similar to: Shorewall 2.1.7

Dear list, I''m running Shorewall on a dedicated Fedora 7 box. Shorewall is working well as an office DSL router (dynamic IP) with loc and dmz zones. I am now trying to configure IPSec to connect a VPS, "casp", with a static IP to both the firewall and to the loc network behind it. The host to host SA works fine. However, pings from "loc" to "casp" can be

I am trying to set up an ipsec net-to-net VPN and am having problems. Here is a diagram of the setup: LAN A --> Host A ----> Internet <---- Host B <-- LAN B LAN A = 10.10.2.0/24 LAN A gateway = 10.10.2.254 Host A internal = 10.10.2.254 Host A external = xx.xx.xx.xx Host B external (see below) Host B internal = 10.10.1.10 LAN B = 10.10.1.0/24 LAN B gateway = 10.10.1.252 (F5 Big

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

hello, my setup is rh8 2.4.20-8, shorewall 2.0.7, freeswan-2.04. ------- policy------- vpn loc accept loc vpn accept vpn fw accept fw vpn accept --------------------- --------zone ------- net net loc local dmz dmz vpn vpn ------------------------ ----- tunnels --------- ipsec net 0.0.0.0/0 vpn ipsecnat net 0.0.0.0/0 vpn -------------------------------------- ------ interfaces

Hi, I''m trying to set-up an ipsec tunnel between a Redhat9 box and a Netgear FVS318. When trying to initialise the connection - ifup ipsec0 - I get the error: RTNETLINK answers: Network is unreachable This would lead me to believe shorewall is blocking ipsec. My config is below. The output of ''shorewall status'' is attached. Any help in pointing out if I''ve

Hi everybody. I''m sorry to bother you because I''m probably doing something wrong, but I have already read the documentation and I have been using shorewall for quite a long time. I recently installed 3.2.3 from source (but there was the same problem with 3.0.7 from apt-get ... -t unstable) The thing is, that I can''t get masq working. Maybe this is because

Hi all, I have a strange problem in trying to install a transparent proxy (in my internal net not on the shorewall server) according to the instructions as outlined in http://www.shorewall.net/Shorewall_Squid_Usage.html#Local My Network looks the following: Internal Net: 10.0.0.0/24 Squid Server listening on port 3128 (ip 10.0.0.152, DNS name server01) | |

Hey First, apologies if this went out twice. I sent the original email from an odd email configuration (essentially from an alias of what I signed up as). I searched and noticed that my post did not appear and I did not get a bounce back so I was confused. I waited a few days before resending. So apologies if this goes out twice. I am not trying to spam. I was hoping someone could help me with

Hi All: Ok, here is my network: 192.168.1.0/28 is the network behind the Cisco, the Gig0/1 interface is 192.168.1.1. Linux box is 192.168.1.96/28 behind with 192.168.1.97 the Eth1 interface. I have the Ipsec tunnel up and working between them using preshared keys. So that works. Here is the Cisco tunnel setup: interface Tunnel6 ip address 192.168.2.110 255.255.255.240 tunnel source

http://bugzilla.netfilter.org/show_bug.cgi?id=577 Summary: cannot set spi/reqid numbers higher than 0x7fffffff (policy match) Product: iptables Version: unspecified Platform: i386 OS/Version: All Status: NEW Severity: normal Priority: P1 Component: iptables AssignedTo: laforge

Hello, I seem to have the Freeswan IPSEC tunnel working between my two sites, but I am still having a problem that looks to be because of something I have configured wrong in my shorewall setup.. I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and standard Debian network/interfaces. I am also using Shorewall

Hello all, I''ve recently upgraded a Suse 9.1 box to Suse 9.2 (reinstall actually). This is mainly a test server that I use for testing our device with nat/snat etc. I just got around to reinstalling Shorewall 2.2.4, and I''m having an odd problem at startup I was hoping someone could perhaps shed some light on. I''ve created a very basic setup just to get Shorewall

Hello all: I''ve got a confusing issue. I had a working shorewall configuration (based on the two interface model) using DNAT for redirection to my HTTP server. The HTTP server is on my inside network (I know - bad juju, but one thing at a time). I changed my configuration this morning to use views in my BIND (named) configuration. Everyone outside the firewall is able to get in

--On Wednesday, January 15, 2003 8:57 AM +0000 Julian Church <jc@ljchurch.co.uk> wrote: > Tom > > There''s no reason you should let a complete stranger question your better > judgement, but weren''t you supposed to be taking a break from all of this? > The problem I am having is "Now what do I do with myself in the early mornings and evenings?":

Hi I have using a Bering (LRP) box with shorewall, and I must enable IP masquedare only a few hosts on my network. I want to enable only masquerade from 192.168.0.2 to 192.168.0.25. What I must do ? I known that I have to configure the /etc/shorewall/masq file, but I don''t known how. Thanks in advance.

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

Attached please find updated build and publish scripts. They set the ''ulink.target'' parameter appropriately when converting docbook->HTML. I have always hacked my xhtml/params.xsl file to set this parameter; these updated scripts make that abomination unnecessary. Paul/Mike: It might be a good idea to add a CVS project for these scripts. -Tom -- Tom Eastep \ Nothing is

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to