gateway machine. I have one working tunnel defined, all works well. I am not clear how to define mutiple concurrent tunnels. I can not add further interface entries as all the tunnels come in on ipsec0, do I still have mutiple zone definitions? some of the tunnels will be dynamic roadwarriors and as such would need a

stanislav.nedelchev@gmail.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

stanislav.nedelchev@gmail.com

Hi, Problem: I want 2 vpn tunnels for 2 subnets over one interface ipsec0. Documentation only describes config for 1 vpn or road warriors. I defined 2 vpn zones ''fre'' and ''swe''. #ZONE DISPLAY COMMENTS net Net Internet zone loc Local Local fre VPN_Fre VPN Fre swe VPN_Swe VPN Swe Interface ipsec0 is tunnel over eth1. Local is eth0. ipsec0 serves 2 zones: fre

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my

Hi, still trying to understand one thing. I would definitely like to tell iptables to accept all packets coming from remote vpn only if they hit the $VIRTUALVPNINTERFACE. I tried -o ipsec0 but this is not working, looks like ipsec0 device doesn't exist or it is not recognized. I red on the Openswan users list, that Linux kernel 2.6 native ipsec don't create ipsec* interface (if I am

Hello all, I am working with kernel 2.2.20 with the necessary options configured into the kernel to support all of the wonderfully fancy routing features: - routing based on ToS - routing based on fwmark - multiple routing tables This same kernel is in use elsewhere, and is routing based on fwmark with success. This leads me to believe that my kernel is OK and that I have another

RedHat 7.1 running FreeS/WAN and Samba 2.0.10 connects to a DHCP Win2k server box using ipsec. At first I was implementing Samba 2.0.7 as a WINS server and was encountering a problem where 'smbclient -M W2kserver' and 'smbclient -L W2kserver' (where W2kserver is netbios name of w2k box) would give me Win2k side server stats/send message to win2k box, but I could not ping

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this release: 1) Dynamic Ipsec Zones now work. 2) Output Traffic Accounting by user/group is supported (thanks to Tuomas Jormola). 3) The following negative test options are added in /etc/shorewall/ipsec and /etc/shorewall/masq: reqid!=<number> spi!=<number> proto!=esp|ah|ipcomp mode!=tunnel|transport

Hello Tom, I have successfully configured proxy arp subnettinng on my network with three hosts in a Dmz. And it works great. (using proxyarp in interfaces) I also tryed this on network below same trouble. However for this network below I have tryed to configure one host in a Dmz (using /etc/shorewall/proxyarp) which works and comes up after I set it up and clear Isp''s arp

Hi, I have configured shorewall 2.0.3-1 on Redhat 9 on my firewall system which is also acting as a gateway for one of subnet to another LAN connected via lease line. LAN1(192.168.5.0/24)----- FW(shorewall) ------- Internet I------------------------LAN2(192.168.2.0/24) Below is the routes Kernel IP routing table Destination Gateway Genmask Flags Metric

I am attempting to create an ipsec tunnel between two CentOS 5.1 systems, network-to-network with two different 192.168.xxx.0/24 LAN segments. I have gone through the documentation on the centos web site, and have the machines to the point where the /var/log/messages show ``IPsec-SA established'' on both machines after runnig ``ifup ipsec0'' (same ipsec0 on each machine). IP

I have 2 internet connections and i;m trying to use squid as transparent proxy but every time squid is using first internet line but i want to use second internet line . i have this settings and without squid it''s working i have default route on the first internet connection. iptables -t nat -I POSTROUTING -o eth2 -p tcp --dport 80 -s 192.168.0.0/24 -d ! 192.168.0.0/16 -j SNAT --to

I just got the list confirmation and noticed it''s text only email so here it is again in plain text. Below is the oringal message. Hi all, I am really struggling with this one, I have built a lot of linux machines using IPSEC tunnels and shorewall gateways. I decied to build a new test machine with Debian running 2.4.25 and Shorewall 2.0.15. I have two subnets on their own switches and

The version of Shorewall in the CVS development tree contains the first implementation of dynamic zones. While these zones are aimed at IPSEC Road Warriors, there is nothing ipsec-specific in the implementation except for a small extension in the tunnels file. There are two new commands: add and delete shorewall {add|delete} <interface>[:<host or subnet>] zone The interface