similar to: Shorewall 2.0.12

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta7 Problems Corrected: 1. The "shorewall add" and "shorewall delete" commands now work in a bridged environment. The syntax is: shorewall add <interface>[:<port>]:<address> <zone>

Sorry some email problem, i have change it for more reliable one. I have try this morning to netmasq 192.168.11.0 (eth1) to 192.168.1.0 (eth0), but it is a mistake. Yes thank you for answering so fast ! I have corrected it, here the new diagram and the new routing table. But it still doesn''t work. From the router i can access to 192.168.11.254 I have add the rules : DNAT loc

Yes thank you for answering so fast ! I have corrected it, here the new diagram and the new routing table. But it still doesn''t work. >From the router i can access to 192.168.11.254 I have add the rules : DNAT loc priv:192.168.11.254:22 tcp 22 But i can''t connect to 192.168.11.254 from LAN The DNAT fonction doesn''t work, but i can DROP packet arriving on eth0 (loc)

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta8 Problems Corrected: 1. A typo in the /etc/shorewall/interfaces file has been corrected. 2. Previously, the "add" and "delete" commands were generating incorrect policy matches when policy match support was available. New

http://shorweall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta5 ftp://shorweall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta5 Problems corrected: 1. A typo in shorewall.conf (NETNOTSYN) has been corrected. New Features: 1. For consistency, the CLIENT PORT(S) column in the tcrules file has been renamed SOURCE PORT(S). 2. The contents of

My new DSL line came complete with a new Modem that is configured/monitored from a web browser. That inspired me to add a couple of new features to to the masq file which you can find in 2.1.1 (see attached release notes, New Feature 2). The modem has IP address 192.168.1.1 and is connected to eth0. My local network is 192.168.1.0/24 and is connected to eth2 which has IP address

This will be the final 2.3 release. It makes available multiple-ISP support. There is one external change to the version that has been in CVS for the last couple of days -- the ''default'' provider option has been named ''balance'' to better describe what the option does (load balancing). Please see http://shorewall.net/Shorewall_and_Routing.html for more

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2. If A is a user-defined action and you have file /etc/shorewall/A

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Hi folks, sorry for my bad english, but I am not a native speaker. I want to setup a virtual firewall-host in a UML-Session. I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge. I have 4 nic''s in my System: eth0 -> localnet 0 eth1 -> localnet 1 eth2 -> wlan eth3 -> DSL/ppp0 I''m using four bridges br0,br1,br2,br3. The UML firewall host is

Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for helping with updating the sample configurations. New in 1.3.14: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

I forgot to add the last new feature to the previous announcement. Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2.

This release back-ports the DROPINVALID shorewall.conf option from 2.2.0. 1) Recent 2.6 kernels include code that evaluates TCP packets based on TCP Window analysis. This can cause packets that were previously classified as NEW or ESTABLISHED to be classified as INVALID. The new kernel code can be disabled by including this command in your /etc/shorewall/init file: echo 1

http://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 ftp://shorewall.net/pub/shorewall/2.3/shorewall-2.3.0 WARNING: This is a development release and may be unstable New Features in version 2.3.0 1) Shorewall 2.3.0 supports the ''cmd-owner'' option of the owner match facility in Netfilter. Like all owner match options, ''cmd-owner'' may only be applied to

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

This is a bugfix roll up of the following: 1) Tuomo Soini has supplied a correction to a problem that occurs using some versions of ''ash''. The symptom is that "shorewall start" fails with: local: --limit: bad variable name iptables v1.2.8: Couldn''t load match `-j'':/lib/iptables/libipt_-j.so: cannot open shared object file: No such

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

I missed a couple of new features: 1) You can now use the "shorewall show zones" command to display the current contents of the zones. This is particularly useful if you use dynamic zones (DYNAMIC_ZONES=Yes in shorewall.conf). Example: foo:/etc/shorewall # shorewall show zones Shorewall-2.2.0-Beta7 Zones at foo - Sat Nov 27 9:18:05 PST 2004 loc

The administrator of the main web/ftp site has informed me that the site is currently down. Until service is restored, you can use: http://www1.shorewall.net ftp://ftp1.shorewall.net Sorry for the inconvenience. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \