Displaying 20 results from an estimated 20000 matches similar to: "Shorewall 2.1.7"
2007 Sep 03
3
Shorewall + IPSec: help debugging why gw1<->gw2 SA works, but loc<->gw2 traffic doesn't trigger SA
Dear list,
I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working
well as an office DSL router (dynamic IP) with loc and dmz zones. I am now
trying to configure IPSec to connect a VPS, "casp", with a static IP to both
the firewall and to the loc network behind it. The host to host SA works
fine. However, pings from "loc" to "casp" can be
2009 Feb 16
0
ipsec net-to-net problem
I am trying to set up an ipsec net-to-net VPN and am having problems.
Here is a diagram of the setup:
LAN A --> Host A ----> Internet <---- Host B <-- LAN B
LAN A = 10.10.2.0/24
LAN A gateway = 10.10.2.254
Host A internal = 10.10.2.254
Host A external = xx.xx.xx.xx
Host B external (see below)
Host B internal = 10.10.1.10
LAN B = 10.10.1.0/24
LAN B gateway = 10.10.1.252 (F5 Big
2004 Aug 16
2
Re: [Shorewall-announce] Shorewall 2.1.4
Magnus Hyllander wrote:
>
> I guess what I''m wondering is, how does Shorewall (netfilter) know which
> zone a certain road warrior belongs to?
I''ve just completed getting dynamic zones working with ipsec again. A
dynamic IPSEC zone is defined in /etc/shorewall/zones by following the
short name (first column) with ":ipsec". The code is in CVS.
There are a
2004 Aug 11
0
Ipsec and masq
hello,
my setup is rh8 2.4.20-8, shorewall 2.0.7, freeswan-2.04.
------- policy-------
vpn loc accept
loc vpn accept
vpn fw accept
fw vpn accept
---------------------
--------zone -------
net net
loc local
dmz dmz
vpn vpn
------------------------
----- tunnels ---------
ipsec net 0.0.0.0/0 vpn
ipsecnat net 0.0.0.0/0 vpn
--------------------------------------
------ interfaces
2004 Aug 13
1
ipsec tunnel to netgear fvs318
Hi,
I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear
FVS318.
When trying to initialise the connection - ifup ipsec0 - I get the error:
RTNETLINK answers: Network is unreachable
This would lead me to believe shorewall is blocking ipsec.
My config is below.
The output of ''shorewall status'' is attached.
Any help in pointing out if I''ve
2006 Aug 29
3
masq problem
Hi everybody.
I''m sorry to bother you because I''m probably doing something wrong, but
I have already read the documentation and I have been using shorewall
for quite a long time.
I recently installed 3.2.3 from source (but there was the same problem
with 3.0.7 from apt-get ... -t unstable)
The thing is, that I can''t get masq working. Maybe this is because
2009 Jun 27
1
Transparent Proxy Problem with Squid3 and Shorewall
Hi all,
I have a strange problem in trying to install a transparent proxy (in my
internal net not on the shorewall server) according to the instructions
as outlined in http://www.shorewall.net/Shorewall_Squid_Usage.html#Local
My Network looks the following:
Internal Net: 10.0.0.0/24 Squid Server listening on port 3128
(ip 10.0.0.152, DNS name server01)
| |
2012 Oct 24
1
IPSEC/L2TP Local and External Internet Access at same time through two interfaces?
Hey
First, apologies if this went out twice. I sent the original email from an odd email configuration (essentially from an alias of what I signed up as). I searched and noticed that my post did not appear and I did not get a bounce back so I was confused. I waited a few days before resending. So apologies if this goes out twice. I am not trying to spam.
I was hoping someone could help me with
2006 Jul 15
1
GRE over IPSec Tunnels to a Cisco using Openswan
Hi All:
Ok, here is my network:
192.168.1.0/28 is the network behind the Cisco, the
Gig0/1 interface is 192.168.1.1.
Linux box is 192.168.1.96/28 behind with 192.168.1.97
the Eth1 interface.
I have the Ipsec tunnel up and working between them
using preshared keys. So that works.
Here is the Cisco tunnel setup:
interface Tunnel6
ip address 192.168.2.110 255.255.255.240
tunnel source
2009 Feb 16
2
[Bug 577] New: cannot set spi/reqid numbers higher than 0x7fffffff (policy match)
http://bugzilla.netfilter.org/show_bug.cgi?id=577
Summary: cannot set spi/reqid numbers higher than 0x7fffffff
(policy match)
Product: iptables
Version: unspecified
Platform: i386
OS/Version: All
Status: NEW
Severity: normal
Priority: P1
Component: iptables
AssignedTo: laforge
2002 Feb 28
2
Problem with FreeSwan and Shorewall on a LEAF(Oxygen) based router.
Hello,
I seem to have the Freeswan IPSEC tunnel working between my two sites,
but I am still having a problem that looks to be because of something I have
configured wrong in my shorewall setup..
I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using
FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and
standard Debian network/interfaces. I am also using Shorewall
2005 May 12
2
Shorewall 2.2.4 problem with SuSe 9.2.
Hello all,
I''ve recently upgraded a Suse 9.1 box to Suse 9.2 (reinstall
actually). This is mainly a test server that I use for testing our
device with nat/snat etc. I just got around to reinstalling Shorewall
2.2.4, and I''m having an odd problem at startup I was hoping someone
could perhaps shed some light on.
I''ve created a very basic setup just to get Shorewall
2003 Mar 25
7
DNAT not working after changing BIND to use views
Hello all:
I''ve got a confusing issue. I had a working shorewall configuration
(based on the two interface model) using DNAT for redirection to my HTTP
server. The HTTP server is on my inside network (I know - bad juju, but
one thing at a time). I changed my configuration this morning to use
views in my BIND (named) configuration. Everyone outside the firewall
is able to get in
2003 Jan 15
1
Future of Shorewall (was Shorewall-1.3.13)
--On Wednesday, January 15, 2003 8:57 AM +0000 Julian Church
<jc@ljchurch.co.uk> wrote:
> Tom
>
> There''s no reason you should let a complete stranger question your better
> judgement, but weren''t you supposed to be taking a break from all of this?
>
The problem I am having is "Now what do I do with myself in the early
mornings and evenings?":
2003 Jan 03
3
Masquerade only a few hosts
Hi
I have using a Bering (LRP) box with shorewall, and I must enable
IP masquedare only a few hosts on my network.
I want to enable only masquerade from 192.168.0.2 to 192.168.0.25.
What I must do ?
I known that I have to configure the /etc/shorewall/masq file, but
I don''t known how.
Thanks in advance.
2004 Dec 26
1
Preparing for Shorewall 2.2 -- End of Support for Shorewall 1.4 is near!
Shorewall 2.2.0 is expected to be released in the February/March
timeframe so it is now time to begin thinking about preparing to
upgrade. This is particularly important for those of you still running
Shorewall 1.4 since support for that version will end with the release
of 2.2.
For those of you still running Shorewall 1.4, here are some things that
you can do ahead of time to ease the upgrade to
2005 Feb 02
1
Masq errors?
Hi all,
I have a problem with a new Shorewall box I''m trying to migrate from
iptables rules to shorewall 2.2.0.
I have a 3 interfaces setup:
- eth0 ---> internet (ip address)
- eth1 ---> remote office (10.0.0.0/8)
- eth2 ---> lan (192.168.16.0/24)
I''m using a very simple and common setup, with just a few DNAT rules in
my /etc/shorewall/rules file, and about twenty
2003 Jul 09
2
router in a subnet again :)
Hi,
after migrating to shorewall firewall from my own iptables rule set (to
utilise freeswan vpn tunnels) I have successfully configured a 3 interface
firewall with net2net vpn tunnels, with the help of the shorewall
documentation. However I cannot seem to configure my final step which is to
masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get
internet access via the
2005 May 26
3
Updated Shorewall build and publish scripts
Attached please find updated build and publish scripts. They set the
''ulink.target'' parameter appropriately when converting docbook->HTML. I
have always hacked my xhtml/params.xsl file to set this parameter; these
updated scripts make that abomination unnecessary.
Paul/Mike: It might be a good idea to add a CVS project for these scripts.
-Tom
--
Tom Eastep \ Nothing is
2004 Nov 04
0
Preparing for Shorewall 2.2
Shorewall 2.2.0 is expected to be released in the February/March
timeframe so it is now time to begin thinking about preparing to
upgrade. This is particularly important for those of you still running
Shorewall 1.4 since support for that version will end with the release
of 2.2.
For those of you still running Shorewall 1.4, here are some things that
you can do ahead of time to ease the upgrade to