similar to: Shorewall 2.1.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running, > but I still have a problem: > > Validating hosts file... > Error: Your kernel and/or iptables does not not support policy match: ipsec > > I had a look for netfilter patch-o-matic, but I did not find the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello! > > > Machine A > WAN IP: 123.123.123.111 > LAN IP: 192.168.177.1 > > > Machine A wants to connect through an IPsec tunnel to 192.168.176.2 tcp 110 (pop3). > > kernel: Shorewall:all2all:REJECT: > IN= OUT=ppp0 SRC=123.123.123.111 DST=192.168.176.2 > LEN=60 TOS=0x10

I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as my main firewall. It is running a home-built 2.6.9 kernel with the ipsec-netfilter and policy match patches. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

Hello everyone, I''m not sure whether to place my question here or in the racoon mailing list or even in that of iptables. I have created an ipsec connection with racoon in tunnel mode to another gateway to connect one subnet on each side to each other. This works fine. Only the ipsec gateway itself can''t send packages to the opposite subnet. Shorewall is configured according

I''m just looking for a quick sanity check to make sure what I''m finding is really all necessary here. I''m upgrading a gateway/firewall from Linux 2.4 to 2.6 using Mandrake 10.1. In the old 2.4 kernel I structured my firewall rules around the ipsec0 interface, which I understand isn''t present with Openswan running under 2.6 (no KLIPS). Ok, So as I start to

Hello, I''m stuck IPSECing my wireless network at home and would appreciate any comments. I appologize in advance if I''m wasting your time with trivia - I''m not a professional and staring at the problem for days from various angles hasn''t done me any good ... My home server/firewall (morannon) is hooked up through an USB to ethernet adapter (eth1) to my DSL

Hi, i have used shorewall for several years now, but now i have a problem i can not solve by my own. I use Debian (Testing/Sarge) with shorewall 2.2 and 2.6.10 Kernel. In the next few weeks i need several IPSEC VPN tunnels - ans thats the problem. "shorewall check" tells me that "Policy Match: not available". As i have RTFMd i need some iptables ans netfilter patches for 2.6

I''m doing more releases of 1.4.* to try to work around the absurd way in which the 2.6 kernel supports ipsec. 1.4.10 will provide a means for excluding multiple destination hosts/subnets from masquerade/SNAT. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

The basic functionality of Shorewall 2.2.2 works fine with the soon-to-be-released SuSE 9.3 (I have an early copy). I''ll be trying it over the weekend with more complex configurations involving IPSEC and OpenVPN. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Joshua Schmidlkofer wrote: > Tom Eastep wrote: > >> Joshua Schmidlkofer wrote: >> >>> Tom, >>> >>> Here is the setup method w/ Bridging on Gentoo. >>> >> >> Thanks, Joshua >> >> -Tom > > > Off topic - Has anyone cooked up a good web front end? I am messing w/ > IPCop, because one of my clients uses it.

Ok -- I''m wearing the brown bag tonight (I''ve airmailed one to Tuomas as well :-) ). The IPTABLES patch had some problems when IPTABLES was not set in /etc/shorewall/shorewall.conf. Beta 6 fixes those (I hope) and also corrects a rather obscure problem with "shorewall add" when the "mss" option appears in /etc/shorewall/ipsec. -Tom -- Tom Eastep \

While I have concentrated on support for 2.6 native IPSEC in release 2.2.0, I am still of the opinion that unless you absolutely need IPSEC compatibility that OpenVPN is a much easier (and in the case of roadwarriors, a much better) solution. Having already generated all of the required X.509 certificates, it took me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one using the new

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I''ve built a 1.2.9 iptables RPM that corrects the two iptables-save problems that I know about. It is available at: http://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm ftp://shorewall.net/pub/shorewall/iptables/iptables-1.2.9-95.7.i386.rpm I''m using this on SuSe 9.1 -- for other distros, YYMV... This RPM works

The patches may be found at: http://shorewall.net/pub/shorewall/contrib/IPSEC ftp://shorewall.net/pub/shorewall/contrib/IPSEC I found these patches on the netfilter-devel list and make no warranties as to how well they work (or not). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > > #--- file: policy --- > #vpn policies: > loc vpn ACCEPT info > fw vpn ACCEPT info > vpn loc ACCEPT info > vpn fw ACCEPT info > > net

hi, there is no support for patch-o-matic netfilter modules. what i have to do if i want to use several patch-o-matic modules? which parts of code has to be changed and will that changed be included into the main shorewall tree in future or not? best regards claus

Jason Wohlford wrote: > > linux:/etc/shorewall# shorewall check > /sbin/shorewall: line 261: Added: command not found > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/params ... > Processing /etc/shorewall/shorewall.conf... > /usr/share/shorewall/firewall: line 261: Added: command not found BTW -- it looks like you have a missing "#" on a