similar to: Also new in CVS....

Beta 1 is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Features include: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for helping with updating the sample configurations. New in 1.3.14: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

hi list, i got a small problem. here is my setup: WAN | | | bridged $FW-------DMZ | | masqueraded | LOCAL my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 * eth0 is connected to the WAN * eth1 is connected to my DMZ * eth2 is connected to LOCAL network i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 * my router

My new DSL line came complete with a new Modem that is configured/monitored from a web browser. That inspired me to add a couple of new features to to the masq file which you can find in 2.1.1 (see attached release notes, New Feature 2). The modem has IP address 192.168.1.1 and is connected to eth0. My local network is 192.168.1.0/24 and is connected to eth2 which has IP address

--On Friday, January 24, 2003 1:59 PM -0700 Steve Fink <stevef@netvantix.com> wrote: > On Fri, 2003-01-24 at 08:31, Tom Eastep wrote: >> >> >> --On Friday, January 24, 2003 8:20 AM -0700 Steve Fink >>> <stevef@netvantix.com> wrote: >>> >>> http://leaf.netvantix.com/012303/swstatus.txt >>> >> >> It looks like your

I have a firewall with 2 connections to the internet (eth1 and eth2) and one LAN interface. on the LAN interface, the users can connect via PPTP. those authenticating via pptp shall be masqueraded over eth2, those not authenticating should be ordinary masqueraded over eth1. as from the archives I took the configuration like in FAQ32, but this doesn''t work with the ppp+ interfaces. I

Hi folks, sorry for my bad english, but I am not a native speaker. I want to setup a virtual firewall-host in a UML-Session. I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge. I have 4 nic''s in my System: eth0 -> localnet 0 eth1 -> localnet 1 eth2 -> wlan eth3 -> DSL/ppp0 I''m using four bridges br0,br1,br2,br3. The UML firewall host is

Hello, Could someone with the requisite shorewall expertise please help me? Here is a description of my problem. I dial in to my ISP using kppp. It seems to establish a connection just fine. However, only a handful of bytes are exchanged. I must then become ''root'' and issue ''shorewall start'' in order to get the Internet connection to work normally. Once

Dear all, I''ve the following problem with routing + NAT: If I''ve two ISP and I''m using two nexthop in default route with MASQUERADE on both ISP links, I see routing cache regenerated, but sometimes packets sent to a new link (after cache regeneration) uses wrong source address for masquerading. Here is the config. I''ve two links to outside via two

Hello all: I''ve got a confusing issue. I had a working shorewall configuration (based on the two interface model) using DNAT for redirection to my HTTP server. The HTTP server is on my inside network (I know - bad juju, but one thing at a time). I changed my configuration this morning to use views in my BIND (named) configuration. Everyone outside the firewall is able to get in

Hi all, I have a network like this : Provider 1 Provider 2 \ / \ / \ / eth1 \ / eth2 ------------- | | | | | | | | | | | eth0 | ------------- | | | | 2 networks : -

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

Okay here is my setup: Gentoo Box running 2.6.4 w/ 4 NICs 1 NIC is for internal network 3 NICs are for external network The machine has a static address assigned to the internal network nic. This nic runs dhcp and dns forwarding. The other 3 nics have external dynamic IP addresses. All will have the same gateway. There are 3 NICs because this is a very large pipe, that will only allocate a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In this release: 1) Dynamic Ipsec Zones now work. 2) Output Traffic Accounting by user/group is supported (thanks to Tuomas Jormola). 3) The following negative test options are added in /etc/shorewall/ipsec and /etc/shorewall/masq: reqid!=<number> spi!=<number> proto!=esp|ah|ipcomp mode!=tunnel|transport

I have a pretty straightforward shorewall (v 2.0.12) setup in my Phoenix office. IP addresses on the firewall eth0 172.16.10.249 eth1 12.47.198.100 eth1:1 12.47.198.108 eth1:2 12.47.198.101 eth2 172.16.11.249 interfaces: loc eth0 detect net eth1 detect blacklist dmz eth2 detect vpn1 tun1 192.168.124.255 zones net Net

(I am resending this message because my previous mail seems corrupted) Hi. I am having a little problem with IP MASQ and IPROUTE2. I am using RedHat 8.0 with IPTABLES. I have a linux gateway server with 3 NICs. I set up the linux server as the below. As the result, it works fine( 192.168.0.x can access the internet by masquerading via eth2 and external internet can access the eth1 and eth2).

A number of you are flailing around trying to get the subject combination to work. You should all be aware that there are parts of this that don''t currently work and that won''t work well until there are enhancements made to Shorewall (and probably to Netfilter). I. There is no clean way currently to support Road Warriors from a Masquerading Netfilter firewall/gateway. As

Hi, after migrating to shorewall firewall from my own iptables rule set (to utilise freeswan vpn tunnels) I have successfully configured a 3 interface firewall with net2net vpn tunnels, with the help of the shorewall documentation. However I cannot seem to configure my final step which is to masq another subnet attached to my LAN (LANB, via Cisco 1603 router) to get internet access via the

I've run into a problem on my KVM host where a single guest will be unreachable to other guests on the same host. This host has 2 bridged devices and guests assigned to each have the same issue. I've noticed that when I can't reach the problematic guest, the ARP entry for that system is incorrect. This issue seems to only be a problem about 75% of the time when making connections

Hello all, I''ve recently upgraded a Suse 9.1 box to Suse 9.2 (reinstall actually). This is mainly a test server that I use for testing our device with nat/snat etc. I just got around to reinstalling Shorewall 2.2.4, and I''m having an odd problem at startup I was hoping someone could perhaps shed some light on. I''ve created a very basic setup just to get Shorewall