Displaying 20 results from an estimated 20000 matches similar to: "Shorewall 2.0 and Routing"
2005 Jun 03
4
New Document for People Helping with Shorewall Support
The Shorewall support page advocates including the output of "shorewall
status" with problem reports that involve some sort of connection
problem. I suspect that the number of people who feel comfortable
analyzing problems through use this output is small.
To help, I''ve created http://shorewall.net/AnalyzingShorewallStatus.html
I suspect that the document isn''t
2004 Jan 31
5
Shorewall 2.0.0 Alpha 1
http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Feb 01
4
Shorewall 2.0.0 Alpha2
http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
See if this change to proxy arp is more palatable.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Aug 16
3
Not sure how to configure Shorewall 2.1.3
I have an access-IProm my isp that I configured my eth0 with.
And I also have an IP-range assigned from my ISP that will be used on my servers connected to eth1. The IP-range is routed thru the access-IP.
This is how my configfiles look like. Internal everything seems to work but not external.
/etc/shorewall/proxyarp
#ADDRESS INTERFACE EXTERNAL HAVEROUTE
2004 Sep 29
0
Re: Shorewall-users Digest, Vol 22, Issue 65
Hi
I have 2nic firewall . I had to open some ranges of udp and tcp ports . I
faced a problem that although all the ports are open Some functionality was
not working . Any body used shorewall with H323 Voip traffic DNATed . Any
help is appretiated .
Thanks
----- Original Message -----
From: <shorewall-users-request@lists.shorewall.net>
To: <shorewall-users@lists.shorewall.net>
Sent:
2004 Jul 13
0
Shorewall 2.1.1
My new DSL line came complete with a new Modem that is
configured/monitored from a web browser. That inspired me to add a
couple of new features to to the masq file which you can find in 2.1.1
(see attached release notes, New Feature 2).
The modem has IP address 192.168.1.1 and is connected to eth0. My local
network is 192.168.1.0/24 and is connected to eth2 which has IP address
2006 May 16
1
Traffic Routing/Shaping Problem
Hi,
I''m trying to use Shorewall (3.0.6) to accomplish what I thought was going
to be fairly simple. Unfortunately, I can''t get the dmz to work correctly,
and I''m getting martians logged against the interface at issue.
Any help I could get would be greatly appreciated!
A picture of my physical setup is attached. I have also attached a shorewall
dump.
To make a long
2006 Feb 07
0
WG: AW: WG: proxyarp <--> OpenSwan VPN/Internet
I´ve figured out the following.
I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to
shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp
x.x.x.14 eth2 eth0 No
very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn)
but with public ip x.x.x.14 to x.x.x.11
If I try to sftp through the fw to the public internet I have the same
2006 Jun 02
2
ProxyArp
Hi-
One last question for the week, I promise.
I''ve got one IP ProxyArp''d according to the instructions at
http://www.shorewall.net/ProxyARP.htm. I''ve setup the
shorewall/proxyarp file as follows:
#ADDRESS INTERFACE EXTERNAL HAVEROUTE
PERSISTENT
208.4.145.73 br0 eth1 no yes
#LAST LINE -- ADD YOUR ENTRIES
2004 Apr 16
0
Shorewall 1.4.10e
This change rolls up the fix for the long-standing ProxyARP/IPSEC
incompatibility. The fix has been available for some time on the 1.4
Errata page.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2002 Aug 12
4
Proxy ARP and RH 7.2
I have tried unsuccessfully to run both Shorewall 1.2.x, 1.3.x with
Proxy ARP on a Red Hat 7.2 machine.
The machine was configured as the external firewall as per the ''belt and
suspenders'' layout given at http://www.skippy.net/linux/firewall/
The firewall appeared to function correctly in all functions except
proxy ARP, however I must say I did not test exhaustively.
After
2005 Mar 12
0
Shorewall 2.2.2
Shorewall 2.2.2 is now available.
http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2
ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2
Problems Corrected:
1. The SOURCE column in the /etc/shorewall/tcrules file now correctly
allows IP ranges (assuming that your iptables and kernel support
ranges).
2. If A is a user-defined action and you have file /etc/shorewall/A
2004 Sep 16
0
Shorewall-2.1.9
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9
Problems Corrected:
1) IP ranges in the routestopped and tunnels files now work.
2) Rules where an IP range appears in both the source and destination
~ now work correctly.
3) With complex proxy arp configurations involving two or
2005 Mar 12
1
Shorewall 2.2.2 (Corrected)
I forgot to add the last new feature to the previous announcement.
Shorewall 2.2.2 is now available.
http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2
ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2
Problems Corrected:
1. The SOURCE column in the /etc/shorewall/tcrules file now correctly
allows IP ranges (assuming that your iptables and kernel support
ranges).
2.
2005 Jul 07
1
a long hard road
OK one factor that I had not mentioned previously is this is my first
time running Debian (yes I managed to do that since 1997...). Yesterday
I found /etc/network/interfaces and understood what it does!
My system is like the "About My Network" example except that I have 2
class Cs in the DMZ.
>From what I understand I use the same IP on the NET and DMZ interfaces.
I don''t
2004 Mar 23
0
Shorewall 2.0.0b
Fixes two problems:
a) Thanks to Sean Mathews, the long-standing problem with Proxy ARP and
IPSEC is solved.
b) The 2.0.0 Documentation claims that the default value of ALL
INTERFACES in /etc/shorewall/net is "Yes" -- the code didn''t support that.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington
2004 Sep 23
0
Fwd: RE: 2.6 kernel ipsec and shorewall
FYI...
---------- Forwarded Message ----------
Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall
Date: Thursday 23 September 2004 07:44
From: "Jonathan Schneider" <jon@clearconcepts.ca>
To: "''Tom Eastep''" <teastep@shorewall.net>
I must have been up too late working on this, looking at it the next day I
noticed I completely forgot
2004 Nov 02
0
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Jun 07
0
Re: Re: Proxy arp users
No, i did it normally. So it seems a router misconfiguration, doesn`t it? if so, tomorrow i will call the customer support. Glad it is not my fault :-)
--
Ciao
Nico
----- Messaggio originale -----
Da: "Tom Eastep"<teastep@shorewall.net>
Inviato: 07/06/04 20.27.28
A: "Mailing List for Shorewall Users"<shorewall-users@lists.shorewall.net>
Oggetto: Re: