similar to: Problem with Shorewall 1.4.1

This is a minor release of Shorewall. Problems Corrected: 1) TCP connection requests rejected out of the common chain are now properly rejected with TCP RST; previously, some of these requests were rejeced with an ICMP port-unreachable response. 2) ''traceroute -I'' from behind the firewall previously timed out on the first hop (e.g., to the firewall). This has been

http://www1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ ftp://ftp1.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/ Coming soon to a Mirror near you. Problems corrected in 3.0.6 1) A typo in the output of "help drop" has been corrected. 2) Previously, ''shorewall start'' would fail in the presence of a network interface named ''inet''. 3)

Currently at: http://shorewall.net/pub/shorewall/shorewall-1.4.8 ftp://shorewall.net/pub/shorewall/shorewall-1.4.8 Coming soon to a mirror near you. This is a minor release of Shorewall. Problems Corrected since version 1.4.7: 1) Tuomo Soini has supplied a correction to a problem that occurs using some versions of ''ash''. The symptom is that "shorewall start"

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

Sorry some email problem, i have change it for more reliable one. I have try this morning to netmasq 192.168.11.0 (eth1) to 192.168.1.0 (eth0), but it is a mistake. Yes thank you for answering so fast ! I have corrected it, here the new diagram and the new routing table. But it still doesn''t work. From the router i can access to 192.168.11.254 I have add the rules : DNAT loc

Yes thank you for answering so fast ! I have corrected it, here the new diagram and the new routing table. But it still doesn''t work. >From the router i can access to 192.168.11.254 I have add the rules : DNAT loc priv:192.168.11.254:22 tcp 22 But i can''t connect to 192.168.11.254 from LAN The DNAT fonction doesn''t work, but i can DROP packet arriving on eth0 (loc)

Shorewall 2.2.0 is expected to be released in the February/March timeframe so it is now time to begin thinking about preparing to upgrade. This is particularly important for those of you still running Shorewall 1.4 since support for that version will end with the release of 2.2. For those of you still running Shorewall 1.4, here are some things that you can do ahead of time to ease the upgrade to

This is a one-line change to the ''firewall'' script to restore the ''routeback'' interface option to health. http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Nathan Gehman wrote: > The reason I asked is I am unable to remote desktop over the VPN. With the > rules as you sent them. > > Nothing shows up in the firewall logs however, until I close the dialup > connection. There is a potential routing problem when you try to use the remote desktop -- is the workstation that you are trying to connect to via remote desktop routing

And the bugs just keep appearing... FWIW, the changes from 2.0.0 to 2.0.1 are more extensive and more complex than those between 1.4.10 and 2.0.0. This RC corrects two problems: a) The ''routeback'' option in the /etc/shorewall/hosts file had been broken. b) When two bridge ports were assigned to the same zone, Shorewall did not create a rule to allow traffic between the

FYI... ---------- Forwarded Message ---------- Subject: RE: [Shorewall-users] 2.6 kernel ipsec and shorewall Date: Thursday 23 September 2004 07:44 From: "Jonathan Schneider" <jon@clearconcepts.ca> To: "''Tom Eastep''" <teastep@shorewall.net> I must have been up too late working on this, looking at it the next day I noticed I completely forgot

Hi Tom, Thank you for your quick reply. I aplied changes as you suppose, and now users can comunicate each with others. - thank you very much. I have just one aditional question regarding PKTTYPE=No variable. I didnt find it in shorewall.conf so I simply add it at the end of conf file (above #Last line :-) ) So question is it is standard feature of shorewall, and from which version it is

It''s in the /Shorewall and /Shorewall-docs projects. I plan to run it over the weekend and release it Sunday night. -Tom PS: Francesca - no need to upgrade the Samples this time since none of the changes affect the sample configurations (other than the config file comments). -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2 Problems Corrected: 1. The "shorewall check" command results in the (harmless) error message: /usr/share/shorewall/firewall: line 2753: check_dupliate_zones: command not found 2. The

Beta 2 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) This release includes all defect repair from Shorewall 4.5.17.1. 2) The following warning message could be emitted

Hi I have 2nic firewall . I had to open some ranges of udp and tcp ports . I faced a problem that although all the ports are open Some functionality was not working . Any body used shorewall with H323 Voip traffic DNATed . Any help is appretiated . Thanks ----- Original Message ----- From: <shorewall-users-request@lists.shorewall.net> To: <shorewall-users@lists.shorewall.net> Sent:

I have delete "lo" Zones And Interface and rebuild all the firewall >From Local I ping www.google.fr with DNS resolution DNSMASK installed on the firewall. POSTFIX and Squid+SquidGuard Installed on firewall All clients machines have the IP of Firewall for Dns resolution New Dump joint Without Squid : I surf and all works perfectly With Squid And REDIRECT rule : surf Is VERY TOO

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello! > > > Machine A > WAN IP: 123.123.123.111 > LAN IP: 192.168.177.1 > > > Machine A wants to connect through an IPsec tunnel to 192.168.176.2 tcp 110 (pop3). > > kernel: Shorewall:all2all:REJECT: > IN= OUT=ppp0 SRC=123.123.123.111 DST=192.168.176.2 > LEN=60 TOS=0x10

I anticipate that this will be the last RC unless problems are discovered. Changes since RC2 include: * The default route is now ignored when Shorewall is detecting masqueraded networks. A warning message is issued if the default route goes through the source interface (normally, the destination interface is the firewall''s external interface and therefore, the default route would go