similar to: New in CVS

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta Problems Corrected since version 1.4.8: 1) There has been a low continuing level of confusion over the terms "Source NAT" (SNAT) and "Static NAT". To avoid future confusion, all instances of "Static NAT" have been replaced with "One-to-one NAT" in the documentation and

Shorewall 1.4.9 is now available. http://shorewall.net/pub/shorewall/shorewall-1.4.9 ftp://shorewall.net/pub/shorewall/shorewall-1.4.9 Unless something urgent comes up, this will be the last release of Shorewall 1.x. Release notes are attached. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \

Hello all, Yesterday I noticed that my system was "leaking" traffic towards the 10/8 network, I have shorewall installed on multiple machines ranging from single interface devices to ones with 10+ interfaces. I tested all the boxes and they are showing the same behavior. All systems are CentOS 3.4, 2.4.21-27.0.2.ELsmp. Shorewall version: 2.2.1 For the host mentioned is a single

I have an ADSL router, a linux box with two NICS connected to the router and another PC connected to the router. I installed shorewall using the two interface method. I can ping and see the webserver on the linux box from the local network, but not from the internet. Sys info as follows: [root@wilma root]# shorewall version 1.4.6b [root@wilma root]# ip addr show 1: lo: <LOOPBACK,UP> mtu

Hello all: I''ve got a confusing issue. I had a working shorewall configuration (based on the two interface model) using DNAT for redirection to my HTTP server. The HTTP server is on my inside network (I know - bad juju, but one thing at a time). I changed my configuration this morning to use views in my BIND (named) configuration. Everyone outside the firewall is able to get in

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi: I have a small infrastructure of network of local area, that are based on a computer, with computer and with a Point Access, with Debian Etch 4.0r1. With Shorewall 3.2.6-2. Well. Since I have two cards of network, which of which, I have left like that: Internet --> Router (217.126.221.65) --> eth1 (217.126.221.117) --> eth0 (LAN

Hi, according to: http://www.iana.org/assignments/ipv4-address-space the bogons table is outdated... tha attached patch fixes that... (done against 2.0.1) -- Regards Thomas PS. please CC me as I''m not subscribed to the list -------------- next part -------------- --- usr/share/shorewall/bogons.old 2004-04-19 18:28:00.000000000 +0300 +++ usr/share/shorewall/bogons 2004-04-20

Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) A problem introduced in earlier snapshots has been corrected. This problem caused incorrect netfilter rules to be created when the destination zone in a rule was qualified by an address in CIDR format.

I forgot to add the last new feature to the previous announcement. Shorewall 2.2.2 is now available. http://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 ftp://shorewall.net/pub/shorewall/2.2/shorewall-2.2.2 Problems Corrected: 1. The SOURCE column in the /etc/shorewall/tcrules file now correctly allows IP ranges (assuming that your iptables and kernel support ranges). 2.

Hi dovecot list, Static build of dovecot fails because src/lib/module-dir.c refers to MODULE_SUFFIX that is undefined when building statically. This least to the following build failure: module-dir.c: In function 'module_file_get_name': module-dir.c:624:20: error: 'MODULE_SUFFIX' undeclared (first use in this function) p = strstr(fname, MODULE_SUFFIX); ^

Beta 1 is now available at: http://shorewall.net/pub/shorewall/testing ftp://shorewall.net/pub/shorewall/testing This is a minor release of Shorewall. Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) Where a list of IP addresses appears in the DEST column of a

From the shorewall 1.4.9 Beta 1 News: #Start section 4 4. Support for user defined rule ACTIONS has been implemented through two new files: /etc/shorewall/actions - used to list the user-defined ACTIONS. /etc/shorewall/action.template - For each user defined <action>, copy this file to /etc/shorewall/action.<action> and add the appropriate # here it says to copy the template # to

Shorewall 1.4.6 is now available. Thanks to Francesca Smith, the 1.4.6 Sample configurations are also available. The release is currently available at: http://shorewall.net/pub/shorewall ftp://shorewall.net/pub/shorewall It will be available at the other mirrors shortly. This is a minor release of Shorewall. Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered

I have /bin/ash from rh8 installation and I have following error when I tried to change using ash instead of sh with shorewall-1.4.7: + eval options=$tap0_options + options= + list_search newnotsyn + local e=newnotsyn + [ 1 -gt 1 ] + return 1 + run_user_exit newnotsyn + find_file newnotsyn + [ -n -a -f /newnotsyn ] + echo /etc/shorewall/newnotsyn + local user_exit=/etc/shorewall/newnotsyn + [

Problems Corrected: 1) A problem seen on RH7.3 systems where Shorewall encountered start errors when started using the "service" mechanism has been worked around. 2) A problem introduced in earlier snapshots has been corrected. This problem caused incorrect netfilter rules to be created when the destination zone in a rule was qualified by an address in CIDR format.

Hello, I''ve been doing some tests on a firewall system running Shorewall 1.4, and have been getting some unexpected behavior when enabling the "newnotsyn" option. In the test setup, I have: ---------------------------------------- /etc/shorewall/interfaces net eth0 detect routefilter,tcpflags,blacklist loc eth1 10.0.0.255 dhcp,tcpflags,newnotsyn

Hi, I''m running shorewall-2.0.8-1mdk with iptables-1.2.9-7.1.101mdk on kernel-2.4.22-30mdk, Mandrake 10.1 (kernel-2.6.8.1.10mdk-1-1mdk is installed, but I haven''t rebooted yet). I get a significant number of newnotsyn packet denials from existing, valid connections. Most of these seem to be on port 80 and port 25, and directionality doesn''t seem to matter (I run

Hello, I have this problem: when my mail server on the DMZ starts a connection to the internet it''s ip (213.58.230.26) is "masqueraded" with the firewall ip (213.58.230.50). I wouldn''t mind but there is a one customer who rejects the connection because it makes reverse dns and finds no dns entry for the firewall ip. How can i correct this? Thanks, MSantos shorewall

Has anyone encountered a situation where packets dropped by the newnotsyn chain can result in sporadic browsing problems, slowness, and even timeouts? I noticed that of the 3300 hits for newnotsyn in our current log (6 hours worth), over 2700 of them were to/from our proxy servers. And browsing through them, most *appear* to be otherwise valid packets from remote web servers that would have