similar to: New Job

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom

This is a bug-fix roll-up. Problems corrected since 1.4.6: 1) Corrected problem in 1.4.6 where the MANGLE_ENABLED variable was being tested before it was set. 2) Corrected handling of MAC addresses in the SOURCE column of the tcrules file. Previously, these addresses resulted in an invalid iptables command. 3) The "shorewall stop" command is now disabled when

hi have a little problem of configuration I have a network with a server (192.168.0.1) and other pc one is 192.168.0.20 i want to reject all output from 192.168.0.20 for port 4000 (tcp and udp) i want accept incoming packet on port 4000 but reject outgoing packet on port 4000 so could you give me a solution please ? thank you PS : I hope you undersatnd waht I want because im frecnh and my

Hi, I have 2 Debian testing boxes running a very similar setup (both running the latest aptosid kernel); on one of them, since the iptables/libxtables10 packages have been upgraded from 1.4.19.1-1 to 1.4.20-2, shorewall-init can''t start shorewall anymore and for this reason ifupdown also fails triggering firewall up. Shorewall can be successfully started later on, and ifupdown starts

.... I need a break. Happy New Year, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Hi I''m running on a debian box shorewall-4.5.17. My main gateway is a router running on openwrt and I want to use the shorewall-lite packet provided by openwrt. The openwrt''s provided shorewall-lite packet is 4.5.7. So my questions would be: 1: Do I need to make some modifications before installing shorewall-core-4.5.7/shorewall-4.5.7 on my debian box? 2: if I have both

This isn''t a 100% Shorewall topic but since this list relates to internet security and it''s issues I thought this might be a good place to start. I have setup a company firewall using Mandrake Linux 9.0, Shorewall 1.3x and PPTPD v2.4.1, and a few other networking services. Thanks to Shorewall the firewall as tested is secure and the VPN is working fine with MPPE-128 Encryption.

Hello, I have started playing around with docker (https://www.docker.io/) and am having trouble to integrate the "docker0" bridge it creates on the fly into my shorewall setup (version 4.5.16.1) on debian testing. IP forwarding is on and I have defined a "doc" ipv4 zone and the interfaces has an entry like so, > doc docker0

What speaks for it and which speaks against it that Firewall and squid run on the same machine? Regards Menki ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more

When using shorewall with a road warrior openvpn setup, how can I get the tun interface to masq through a lan interface? Example Setup: Machine A (tun0 10.0.0.1) -----------VPN---------(tun0 10.0.0.2)---------Machine B(10.10.10.1) When I ping Machine B from Machine B, Machine B is receiving the echo request, but it doesn''t know the route back to the 10.0.0.0/24, and there

Hi, I am building a firewall that will have two groups of subnets behind it which I''ll provision via vlans. The upstream provider will be supplying a router with a single interface with two subnets routed into it, one is a private connection to the corporate WAN and the other is a public (Internet) block. One group of subnets behind the firewall will be SNAT''d out through a

Hello, Mike Noyes and myself have populated http://wiki.rettc.com with the shorewall FAQ. This wiki is running MediaWiki, http://www.mediawiki.org. Currently, a couple items are not complete. I have just begun a heavy semester of mathematics/physics studies, and do not have much time to give to this. But, it is online, and seems to be stable. I will keep an eye out for abuse, and limit

The 2.6 kernel series includes Netfilter ''physdev'' match support. That support makes it feasible for Shorewall to support bridge/firewall configurations. I''m looking for early testers of such support. Requirements: a) Willing to run Shorewall 2.0.0-RC1 or later (RC1 will be released in a day or so) plus private updates. b) Running a 2.6 kernel or a 2.4 kernel with

Hello all, I''m using shorewall on a linux machine that has two interfaces, eth0 being connected on the internal network (10.10.10.0/24) and eth1 being connected to the external network. On eth0 the IP is statically configured to 10.10.10.254 and there is a dhcp server running for the machines in the private network. On eth1, the IP is dynamically assigned by my ISP modem that acts as

Hi all! I have got a vpn connection set up using FreeSwan and shorewall. Everything works fine but I want to add another subnet to the whole. This means that 1 box will get two net-to-net connections. I want to limit the services on one subnet however. Cuurently I have defined a vpn zone for the current connection and allow all vpn<->loc traffic. How would I go about in tightening the

hello need a little help i have 2 NIC router with shorewall client PCs goes to internet fine with shorewall help. but i need to reroute traffic for one net via other gateway not ISPs. Gateway is on LAN NIC. 192.168.1.0/24 LAN x.x.x.x WAN router(shorewall) IP 192.168.1.15 i need to reroute traffic for 192.168.2.0/24 network to 192.168.1.1 gateway I know how to do it via route and iptables, bu just

Hi All, I have a custom TC configuration where I''m building the tc hierarchy manually with the tcstart script. I also need to add custom iptables rules in the mangle table to classify the packets. Currently I''m using started to insert the iptables commands, but that''s way too late in the process. I tried putting them into the initdone file, but it''s trying to

I want to use lastest version of Shorewall in my fresh debian squeeze instalation, so I follow http://www.shorewall.net/Install.htm#Debian but, modify preferences file was not enough for me, I have to modify/add some other files in /etc/apt/ directory: 1.) include testing repo to source.list 2.) add APT::Default-Release "stable"; to apt.conf and pinning all other packages to stable

I use since a lot of time a "classical" two-interfaces setup, with the net interface connected to an ADSL modem in half-bridge mode, which receives a public IP from the ISP and gives it to the Linux net interface; the lan interface has the 192.168.30.0/24 class. Now I need to change this setup, because my new ISP (that will switch soon to a FTTS VDSL2 connection) sent me a VDSL2

Dear all, I''m setting up a new gateway for a small network (under 30 users)Gw will host the following services:shorewalldnsproxy i''m considering installing snort.can i do so on the same exact box ? is there any security risk of doing so ? box would have 4 ISPs and two internal interfaces. Any recommendation about the optimal setup of snort and shorewall (or if you suggest