similar to: Shorewall 2.0.0b

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Magnus Hyllander wrote: > > I guess what I''m wondering is, how does Shorewall (netfilter) know which > zone a certain road warrior belongs to? I''ve just completed getting dynamic zones working with ipsec again. A dynamic IPSEC zone is defined in /etc/shorewall/zones by following the short name (first column) with ":ipsec". The code is in CVS. There are a

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

This change rolls up the fix for the long-standing ProxyARP/IPSEC incompatibility. The fix has been available for some time on the 1.4 Errata page. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.5 This completes the implementation of Kernel 2.6 IPSEC support in Shorewall. Documentation is still minimal -- see the releasenotes and http://shorewall.net/IPSEC-2.6.html - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.4 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.4 Contains improvements to the support for kernel 2.6 IPSEC. Warning: The Netfilter IPSEC changes that this version of Shorewall depends on do not appear to work properly with bridging. I therefore recommend that you not try ipsec to/from a

http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.3 This version includes my first cut at IPSEC support for 2.6 Kernels with the new policy match facility. That facility must be installed using patch-o-matic-ng as described on the Netfilter site. I''m anticipating that the facility will be part of standard kernels by the time

Joshua Schmidlkofer wrote: > Tom Eastep wrote: > >> Joshua Schmidlkofer wrote: >> >>> Tom, >>> >>> Here is the setup method w/ Bridging on Gentoo. >>> >> >> Thanks, Joshua >> >> -Tom > > > Off topic - Has anyone cooked up a good web front end? I am messing w/ > IPCop, because one of my clients uses it.

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC4 New Features: 1. A listing of loaded iptables kernel modules is now included in the output of "shorewall status". Problems Corrected. 1. Several problems associated with processing the IPSEC column in /etc/shorewall/masq have been corrected. -Tom --

Ok -- I''m wearing the brown bag tonight (I''ve airmailed one to Tuomas as well :-) ). The IPTABLES patch had some problems when IPTABLES was not set in /etc/shorewall/shorewall.conf. Beta 6 fixes those (I hope) and also corrects a rather obscure problem with "shorewall add" when the "mss" option appears in /etc/shorewall/ipsec. -Tom -- Tom Eastep \

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta4 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta4 Problems Corrected: 1. A cut and paste error resulted in some nonsense in the description of the IPSEC column in /etc/shorewall/masq. 2. A typo in /etc/shorewall/rules has been corrected. 3. The bogons file has been updated. 4. The

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The first beta in the 2.2 series is now available. Download location is: http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta1 The features available in this release and the migration considerations are covered in the release notes. Highlights include: 1. The behavior

There have been a number of questions recently about Shorewall 2.0 and routing. In earlier posts, I said that Shorewall 2.0 would no longer alter the routing table as part of setting up Proxy ARP. I have been persuaded to take a different approach. In Shorewall 2.0.0-Alpha2, the HAVEROUTE column has been restored to the proxyarp file and a new PERSISTENT column has been added. If the

A merged patch usable on 2.6.10 has been placed in: http://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch ftp://shorewall.net/pub/shorewall/contrib/IPSEC/ipsec-nat-2.6.10.patch This patch was posted today on the Netfilter Development list -- I have not tested it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net

I''m doing more releases of 1.4.* to try to work around the absurd way in which the 2.6 kernel supports ipsec. 1.4.10 will provide a means for excluding multiple destination hosts/subnets from masquerade/SNAT. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

The basic functionality of Shorewall 2.2.2 works fine with the soon-to-be-released SuSE 9.3 (I have an early copy). I''ll be trying it over the weekend with more complex configurations involving IPSEC and OpenVPN. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 ftp://shorewall.net/pub/shorewall/2.1/shorewall-2.1.9 Problems Corrected: 1) IP ranges in the routestopped and tunnels files now work. 2) Rules where an IP range appears in both the source and destination ~ now work correctly. 3) With complex proxy arp configurations involving two or

Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2. If A is a user-defined action and you have file /etc/shorewall/A