Displaying 20 results from an estimated 2000 matches similar to: "Building custom _updown script for freeswan to make it talk with shorewall"
2002 Sep 29
7
[Fwd: Building custom _updown script for freeswan to make it talk with shorewall]
Tuomo Soini wrote:
> You don''t happen to read shorewall-devel mailinglist ?
I read it -- I just didn''t know what to make of your post and it arrived
while I was on vacation.
What exactly are you trying to accomplish that Shorewall isn''t doing for
you now?
e.g.
/etc/shorewall/zones
rw Roadwarriors Road Warriors
/etc/shorewall/interfraces
rw ipsec+
2002 Oct 01
0
Dynamic Zones
The version of Shorewall in the CVS development tree contains the first
implementation of dynamic zones. While these zones are aimed at IPSEC Road
Warriors, there is nothing ipsec-specific in the implementation except for
a small extension in the tunnels file.
There are two new commands: add and delete
shorewall {add|delete} <interface>[:<host or subnet>] zone
The interface
2005 May 25
5
Patch to fix dynamic add/delete to zone functinality
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I''m running systems with openswan and modified _updown script supporting
shorewall dynamic hosts. Because on problems with cvs head version of
openswan I found a error from shorewall dynamic hosts support. When host
is already in zone shorewall aborts adding process with error. This is
not good thing(tm).
I found out that deleting host from
2003 Oct 08
2
Problem with /bin/ash
I have /bin/ash from rh8 installation and I have following error when I
tried to change using ash instead of sh with shorewall-1.4.7:
+ eval options=$tap0_options
+ options=
+ list_search newnotsyn
+ local e=newnotsyn
+ [ 1 -gt 1 ]
+ return 1
+ run_user_exit newnotsyn
+ find_file newnotsyn
+ [ -n -a -f /newnotsyn ]
+ echo /etc/shorewall/newnotsyn
+ local user_exit=/etc/shorewall/newnotsyn
+ [
2003 Jan 06
3
ipsec nat-traversal
It seems to me that ipsecnat tunnel type is not complete.
Latest drafts of ipsec nat-traversal use udp port 4500 for nat-traversal
communications. (It''s called port floating). That is needed to get rid
of ugly ipsec passthru devices.
Now ipsecnat opens port udp/500 from any source port.
And I think ipsecnat won''t work at all with gw zone defined? I''m not
sure about
2004 Feb 11
2
shorewall-docs-html-1.4.10a bugreport
shorewall-docs-html-1.4.10a is missing following files:
Banner.htm
Shorewall_index_frame.htm
seattle_firewall_index.htm
Or there should be different index.htm in tar. There might be other
missing files but that''s what I found out immidiately when I tried to
check local docs.
--
Tuomo Soini <tis@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy
2003 Jan 14
1
Question on Shorewall with FreeSwan
I am new to Shorewall and FreeSwan, please excuse my ignorance I was
wondering if someone could help me.
I had help getting my FreeSwan running with the following iptables
commands:
iptables -I FORWARD -s 0/0 -d 192.168.1.0/24 -i ipsec0 -o eth1 -j
ACCEPT
iptables -I FORWARD -s 192.168.1.0/24 -d 0/0 -i eth1 -o ipsec0 -j
ACCEPT
If I manually run this FreeSwan works, however I am not sure
2003 Jan 14
1
Firewalling multiple FreeSwan connections
Hi all!
I have got a vpn connection set up using FreeSwan and shorewall.
Everything works fine but I want to add another subnet to the whole. This
means that 1 box will get two net-to-net connections.
I want to limit the services on one subnet however. Cuurently I have
defined a vpn zone for the current connection and allow all vpn<->loc
traffic.
How would I go about in tightening the
2004 Aug 16
1
CLEAR_TC=Yes & TC_ENABLED=No
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found a problem with my tcstart script.
First I was running system TC enabled for testing and then to stop all
TC I changed TC_ENABLED=No.
But I started to wonder why shorewall restart did _not_ clear TC rules
after TC was disabled?
So I checked firewall and found out that if TC_ENABLED=No TC_CLEAR is
disabled automatically.
Question is: should
2004 Jun 02
1
Minor patch to install.sh to make it honor environment variables
Just something I patch in my rpm set to make shorewall configurable.
--
Tuomo Soini <tis@foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-------------- next part --------------
--- shorewall-2.0.2d/install.sh.orig 2004-05-28 03:17:01.000000000 +0300
+++ shorewall-2.0.2d/install.sh 2004-05-30 01:08:00.000000000 +0300
@@ -87,11 +87,20 @@
# RUNLEVELS
2019 May 02
1
http-lib test failures when building dovecot-2.3.5 and later in mock builder
There is random failure in test-http-payload when building rpm package
from 2.3.6. I couldn't reproduce that in normal system but that happens
something like every second try in mock chroot build envirnoment. Other
tests don't have issues so it looks like test is not very reliable.
Building 2.3.4 didn't yet have this issue.
./test-http-payload -D output attached.
--
Tuomo Soini
2019 May 22
1
How to get original recipient from Postfix when using LMTP?
On 2019-05-22 08:18, Tuomo Soini via dovecot wrote:
> On Tue, 21 May 2019 18:24:46 +0000
> MRob via dovecot <dovecot at dovecot.org> wrote:
>
>> Many people prefer to use LMTP for delivery from postfix for better
>> efficiency but X-Original-to header support still missing after many
>> years. One affect of this is need to set
>>
2003 May 26
2
minor problem with shorewall-1.4.4
I found a minor problem in new logging system.
New logging system limits zone-names effectively to 4 characters. If you
have REJECT policy between 2 zones which have 5 characters long, here
example ipsec zone, I iptables will give error because logprefix is
limited to 29 characters.
--log-prefix "Shorewall:ipsec2ipsec:1:REJECT:"
So zone names should be limited to 4 characters or
2003 Jan 26
7
Bug in shorewall
I just added 802.1Q VLAN support to redhat initscripts. And after
support was ready, I tried to restart shorewall. Well it blew into
pieces. Seems like shorewall can''t handle device names like:
eth0.3 very properly. That''s default naming of vlan devices. eth1 is
master device and 3 is id of my test vlan.
So when I added to interfaces line:
home eth0.3 detect
seems like
2002 Feb 28
2
Problem with FreeSwan and Shorewall on a LEAF(Oxygen) based router.
Hello,
I seem to have the Freeswan IPSEC tunnel working between my two sites,
but I am still having a problem that looks to be because of something I have
configured wrong in my shorewall setup..
I have a LEAF Oxygen < 1.9 heavily modifed firewall setup.. Using
FreeSwan 1.91, and Kernel 2.4.8. Modified to use IPTables and
standard Debian network/interfaces. I am also using Shorewall
2003 May 09
3
Windows 2000 Profiles Through Freeswan VPN
Hello,
I have setup a samba server at my office as a PDC it stores the profiles
on the server fine. I can access the profiles from any computer in the
office just fine. My problem is that I work from home 4 days a week and
need to access my work profile. I currently VPN into the office network
via freeswan. I can log into the the domain from the vpn'd connection
and I can access the samba
2004 Aug 12
0
Advanced Routing and FreeSwan
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I''m trying to setup a central IPSEC-Gateway with several ipsec tunnels.
Some are to be routed over one leased line, some over the other leased
line. Both leased lines have their own public ip adress.
The setup looks kinda like this:
eth1(ipsec0)--ISP0--Internet--eth1-Linux1-eth0--Subnet1
/
2005 May 27
5
Problems with dynamic zones
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I found out problems with dynamic add of hosts to zones. If somebody has
idea how to fix it, please do tell. My head is not working on this on
properly. Hope you get idea from this message. I''m trying to simplify
this as much as possible to get problem clear.
Problem is:
Zones:
vpn
wlan
net
Interfaces:
net eth0
wlan eth1
Policies:
vpn all
2004 Jan 15
4
shorewall, freeswan and kernel crypto-api
Hello,
I''ve finally managed to setup a firewall with freeswan 2.04 using the
kernel crypto api (backported from kernel 2.6).
(Almost) everything seems to work fine if I disable shorewall, but
packets are filtered whe shorewall is active.
I''ve already read a past thread on the subject and I followed all the
hints and it actually partially works: my lan I can access the remote
2003 Oct 21
0
Shorewall 1.4.7a
This is a bugfix roll up of the following:
1) Tuomo Soini has supplied a correction to a problem that occurs using
some versions of ''ash''. The symptom is that "shorewall start" fails
with:
local: --limit: bad variable name
iptables v1.2.8: Couldn''t load match `-j'':/lib/iptables/libipt_-j.so:
cannot open shared object file: No such