Displaying 20 results from an estimated 20000 matches similar to: "Bridge Example"
2003 Dec 16
0
Bug in Shorewall 1.4.7 and 1.4.8
"Dark Ryder" has reported a bug in Shorewall 1.4.7; this bug is also present
in Shorewall 1.4.8.
The effect of the bug is that in DNAT rules that specify SNAT, the SNAT
address can be effectively ignored in some cases.
I have created corrected versions of the ''firewall'' script for both 1.4.7
(based on 1.4.7c) and 1.4.8; these corrections may be downloaded from the
2004 Jan 15
2
Crypto API and Shorewall
A number of you are flailing around trying to get the subject combination to
work.
You should all be aware that there are parts of this that don''t currently work
and that won''t work well until there are enhancements made to Shorewall (and
probably to Netfilter).
I. There is no clean way currently to support Road Warriors from a
Masquerading Netfilter firewall/gateway. As
2004 Nov 06
2
Upgrade from Hell
For those of you running SuSE 9.1, I do not recommend upgrading to 9.2
at this time.
Refer to http://shorewall.net/myfiles.htm for information on my
configuration:
a) On Ursa:
1) After the upgrade, both of the NICs were recognized as "configured"
in YAST yet neither of them would start; ifup claimed that no
configuration could be found for either interface. Only got them running
2004 Sep 23
0
Fwd: RE: 2.6 kernel ipsec and shorewall
FYI...
---------- Forwarded Message ----------
Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall
Date: Thursday 23 September 2004 07:44
From: "Jonathan Schneider" <jon@clearconcepts.ca>
To: "''Tom Eastep''" <teastep@shorewall.net>
I must have been up too late working on this, looking at it the next day I
noticed I completely forgot
2004 Jan 22
5
Shorewall 1.4.10 RC1
I''m doing more releases of 1.4.* to try to work around the absurd way in which
the 2.6 kernel supports ipsec.
1.4.10 will provide a means for excluding multiple destination hosts/subnets
from masquerade/SNAT.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 Sep 20
0
Fwd: [PATCH] Another iptables-save buglet
FYI
This bug will prevent ''shorewall restore'' from working if you have "!<single
IP address>" in the ORIGINAL DEST column.
-Tom
---------- Forwarded Message ----------
Subject: [PATCH] Another iptables-save buglet
Date: Wednesday 14 September 2005 15:09
From: Tom Eastep <teastep@shorewall.net>
To: netfilter-devel@lists.netfilter.org
The conntrack
2003 Dec 03
0
New in CVS
In the Shorewall/ CVS project:
Problems Corrected:
1) There has been a low continuing level of confusion over the terms
"Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all
instances of "Static NAT" have been replaced with "One-to-one NAT"
in the documentation and configuration files.
2) The description of NEWNOTSYN in
2003 Dec 29
0
Shorewall 1.4.9 Beta 2
http://shorewall.net/pub/shorewall/Beta
ftp://shorewall.net/pub/shorewall/Beta
This is Beta 1 with the following Changes:
a) The fix for SNAT in DNAT rules has been included.
b) An updated rfc1918 file is included.
c) The documentation is no longer part of the base release. Stay tuned for
announcements on how the documentation is going to be released.
-Tom
--
Tom Eastep \ Nothing is
2003 Dec 08
0
Shorewall 1.4.9 Beta1
http://shorewall.net/pub/shorewall/Beta
ftp://shorewall.net/pub/shorewall/Beta
Problems Corrected since version 1.4.8:
1) There has been a low continuing level of confusion over the terms
"Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all
instances of "Static NAT" have been replaced with "One-to-one NAT"
in the documentation and
2004 Nov 02
0
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Sep 29
0
Re: Shorewall-users Digest, Vol 22, Issue 65
Hi
I have 2nic firewall . I had to open some ranges of udp and tcp ports . I
faced a problem that although all the ports are open Some functionality was
not working . Any body used shorewall with H323 Voip traffic DNATed . Any
help is appretiated .
Thanks
----- Original Message -----
From: <shorewall-users-request@lists.shorewall.net>
To: <shorewall-users@lists.shorewall.net>
Sent:
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Nov 04
0
Preparing for Shorewall 2.2
Shorewall 2.2.0 is expected to be released in the February/March
timeframe so it is now time to begin thinking about preparing to
upgrade. This is particularly important for those of you still running
Shorewall 1.4 since support for that version will end with the release
of 2.2.
For those of you still running Shorewall 1.4, here are some things that
you can do ahead of time to ease the upgrade to
2005 Jun 28
2
[Fwd: Bridge + netfilter failing with recent Fedora 3 kernels.]
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2004 Dec 07
2
[Fwd: router and transparent bridge in same box attempth 2 :)]
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2005 Jan 15
2
Re: Shorewall - Bridging with Gentoo
Joshua Schmidlkofer wrote:
> Tom Eastep wrote:
>
>> Joshua Schmidlkofer wrote:
>>
>>> Tom,
>>>
>>> Here is the setup method w/ Bridging on Gentoo.
>>>
>>
>> Thanks, Joshua
>>
>> -Tom
>
>
> Off topic - Has anyone cooked up a good web front end? I am messing w/
> IPCop, because one of my clients uses it.
2004 Mar 05
0
Bridge Documentation
http://shorewall.net/2.0/bridge.html
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Dec 19
6
IPSEC vs OpenVPN
While I have concentrated on support for 2.6 native IPSEC in release
2.2.0, I am still of the opinion that unless you absolutely need IPSEC
compatibility that OpenVPN is a much easier (and in the case of
roadwarriors, a much better) solution.
Having already generated all of the required X.509 certificates, it took
me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one
using the new
2007 Nov 28
2
[Fwd: Re: Port 3001 still have problem]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As I pointed out to Wilson in a private message, this appears to show
that no other connection requests (other than port 3000) are being sent
from the client to the server (or at least no other connection requests
are being received by the Shorewall box).
Wilson: Are you sure that the client is supposed to open port 3001 on
the server and not the
2004 Mar 04
0
Bridging Code
The Bridging code is at ftp://shorewall.net/pub/shorewall/Bridging. The
README.txt provides information about how to use the code.
It has been lightly tested under SuSE 9.0 with a 2.4.25 kernel. I found
that I had to rebuild iptables with the 2.4.25 kernel headers before I
could get Shorewall to start.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \