similar to: Shorewall 1.3.14 Beta 1

Shorewall 1.3.14 is now available. Thanks go to Francesca Smith for helping with updating the sample configurations. New in 1.3.14: 1) An OLD_PING_HANDLING option has been added to shorewall.conf. When set to Yes, Shorewall ping handling is as it has always been (see http://www.shorewall.net/ping.html). When OLD_PING_HANDLING=No, icmp echo (ping) is handled via rules and

When an interface name appears in the second column of an entry in /etc/shorewall/masq, Shorewall will detect all hosts and subnets routed through that interface and will masquerade traffic from those hosts and subnets. This is slightly more general than what I posted recently on the users list since it uses the routing table rather than the IP configuration of the interface. Example:

The second Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The ''check'' command is no longer supported. 2) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.

The first 1.4.0 Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes. 2. Interface names of the form

Here is the proposed content -- I''m looking for a Beta to start in the next week or so with release around the middle of next month. The main focus of 1.4 will be to provide external behavior similar to the upcoming 2.0 release. Function from 1.3 that has been omitted from this version includes: 1) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4

The first release candidate is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta The only change between Beta 1 and RC1 is that the ''check'' command is back in RC1. Function from 1.3 that has been omitted from this version includes: 1) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4

hi list, i got a small problem. here is my setup: WAN | | | bridged $FW-------DMZ | | masqueraded | LOCAL my shorewall machine ($FW) got three interfaces: eth0 eth1 eth2 * eth0 is connected to the WAN * eth1 is connected to my DMZ * eth2 is connected to LOCAL network i manage a whole C class (public adresses) in my DMZ, let''s say X.Y.Z.0/24 * my router

My new DSL line came complete with a new Modem that is configured/monitored from a web browser. That inspired me to add a couple of new features to to the masq file which you can find in 2.1.1 (see attached release notes, New Feature 2). The modem has IP address 192.168.1.1 and is connected to eth0. My local network is 192.168.1.0/24 and is connected to eth2 which has IP address

Hello all: I''ve got a confusing issue. I had a working shorewall configuration (based on the two interface model) using DNAT for redirection to my HTTP server. The HTTP server is on my inside network (I know - bad juju, but one thing at a time). I changed my configuration this morning to use views in my BIND (named) configuration. Everyone outside the firewall is able to get in

Hi, I''m running a Debian 2.2r2 on a university server with 3 public ip on one ethernet card (but soon we will have three cards). There''s a tunnel (implemented with vtund on a tun interface with local address 192.168.1.10 and remote 192.168.1.20) from this server to another server without public ip and behind a router. I wanted to make the second server visible to the world, so

Dear All, After installing Shorewall, on a router with 4 NIC, seems running ok. Next day, when connecting from clients, (MS) we keep getting ip conflict for non-conflicting ip addresses. Any help is appreciated. Detals of Startup: + shift + nolock= + ''['' 1 -gt 1 '']'' + trap ''my_mutex_off; exit 2'' 1 2 3 4 5 6 9 + command=start +

Excuse me form reposting the quesiton, but I didn''t find any solution. Any suggestion is welcome Hi, I''m running a Debian 2.2r2 on a university server with 3 public ip o(1.1.1.1 2.2.2.2 and 3.3.3.3 on one ethernet card (but soon we will have three cards). There''s a tunnel (implemented with vtund on a tun interface with local address 192.168.1.10 and remote

I''ve begun to think about 2.0. I would like to hear any ideas about what you would like to see included. Before I decide what new things will be implemented though, I want to nail down what WON''T be included. Here is my list: a) Old Ping Handling. There won''t be any ''noping'' or ''forwardping'' interface options and there

I have a firewall with 2 connections to the internet (eth1 and eth2) and one LAN interface. on the LAN interface, the users can connect via PPTP. those authenticating via pptp shall be masqueraded over eth2, those not authenticating should be ordinary masqueraded over eth1. as from the archives I took the configuration like in FAQ32, but this doesn''t work with the ppp+ interfaces. I

Hi! I just recently entered the wonderful world of the so called "advanced routing" and decided to try and limit the bandwidth of a MASQed network here and ended up in trouble :(. The setup is (as far as I can tell) pretty straightforward. eth0 is connected to the "real" network with a proper IP, and eth2 is 192.168.10.x (the MASQed network). All of it is basicly right out of

Hello, Could someone with the requisite shorewall expertise please help me? Here is a description of my problem. I dial in to my ISP using kppp. It seems to establish a connection just fine. However, only a handful of bytes are exchanged. I must then become ''root'' and issue ''shorewall start'' in order to get the Internet connection to work normally. Once

Hello all, I''ve recently upgraded a Suse 9.1 box to Suse 9.2 (reinstall actually). This is mainly a test server that I use for testing our device with nat/snat etc. I just got around to reinstalling Shorewall 2.2.4, and I''m having an odd problem at startup I was hoping someone could perhaps shed some light on. I''ve created a very basic setup just to get Shorewall

Hi all :) I have a masqueraded home lan as well as a friend of mine. I have set up two tinc daemons on both masquerading gateways and I have no trouble connecting (it works pretty smooth) and they show up in the syslog as configured after sending an USR1 / USR2 signal to the daemons. The trouble is the routing / firewalling of the packets. Maybe somebody could give me a hand here? :) The

Hi folks, sorry for my bad english, but I am not a native speaker. I want to setup a virtual firewall-host in a UML-Session. I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge. I have 4 nic''s in my System: eth0 -> localnet 0 eth1 -> localnet 1 eth2 -> wlan eth3 -> DSL/ppp0 I''m using four bridges br0,br1,br2,br3. The UML firewall host is

Marta, As Alan pointed out the loc->net policy is Continue, it should probably be loc->net ACCEPT. This is from Tom''s Shorewall Documentation... http://www.shorewall.net/Documentation.htm#Policy CONTINUE - The connection is neither ACCEPTed, DROPped nor REJECTed. CONTINUE may be used when one or both of the zones named in the entry are sub-zones of or intersect with another zone.