similar to: shorewall-users list support / vacation

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hello all, I have a question in regards to proxyarp and shorewall, I am new to shorewall and I have 5 static IP address from my ISP. My current setup is that I have one system with three network cards, (eth0 = xx.xx.xx.42, eth1 = 192.168.110.41 eth2 = 10.10.10.41), two systems with two network cards, (eth0 = xx.xx.xx.41 and eth1 = 10.10.10.42/44), I want to get rid of the eth1 of the two systems

The basic functionality of Shorewall 2.2.2 works fine with the soon-to-be-released SuSE 9.3 (I have an early copy). I''ll be trying it over the weekend with more complex configurations involving IPSEC and OpenVPN. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

There was a lengthy power failure here in Shoreline this morning and my firewall did not come back up when power was restored. The firewall is now up and service to the server has been restored. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hi, In a routed network environment, without the router , we want to use the shorewall as the firewall/router. The ISP has assigned the following set of IP addresses. WAN IP for subnet 1 (DATA) 220.227.202.X/30 ( to be assigned to eth0 of the shorewall) WAN IP for subnet 2 (Voice) 220.227.202.Y/30 ( to be assigned to eth1 of the shorewall) Addresses assigned for Subnet 1 by

I have an access-IProm my isp that I configured my eth0 with. And I also have an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP. This is how my configfiles look like. Internal everything seems to work but not external. /etc/shorewall/proxyarp #ADDRESS INTERFACE EXTERNAL HAVEROUTE

Hi Folks, Can i transform my firewall into a bridge (Mean Nic to Nic), in the ethernet level (Not protocal, Ip''s etc) and also use shorewall ? Than make a Layer 2 Switch with netfilter rules to all Ip''s in my network ? I have 4 whole real classes and want to protect the people inside. With proxyarp works but sometimes fail (People loose connection etc) Just with switchs and my

I''m not a subscribed user, so please cc me on any replies (fier0@bigfoot.com). I know this has been asked a few times, but i have not been able to find a direct answer. I was using shorewall with 2 nics, and it worked fine, except if that linux box went down then nobody could get out to the internet (and the wife would kick my ass). I''ve now started to use my linksys

Hi, New here... I would like to setup shorewall on a dedicated box protecting a mutiple web, mail and dns server in the datacenter. All the ip address will be public ip (No LAN setup). I would also like to do traffic shaping and install Snort as well in the same box. Can Shorewall do all this? Is there any docs on that? Do i need to configure Shorewall as a bridging firewall in order to do

Hi, Thanks for your reply . I am attaching the files needed by you herewith. The NAT device is called Pronto gateway which has two interfaces , namely eth0 and eth1. ''eth0'' has an ip address of 203.124.152.66 and eth1 has an ip address of 192.168.1.3 . All the client PCs are in 192.168.1.0 network [behind the NAT, the Pronto gateway] and use 192.168.1.3 as the default

There have been a number of questions recently about Shorewall 2.0 and routing. In earlier posts, I said that Shorewall 2.0 would no longer alter the routing table as part of setting up Proxy ARP. I have been persuaded to take a different approach. In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the proxyarp file and a new PERSISTENT column has been added. If the

My new DSL line came complete with a new Modem that is configured/monitored from a web browser. That inspired me to add a couple of new features to to the masq file which you can find in 2.1.1 (see attached release notes, New Feature 2). The modem has IP address 192.168.1.1 and is connected to eth0. My local network is 192.168.1.0/24 and is connected to eth2 which has IP address

This will be the last Shorewall release for a while as I''m going to be focusing on Documentation. In this release: 1. Empty and invalid source and destination qualifiers are now detected in the rules file. It is a good idea to use the ''shorewall check'' command before you issue a ''shorewall restart'' command be be sure that you don''t

This change rolls up the fix for the long-standing ProxyARP/IPSEC incompatibility. The fix has been available for some time on the 1.4 Errata page. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

I´ve figured out the following. I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp x.x.x.14 eth2 eth0 No very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn) but with public ip x.x.x.14 to x.x.x.11 If I try to sftp through the fw to the public internet I have the same

hi, i have a strange situtation. i try to connect to my machine with ssh and the packets are dropped but i have at the top of my rules an accept. the configuration looks like: rules-file: ----------- ACCEPT net fw tcp 22 - TCPDUMP-log: ------------ 12:16:08.153934 84.153.98.30.1322 > [my-destination-machine].ssh: S 3717288415:3717288415(0) win 64240 <mss

Our VPN runs for 3 months very well with a minimum of traffic <100 kbit/s. Only DNS Zones and nagios passive checks were transferred. Everything seems to work. Left side is x.x.x.14 (host 1) Subnet 10.0.0.0/24 openswan 2.4.4 shorewall 2.4.2 & iptables 1.3.4 gentoo 2.6.12-r9 with policy match It´s reachable through a proxyarp entry on x.x.x.11 (host 2) which is another gentoo 2.6.12-r9

Tom, Is not this query worth answering? -Siva -----Original Message----- From: Sivamurugu K. Pillai Sent: Friday, April 08, 2005 3:14 PM To: ''Mailing List for Shorewall Users'' Subject: ProxyARP in a Routed environment Hi, In a routed network setup , is it possible to use ProxyARP given the condition that the shorewall external interface and the DMZ interface are in a

Hi- One last question for the week, I promise. I''ve got one IP ProxyArp''d according to the instructions at http://www.shorewall.net/ProxyARP.htm. I''ve setup the shorewall/proxyarp file as follows: #ADDRESS INTERFACE EXTERNAL HAVEROUTE PERSISTENT 208.4.145.73 br0 eth1 no yes #LAST LINE -- ADD YOUR ENTRIES

Hello list, I am in the process of switching from IPCOP to Shorewall s the firewall for our small office. I very much like the fact that Shorewall runs on top of the same OS (openSuSE 11.4) that I run on the server and my desktop. Our setup is fairly straightforward. We have 8 static ip addresses from our ISP, which provides a cable modem and a Cisco 800 series router. The ip addresses are