similar to: Shorewall 1.4.10 RC1

The second Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The ''check'' command is no longer supported. 2) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.

Shorewall 2.0.2 is now available at: http://shorewall.net/pub/shorewall/shorewall-2.0.2 ftp://shorewall.net/pub/shorewall/shorewall.2.0.2 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi, I have setup a IPSEC VPN using Openswan to connect a Draytek router to a CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m getting a problem with packets from the left hand subnet getting masqueraded rather than routed down the IPSEC VPN as though they were going out onto the net. I''ve spent the last day searching Google and so far I''ve hit a

Anyone have succefully run clonecd or know how to burn cloneCD files under linux ? I can run CloneCD but it tell me that it cant load device driver and shutdown immedialty wine tell me that it dont know the VXD ElbyCDIO any ideas ? thx

Hello all, I have an asterisk sip/iax peer behind a linux gateway doing nat. I''m using pppoe with a dynamic ip that changes frequently. The problem is when the line drops the sip/iax registrations drop as well, and they don''t register thereafter. When I check the conntrack entries, I noticed the entries still have the old wan ip address and because of keepalive (i''m

Sat Mar 22 14:16:55 CST 2003 This post is a bit long, but I want to make sure I am providing the information up front that can help in others helping me solve this mystery. I am having a bit of difficulty getting Shorewall to work with SecuRemote and its FW-1 server. I have attached the "rules" file I am using and the output of "shorewall show nat". The diagram below

Hello, I am using 3.0.15pre2. Share definitions: [Grupes] path = /home/Grupes writeable = yes admin users = DOMAIN+administrator valid users = @"DOMAIN+domain users" store dos attributes = yes map hidden = no map system = no map archive = no dos filemode = yes File ACLs before opening: # file: Pazymejimai-forma2.xls # owner: root # group:

Dear All, Firstly, thank you very much - shorewall is great. I''m not a member of this list, and please forgive me if I am suggesting something stupid, but the following occurs to me, and I thought it might be useful. Why no make it possible to specify zones as well as interfaces in the /etc/shorewall/masq file ? Eg: instead of: eth0 eth1 one might write: net loc (or masq in

Hello, it happened with another VM: # virsh snapshot-create-as --domain rasa sn1 --diskspec vda,file=/var/lib/libvirt/images/rasa-sn1.qcow2 --disk-only --atomic --no-metadata # virsh blockcommit rasa vda --active --verbose --pivot Block commit: [100 %]error: failed to pivot job for disk vda error: block copy still active: disk 'vda' not ready for pivot yet # virsh domblklist rasa

Hello, I am using winbind (samba 3.0.11). A command "groups DOMAIN+user" doesn't work for some users: # groups DOMAIN+user1 id: cannot find name for group ID 10073 # groups DOMAIN+user2 DOMAIN+user2 : DOMAIN+domain users DOMAIN+apskaita # getent passwd DOMAIN+user1 DOMAIN+user1:*:10042:10000:xxx:/home/DOMAIN/user1:/bin/false # getent passwd DOMAIN+user2

In /etc/shorewall/masq I have: eth0 eth1 eth0 vmnet1 eth0 vmnet8 ------------- eth0 is my default route to the Linksys router connected to the cable modem. eth1 is my connection to 192.168.1 subnet and it is the gateway for all other machines on this subnet. My routing table is: # netstat -nr Kernel IP routing table Destination

Hello, according to 'man smb.conf': Default: winbind cache time = 300 I have not changed it in smb.conf, but when I remove some user from some group, command "groups DOMAIN+user" still shows that user belongs to the group even after a few hours after removing the user from that group. Any ideas why? samba 3.0.15pre2. Regards, Nerijus

snat not working my local ip is aaa.aaa.aaa.aaa asterisk sitting on the internet at ip bbb.bbb.bbb.bbb my firewall''s internal ip is 192.168.0.254 i did snat: iptables -t nat -A POSTROUTING -o ppp0 -j SNAT --to aaa.aaa.aaa iptables -t nat -L -v gives: Chain POSTROUTING (policy ACCEPT 23663 packets, 2182K bytes) pkts bytes target prot opt in out source destination 33056

Hello - I am not a subscriber to the mailing, please email me with help at mfabache@yahoo.com My shorewall (v2.0.1) has been working wonderful for the past year. I just added my Vonage and cannot get the Phone Adapter to sync up (2 blinks (looking for IP)) All I have done is run an ethernet cable from the WAN outlet on the phone adapter to a lan port on the router. After googling, I found

Hi I wonder if you can help... I have setup shorewall(2.2.3) under debian on a machine that has 4 network ports... the idea is that there is 1 WAN port, 1 DMZ port, and 2 LAN ports, 1 LAN port has static NAT setup for selected incoming connection from trusted sources, and the second LAN port I am trying to setup using masq NAT as it only requires outgoing connections, no incoming. the static NAT

Hi, I am wondering if it is possible to do the following with shorewall. I operate a network with some additional IP''s that are SNAT''d to various server machines on my network. One of my machines is a Terminal server. I need to be able to RDP to various servers for clients, that are IP locked for RDP on my PtP address, not the SNAT address of my Terminal server. Can I

Hello, I want not to log some dropped packets going from net to fw, i.e. to exclude some ports. For example, I get lots of denied SPT=4672 DPT=7476 packets in /var/log/messages. I know I can probably do this by using ulog or some other logging system and writing some rules to exclude "SPT=4672", but is it possible for shorewall not to log some ports? Sorry if it is obvious, but I

On Tue, 15 May 2018 14:45:23 +0300 Gena Makhomed <gmm at csdoc.com> wrote: > >> Something wrong with $contentdir variable, > >> it points to altarch for x86_64 $basearch. > > > > can't reproduce on a fresh x86_64 installation. Adding Brian in case he has > > a clue for this. > > I use fresh installed x86_64 CentOS 7.5 via VNC > with

Hi, Could not conceive an working set-up for an IPSEC VPN made with racoon/setkey on which I have one address on my side acting as an SNAT router for all traffic from my network to a network segment on the far side. my network --- my gateway ---------------------- remote network 10.0.0.0/24 - 10.0.0.1 (10.253.0.2) -- tunnel - 192.168.0.0/22 All traffic starts on my side, so if I can

I''ve just discovered that I do not have access to the remote gateways for a set of IPsec tunnels to remote networks. This prevents me from changing the routing table on those gateways. I need "roadwarrior" systems connecting to me local network using OpenVPN (tun) to be able to access those systems. Since the remote gateways don''t know about 10.100.1.0/24, where my