Displaying 20 results from an estimated 10000 matches similar to: "New Toy in CVS"
2005 May 17
1
Support for inbound traffic from multiple ISPs in CVS
The Shorewall2/ project in CVS contains my initial attempt to establish
correct routing for traffic forwarded from two different ISPs to
internal servers.
>From the release notes:
Shorewall 2.3.2 includes support for multiple Internet interfaces to
different ISPs. This feature is enabled by setting the "default"
option for each Internet interface in
2004 Jan 12
0
Shorewall2 -- now running on gateway.shorewall.net
I''ve gotten the basic code working on my firewall.
So that I can quickly get back online if I screw up, I''m currently calling it
shorewall2. That way if it screws up I can just "shorewall restart".
/sbin/shorewall2 -- command interpreter
/etc/shorewall2/ -- configuration files
/usr/share/shorewall2/ -- shared files
Both Shorewall and Shorewall2 use the
2004 Apr 20
2
Rule-specific Log Prefixes
The current CVS Project Shorewall2/ contains my implementation of this
feature. Thanks go to Xavier for ideas about the design.
Xavier -- please give my code a try and see if it works ok for you.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Sep 29
0
Re: Shorewall-users Digest, Vol 22, Issue 65
Hi
I have 2nic firewall . I had to open some ranges of udp and tcp ports . I
faced a problem that although all the ports are open Some functionality was
not working . Any body used shorewall with H323 Voip traffic DNATed . Any
help is appretiated .
Thanks
----- Original Message -----
From: <shorewall-users-request@lists.shorewall.net>
To: <shorewall-users@lists.shorewall.net>
Sent:
2003 Jan 14
3
Shorewall-1.3.13
Just some stuff that was laying around in CVS:
1. Added ''DNAT-'' target.
2. Print policies in ''check'' command.
3. Added CLEAR_TC option.
4. Added SHARED_DIR option.
[teastep@wookie Shorewall]$ cat releasenotes.txt
This is a minor release of Shorewall that has a couple of new features.
New features include:
1) A new ''DNAT-'' action has been
2005 May 03
0
Shorewall 2.3 Thread is opened
I''ve opened the Shorewall 2.3 thread in the Shorewall2/ CVS project.
The config files all show version 2.4 -- that saves me having to edit
each one of them again when I move from 2.3->2.4.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
2004 Aug 18
0
iptables-save is broken with policy match
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iptables=save is producing bad output for rules involving policy match.
I''ve checked in a version of /sbin/shorewall to the Shorewall2/ CVS
project that compensates for this bug.
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2004 Nov 26
0
More about Shorewall 2.2.0 Beta 5
If you encounter strange problems with the Beta then either set IPTABLES
(in shorewall.conf) to point to the iptables binary that you normally
use or download and install the ''/sbin/shorewall'' program from CVS
(Shorewall2/ project).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \
2004 Jul 30
0
Shorewall 2.1.2 problem with some shells
If you encounter strange problems with 2.1.2 and are using a shell other
than bash, you might try installing the ''functions'' file from CVS
Shorewall2/. It corrects a problem that I ran into with ''ash''.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Apr 29
2
iptables-save/iptables-restore
The version of Shorewall currently in CVS (Shorewall2/ project) has been
integrated with iptables-save/iptables-restore. This provides the means
to start and restart shorewall very quickly (mine restarts in under a
second) in the case where you are not changing your configuration.
The release notes are attached.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
2006 Oct 17
1
Re: Tc rules Help with multiISP + squid& squidguard...
I have delete "lo" Zones And Interface and rebuild all the firewall
>From Local I ping www.google.fr with DNS resolution
DNSMASK installed on the firewall.
POSTFIX and Squid+SquidGuard Installed on firewall
All clients machines have the IP of Firewall for Dns resolution
New Dump joint
Without Squid : I surf and all works perfectly
With Squid And REDIRECT rule : surf Is VERY TOO
2007 Sep 25
1
Local server unreachable by remote lan in dual isp configuration
hi all,
i have this situation:
isp1
|
dmz ----- FW linux ----- isp2
|----------------------------------- vpn
concentrator ----- various ipsec lan-2-lan
|
LAN
In lan i have "pc zone" and "server zone", same network.
Dmz and server zone browse internet through isp1, lan use isp2, and
remote
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2008 Mar 09
2
Dead Air on PF firewall
Hi All,
I have an asterisk box on my DMZ, and I'm using a PF for my firewall, I
can make a call but some reasons I have a dead air.
Any Ideas? below are my rules...
ext_if = "bce0"
int_if = "bce1"
altitude = "172.16.1.0/24"
#### machines ####
vbox = "172.16.1.1"
uci = "172.16.1.4"
voices = "203.172.x.1"
ipc =
2006 Feb 07
0
WG: AW: WG: proxyarp <--> OpenSwan VPN/Internet
I´ve figured out the following.
I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to
shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp
x.x.x.14 eth2 eth0 No
very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn)
but with public ip x.x.x.14 to x.x.x.11
If I try to sftp through the fw to the public internet I have the same
2004 Sep 21
2
(no subject)
i have squid running on DMZ zone
and my network using ProxyARP on eth1 and eth2
mylinuxbox slackware 9.2
my network can access to internet normal, but can''t
redirect to squid server from firewall.
sometimes my network can connect to squid and sometimes
bypass this squid server. i dont know what going on.
now.. my network bypass redirect to squid server.
my config file follow document
2006 Mar 28
0
Shorewall 3.0.6
http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/
ftp://ftp1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/
Coming soon to a Mirror near you.
Problems corrected in 3.0.6
1) A typo in the output of "help drop" has been corrected.
2) Previously, ''shorewall start'' would fail in the presence of a network
interface named ''inet''.
3)
2005 Sep 05
2
RE: Apache Virtual Hosts Problem
Thanks all for the response to my problem. Outside interrupts made me set aside the
project temporarily.
Reading your input (one email of which was rejected by our email engine for reasons
unknown) the thinking seems to be that Apache can''t resolve its virtual hostnames. I
had not originally installed the dnsmasq module, so did that. However, there was no
difference in performance. I
2003 Dec 18
5
support.htm
I''ll take this one next.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 Mar 15
2
New feature for Shorewall 2.2.3
The following is taken from the Release notes for 2.2.3 (which will be
released in a month or so).
2) There has been ongoing confusion about how the
/etc/shorewall/routestopped file works. People understand how it
works with the ''shorewall stop'' command but when they read that
''shorewall restart'' is logically equivalent to ''shorewall