Displaying 20 results from an estimated 20000 matches similar to: "Shorewall 1.4.10e"
2006 Feb 07
0
WG: AW: WG: proxyarp <--> OpenSwan VPN/Internet
I´ve figured out the following.
I am able to sftp from shorewall 2.4.2 left vpn gateway x.x.x.14 (DMZ) to
shorewall 2.4.1 fw x.x.x.11 with /etc/shorewall/proxyarp
x.x.x.14 eth2 eth0 No
very well. That´s not through a tunnel (of course a ssh tunnel, but no vpn)
but with public ip x.x.x.14 to x.x.x.11
If I try to sftp through the fw to the public internet I have the same
2004 Sep 23
0
Fwd: RE: 2.6 kernel ipsec and shorewall
FYI...
---------- Forwarded Message ----------
Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall
Date: Thursday 23 September 2004 07:44
From: "Jonathan Schneider" <jon@clearconcepts.ca>
To: "''Tom Eastep''" <teastep@shorewall.net>
I must have been up too late working on this, looking at it the next day I
noticed I completely forgot
2004 Nov 02
0
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2004 Aug 16
2
Re: [Shorewall-announce] Shorewall 2.1.4
Magnus Hyllander wrote:
>
> I guess what I''m wondering is, how does Shorewall (netfilter) know which
> zone a certain road warrior belongs to?
I''ve just completed getting dynamic zones working with ipsec again. A
dynamic IPSEC zone is defined in /etc/shorewall/zones by following the
short name (first column) with ":ipsec". The code is in CVS.
There are a
2004 Mar 23
0
Shorewall 2.0.0b
Fixes two problems:
a) Thanks to Sean Mathews, the long-standing problem with Proxy ARP and
IPSEC is solved.
b) The 2.0.0 Documentation claims that the default value of ALL
INTERFACES in /etc/shorewall/net is "Yes" -- the code didn''t support that.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington
2004 Aug 19
0
Shorewall 2.1.5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5
This completes the implementation of Kernel 2.6 IPSEC support in Shorewall.
Documentation is still minimal -- see the releasenotes and
http://shorewall.net/IPSEC-2.6.html
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently
2004 Aug 14
0
Shorewall 2.1.4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.4
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.4
Contains improvements to the support for kernel 2.6 IPSEC.
Warning: The Netfilter IPSEC changes that this version of Shorewall
depends on do not appear to work properly with bridging. I therefore
recommend that you not try ipsec to/from a
2004 Aug 07
1
Shorewall 2.1.3
http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3
ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3
This version includes my first cut at IPSEC support for 2.6 Kernels with
the new policy match facility. That facility must be installed using
patch-o-matic-ng as described on the Netfilter site. I''m anticipating
that the facility will be part of standard kernels by the time
2004 Feb 03
0
Shorewall 2.0 and Routing
There have been a number of questions recently about Shorewall 2.0 and
routing. In earlier posts, I said that Shorewall 2.0 would no longer alter
the routing table as part of setting up Proxy ARP.
I have been persuaded to take a different approach.
In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the
proxyarp file and a new PERSISTENT column has been added. If the
2004 Jul 13
0
Shorewall 2.1.1
My new DSL line came complete with a new Modem that is
configured/monitored from a web browser. That inspired me to add a
couple of new features to to the masq file which you can find in 2.1.1
(see attached release notes, New Feature 2).
The modem has IP address 192.168.1.1 and is connected to eth0. My local
network is 192.168.1.0/24 and is connected to eth2 which has IP address
2005 Jan 15
2
Re: Shorewall - Bridging with Gentoo
Joshua Schmidlkofer wrote:
> Tom Eastep wrote:
>
>> Joshua Schmidlkofer wrote:
>>
>>> Tom,
>>>
>>> Here is the setup method w/ Bridging on Gentoo.
>>>
>>
>> Thanks, Joshua
>>
>> -Tom
>
>
> Off topic - Has anyone cooked up a good web front end? I am messing w/
> IPCop, because one of my clients uses it.
2005 Jan 07
1
Shorewall 2.2.0 RC4
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4
New Features:
1. A listing of loaded iptables kernel modules is now included in the
output of "shorewall status".
Problems Corrected.
1. Several problems associated with processing the IPSEC column in
/etc/shorewall/masq have been corrected.
-Tom
--
2004 Nov 27
2
Shorewall 2.2.0 Beta 6
Ok -- I''m wearing the brown bag tonight (I''ve airmailed one to Tuomas as
well :-) ).
The IPTABLES patch had some problems when IPTABLES was not set
in /etc/shorewall/shorewall.conf. Beta 6 fixes those (I hope) and also
corrects a rather obscure problem with "shorewall add" when the "mss"
option appears in /etc/shorewall/ipsec.
-Tom
--
Tom Eastep \
2004 Nov 19
0
Shorewall 2.2.0 Beta 4
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta4
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta4
Problems Corrected:
1. A cut and paste error resulted in some nonsense in the
description of the IPSEC column in /etc/shorewall/masq.
2. A typo in /etc/shorewall/rules has been corrected.
3. The bogons file has been updated.
4. The
2004 Oct 24
0
Shorewall 2.2.0 Beta 1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The first beta in the 2.2 series is now available. Download location is:
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1
The features available in this release and the migration considerations
are covered in the release notes. Highlights include:
1. The behavior
2005 Jan 04
0
IPSEC-Netfilter patch for 2.6.10
A merged patch usable on 2.6.10 has been placed in:
http://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch
ftp://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch
This patch was posted today on the Netfilter Development list -- I have
not tested it.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
2004 Jan 22
5
Shorewall 1.4.10 RC1
I''m doing more releases of 1.4.* to try to work around the absurd way in which
the 2.6 kernel supports ipsec.
1.4.10 will provide a means for excluding multiple destination hosts/subnets
from masquerade/SNAT.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 Apr 01
6
Shorewall and SuSE 9.3
The basic functionality of Shorewall 2.2.2 works fine with the
soon-to-be-released SuSE 9.3 (I have an early copy). I''ll be trying it
over the weekend with more complex configurations involving IPSEC and
OpenVPN.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
2004 Dec 10
0
[Fwd: RE: Shorewall IPSEC]
Just to close this thread...
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key