Displaying 20 results from an estimated 10000 matches similar to: "ipsec-netfilter patches for 2.6.9"
2004 Sep 03
7
Shorewall as a "commercial" firewall
I am considering replacing my old checkpoint and watchguard firewalls witha
single Linux box using iptables and shorewall. I have two ISP''s (with
separate routing tables), two DMZ''s, at least one VPN to a remote office, and
a local trusted network. The configuration will look like:
+----------------+
| |
net0 ----------+ eth1
2004 Sep 22
3
2.6 kernel ipsec and shorewall
I set up an ipsec/racoon vpn tunnel test environment. The gateway machines
are 192.168.0.30 and 192.168.0.31 on the external adaptor and 10.0.1.1 and
10.0.2.1 internally. The test workstations are 10.0.1.10 and 10.0.2.10.
The tunnel seems to be working as in 10.0.1.10 can talk to 10.0.2.10 an vice
versa and they can both use the net via NAT, however 192.168.0.30 and
192.168.0.31 cannot directly
2004 Nov 05
8
Using Shorewall + Linux Virtual Server LVS/DR
I''m havign a HUGE amount of difficulty getting shoreline to work with LVS.
We use it here constantly so we know it works. The problem is packets come
in, get directed to a webserver, webserver returns the packet to firewall,
and then it goes into a black hole. rp_filter is off globally on all
interfaces. LVS seems to be working right....
I use shorewall tcrules to mark packets on
2004 Sep 01
11
IPSEC VPN clients on local network
I have problems connecting IPSEC VPN clients on the masqueraded network
to outside VPN servers.
It looks like this:
ipsec-user
| 192.168.1.10 (DHCP assigned)
|
| 192.168.1.1
fw-1 (shorewall, Linux 2.6)
| 20.20.20.20
(internet)
| 30.30.30.30
fw-2 (IPSEC VPN endpoint)
| 192.168.100.1
|
| 192.168.100.2
server
ipsec-user (a road warrior) is supposed to create an IPSEC tunnel to his
home
2004 Sep 24
10
hopeless - smb over bridged firewall
Dear List!
I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection
to the Internet (ppp0 - eth1 to the modem) and a bridge to the local
lan. The bridged config i''ve made with bridge.html from the shorewall
site. The Bridge is between local net and a openvpn tap device. This
works. I ccan make tunnels, and a can make a lot of things through the
firewall. I can get a list
2003 Mar 22
22
SecuRemote and Shorewall Problem
Sat Mar 22 14:16:55 CST 2003
This post is a bit long, but I want to make sure
I am providing the information up front that can
help in others helping me solve this mystery.
I am having a bit of difficulty getting Shorewall
to work with SecuRemote and its FW-1 server. I
have attached the "rules" file I am using and the
output of "shorewall show nat". The diagram below
2005 Mar 03
2
2.6.11 / IPSEC / Netfilter
Hello,
Having combed through the changefile from kernel.org it seems to me that
policy matching is still not in the 2.6 kernel. Is that a sadly correct
statement?
Joh
2003 Mar 26
2
VLAN Support
Hi there,
can anyone point me to the docs needed to support Tagged Vlans through
Shorewall. I might just be blind or my understanding of Tagged Vlans
isn''t good enough yet to find it.
Axel
2005 Jun 12
3
kernel and netfilter patches already in Redhat AS 4 for IPSEC
I read LinuxFest NW 2005 Presentation pdf. On page 32, mentioned it
required patches on kernel 2.6.x and netfilter and It only said that
SuSE 9.2 and 9.3 had patches on it''s stock kernel. I''m using Redhat AS
4. Anybody knows does the stock kernel and netfilter had theses
patches patched ? or How should I know the kernel and netfilter had
these patches applied ?
thanks!
2005 Jan 30
11
Poor ipsec performance with policy match
Hello !
I have a performance issue with Kernel 2.6.X and policy match support as
suggested in http://shorewall.net/IPSEC-2.6.html. My IPSEC performance
doesn''t exeed about 30kbyte/sec even if my downlink is 1024kbit/sec and
should reach more than 100kbyte/sec.
No, its not the cpu''s performance (AMD Barton 2500+) and no it''s not the
gateway (CELERON 600 Mhz) on the
2005 Feb 05
13
Problem while trying to set up an ipsec vpn
Hi,
I''m asking my question here, because I could not find any answer to my
problem, but I''m affraid shorewall is not the one to blame.
First of all I''m using shorewall version 2.0.15 on two linux box.
I set up an ipsec tunnel beetween those 2 boxes to be ables to connect
2 not routable subnetworks.
Here is my network topology:
10.66.17.0/24 - 10.66.17.1 = eth0
2004 Sep 30
4
IPSec connection from fw itself over vpn
Hello everyone,
I''m not sure whether to place my question here or in the racoon mailing
list or even in that of iptables.
I have created an ipsec connection with racoon in tunnel mode to another
gateway to connect one subnet on each side to each other. This works
fine. Only the ipsec gateway itself can''t send packages to the opposite
subnet.
Shorewall is configured according
2004 Dec 02
8
Correct Shorewall version for RedHat ES3
Hello all --
I am trying to get Shorewall, ipsec and RedHat ES version 3 to cooperate.
Before posting any specific problems, I thought I''d find out if I have the
right stuff to work with. (I''ve gotten ipsec to work flawlessly with
Shorewall using RH 8 and 9 kernels, so I have some experience with it.
Shorewall 2.0.12 works fine on this ES 3 box, except for the ipsec part)
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2004 Oct 06
7
Re: IPsec problems with tunneled networks
class wrote on 06/10/2004 11:18:48:
> Hello, I have the following situation:
>
> 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24
> 192.168.176.2 pop3 ipsec
> racoon
>
>
> policy: (Machine A and B)
> -------
> loc vpn ACCEPT
> vpn loc ACCEPT
> all
2004 Oct 06
7
Re: IPsec problems with tunneled networks
class wrote on 06/10/2004 11:18:48:
> Hello, I have the following situation:
>
> 192.168.176.0/24 ------ A ========== B ------ 192.168.177.0/24
> 192.168.176.2 pop3 ipsec
> racoon
>
>
> policy: (Machine A and B)
> -------
> loc vpn ACCEPT
> vpn loc ACCEPT
> all
2007 Jul 06
8
interop with strongswan / ipsec
I see support in shorewall for the KAME-tools, how about strongswan ?
I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my
vpn-gateway for the subnet behind it.
# Shorewall version 3.4 - Zones File
#ZONE TYPE OPTIONS IN OUT
# OPTIONS OPTIONS
fw firewall
fil ipsec mode=tunnel mss=1400
net ipv4
2004 Sep 08
6
netfilter modules
hi,
there is no support for patch-o-matic netfilter modules. what i have to do
if i want to use several patch-o-matic modules?
which parts of code has to be changed and will that changed be included
into the main shorewall tree in future or not?
best regards
claus
2004 Dec 10
2
Re: 2.6 Kernel and Native IPSEC
>From your post on Oct. 4, 2004
>As I announced earlier, I''m on vacation this week and we are spending
>the week at our second home. Before I left, I simulated an IPSEC tunnel
>between this house and our home in the Seattle area and I''m pleased to
>announce that the real tunnel works flawlessly.
>
>So I believe that I have done all of the testing that I can
2004 Dec 22
2
IPSec and Roadwarrior
Tom,
After reading your latest postings, I am correct in understanding that,
even with the netfilter-ipsec and policy patches in kernel 2.6, I still
would not be able to connect more that one roadwarrior at a time?
Mitch