similar to: URGENT: Shorewall Security Vulnerability

I am getting the following message when Shorewall stops can anybody shed any light on this message and where I should be looking? Thanks root@bobshost:~# shorewall stop Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...Processing /etc/shorewall/stop ... IP Forwarding Enabled

Hi, I''ve upgraded my shorewall version from 2.0 to 2.2.1 using the .tgz I followed the instructions for upgrade and got a warning when running shorewall check on /usr/share/shorewall/action.DROP and action.Reject using "dropNonSyn" while that has changed to DropNotSyn . I manually copied over action.DROP from the source tree. Question: Are there more files to check ? Even

I have just installed shorewall 2.2.0 beta 1 on a fedora core 1 box using ./install.sh to upgrade my existing install. shorewall check gave: Determining Zones... /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found Zones: net loc wifi dmz Fix in /usr/share/shorewall/firewall 2753c2753 < check_duplicate_zones --- > check_dupliate_zones Regards

Hello, I''ve been doing some tests on a firewall system running Shorewall 1.4, and have been getting some unexpected behavior when enabling the "newnotsyn" option. In the test setup, I have: ---------------------------------------- /etc/shorewall/interfaces net eth0 detect routefilter,tcpflags,blacklist loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn

Hi all, Currently at work we use a commercial product called "Gnatbox", which, I believe, is a BSD derivative running on a floppy disk. They have a pretty UI and all, but I''d feel much safer/happier with a GNU/Linux box and Shorewall doing the same thing. In fact, I''m doing something very close to this at home using Openwrt and Shorewall on my WRT54G router, but I

I''ve installed a bering box acting as a firewall for a lan; the lan is 192.168.1.0/24 the bering box is 192.168.1.254 I''ve installed a squid server 192.168.1.1 It is possible to configure shorewall for a transparent proxy to the squid server? I''ve tryed with REDIRECT loc loc:192.168.1.1:3128 tcp www - !192.168.1.1 in the rules file I get this error: Error:

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

(I''m not a member of the list at the moment so please answer this e-mail CC to my personal address. Thank you all) I am part of a community network in Buenos Aires and I''m now trying to set up a bridge between my local net and the community net. The problem is that appart from the bridge between these I need to share an internet connection and the cable modem assigns me a

Hola! I''m trying to follow the User Manual''s example on how to run ttylinux on xen and failing. # xm create ttylinux-xen.cf -c Using config file "ttylinux-xen.cf". Started domain ttylinux, console on port 9604 ************ REMOTE CONSOLE: CTRL-] TO QUIT ******** Linux version 2.6.11-xenU (horape@elanor.compendium.net.ar) (gcc version 3.3.5 (Debian 1:3.3.5-3)) #1 Thu

Hi! I use standard Bering 2.2.2. I am trying to get my FTP-server to work with another portnumber than 21 (On port 21 all works great, but I´m really interested in running two FTP-servers, so I want to figure this one out first). Read the FAQ: http://www.shorewall.net/FTP.html and now I got this setup: In Rules: DNAT net loc:192.168.3.2 tcp 99 In Shorewalls modules.conf (tried

Hi all, I was trying to test ROUTE specific code with a multi-isp serviced box. There is a bug somewhere, but I''m not able to understand what the real problem is: when I issue a "shorewall show capabilities" I get: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Loading Modules... Shorewall has

>That should work, *IF*: > >a) hda5 is a FAT12/16 filesystem; >b) hda5 is <= cyl 1024. > > -hpa I got thinking booting off a logical partition might not be allowed, so I changed the LEAF/Bering logical partition to a primary, hda4. Then I ran "syslinux d:" from a Win98SE DOS-box to (try to) initialize the partition's boot record. And added this from a

Hi, I own a UPS HP T750. Is there a driver for this UPS (either serial or USB)? thx kp

Has anyone encountered a situation where packets dropped by the newnotsyn chain can result in sporadic browsing problems, slowness, and even timeouts? I noticed that of the 3300 hits for newnotsyn in our current log (6 hours worth), over 2700 of them were to/from our proxy servers. And browsing through them, most *appear* to be otherwise valid packets from remote web servers that would have

Hi Tom,  I´m very glad using Shorewall I proud to say that use it in my whole network (215 Real IP´s over ProxyArp) I can filter everyone have mac-control of then etc etc. Well I´m like a child playing with it :) But now, have a question there is any way to filter or use an Anti-virus in this network ? To drop packets with virus ?? To scan HTTP request ?? Or maybe use Dansguardian ? Did you

I have been using the LEAF Bering firewall for a year or so. It boots with Syslinux 1.75. But Bering is too large for a 1440KB floppy, so it formats the diskette as 1680KB. Recently I found a small Compaq 2266 box to replace a larger Compaq 7170 to run the firewall. But when I try to boot the Bering diskette on the 2266 I get the following message: Loading Linux ............ Boot failed:

What speaks for it and which speaks against it that Firewall and squid run on the same machine? Regards Menki ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more

Greetings, What programming languages besides shell scripting are used in shorewall? What knowledge is needed to help in shorewall development? I figure iptables is a goood bet but is there anything else as well? Thank you for your time. Regards, Jason

After gaining some experience with the new release model, it has become apparent to me that a small adjustment is warrented. I previously announced that updates to the stable release would only contain bug fixes. I''m modifying that slightly to allow for small low-risk enhancements; large and/or risky enhancements will still be restricted to the development release. We have seen this

Season Greetings to all Tom, in your faq, u have this noted: While I am currently using the HTB version of The Wonder Shaper (I just copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in the Wondershaper README), I treid this with wondershaper, using Bearing Leaf 1.0 stable i even changed the tc command to run_tc, and tried it in both angles, and i receive the following..