similar to: More on routing support in CVS

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

If you are willing to patch your iptables and kernel to support the ROUTE target, the code in CVS project Shorewall2/ now supports very flexible routing. As an example, I run Squid in my DMZ for transparent proxy. Rather than the complex routing setup described in http://shorewall.net/Shorewall_Squid_Usage.html, I now use this single entry in /etc/shorewall/routes to route all HTTP requests from

FYI This bug will prevent ''shorewall restore'' from working if you have "!<single IP address>" in the ORIGINAL DEST column. -Tom ---------- Forwarded Message ---------- Subject: [PATCH] Another iptables-save buglet Date: Wednesday 14 September 2005 15:09 From: Tom Eastep <teastep@shorewall.net> To: netfilter-devel@lists.netfilter.org The conntrack

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi Tom, Thank you for your quick reply. I aplied changes as you suppose, and now users can comunicate each with others. - thank you very much. I have just one aditional question regarding PKTTYPE=No variable. I didnt find it in shorewall.conf so I simply add it at the end of conf file (above #Last line :-) ) So question is it is standard feature of shorewall, and from which version it is

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

The Shorewall CVS repository is now safely ensconced at Sourceforge. http://sourceforge.net/cvs/?group_id=22587 Please note that unlike with the old repository here at shorewall.net, at Sourceforge there is a delay in updating the ViewCVS (web) copy of the repository. As a consequence, developer commits are not immediately available for browsing with ViewCVS

The Shorewall CVS repository is now hosted on Sourceforge at http://sourceforge.net/cvs/?group_id=22587. Please note that unlike with the old repository here at shorewall.net, at Sourceforge there is a delay in updating the ViewCVS (web) copy of the repository. As a consequence, developer commits are not immediately available for browsing with ViewCVS

In the Shorewall/ CVS project: Problems Corrected: 1) There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" in the documentation and configuration files. 2) The description of NEWNOTSYN in

There have been a number of questions recently about Shorewall 2.0 and routing. In earlier posts, I said that Shorewall 2.0 would no longer alter the routing table as part of setting up Proxy ARP. I have been persuaded to take a different approach. In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the proxyarp file and a new PERSISTENT column has been added. If the

Tomorrow morning, the following systems will be unavailable while I upgrade the OS on my firewall: a) shorewall.net b) lists.shorewall.net c) cvs.shorewall.net d) rsync.shorewall.net The upgrade will begin around 0700 PST (-0800) and will like take two hours or so. Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \

In case any of you are interested, I''ve placed my script for building an entire Shorewall release from CVS into ftp://shorewall.net/pub/shorewall/contrib/makeshorewall.sh. The script assumes that the appropriate CVS project has already been updated with the current version number. There is currently no mechanism for re-building old releases. -Tom -- Tom Eastep \ Nothing is

The administrator of the main web/ftp site has informed me that the site is currently down. Until service is restored, you can use: http://www1.shorewall.net ftp://ftp1.shorewall.net Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I pointed out to Wilson in a private message, this appears to show that no other connection requests (other than port 3000) are being sent from the client to the server (or at least no other connection requests are being received by the Shorewall box). Wilson: Are you sure that the client is supposed to open port 3001 on the server and not the

On Thu, 2003-12-04 at 14:14, Alex Martin wrote: > > I will start posting this type of discussion to shorewall-devel, so that others > might help. > > Just let me know what you think. > I just checked in a few minor changes to the Docs -- I''ll try to keep my hands off of them while others are working on them. -Tom -- Tom Eastep \ Nothing is foolproof to a

I''ve moved the remaining HTML files (including those that Mike and Paul are working on) to a new project named Shorewall-Website. This will segregate the Docbook documentation from the Website-only HTML files. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, I will be rebuilding my server. I expect the project to take most of the day. I will begin around 7AM PST (-0800). The server hosts the following sites: www1.shorewall.net (a.k.a. shorewall.net) ftp1.shorewall.net lists.shorewall.net rsync.shorewall.net Sorry for the inconvenience. - -Tom - -- Tom Eastep \ Nothing is foolproof

Because certain large European ISPs can''t get their act together WRT SPF, I''ve turned on masquerading of lists.shorewall.net. This means that list postings will now have "shorewall.net" sender addresses rather than "lists.shorewall.net". Sorry for the inconvenience but a lot of email is currently bouncing. -Tom -- Tom Eastep \ Nothing is foolproof to a

The Shorewall2/ project in CVS contains my initial attempt to establish correct routing for traffic forwarded from two different ISPs to internal servers. >From the release notes: Shorewall 2.3.2 includes support for multiple Internet interfaces to different ISPs. This feature is enabled by setting the "default" option for each Internet interface in