Displaying 20 results from an estimated 20000 matches similar to: "Sanity check for Shorewall and Openswan VPN and 2.6"
2004 Apr 17
4
LinuxFest NW
For those of you going to LinuxFest, I''ll be speaking today at 10:00 in
G-106. And if you miss the talk but see me wandering around the campus
later, don''t hesitate to flag me down to say "Hi".
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2005 Jan 12
6
multicast NAT
I have a standard 3 interface shorewall setup and I want to receive
multicast stuff from ''net'' -> ''loc''. This requires me, first, to do an
IGMP join which involves 192.168.1.x -> 224.0.0.x being NATed out as the
''net'' interface''s IP address. Obviously replies have to be NATed back to
''loc'' addresses.
Can
2004 Oct 31
9
Maquerading through IPSECed wireless dropping packets selectively?
Hello,
I''m stuck IPSECing my wireless network at home and would appreciate any
comments. I appologize in advance if I''m wasting your time with trivia -
I''m not a professional and staring at the problem for days from various
angles hasn''t done me any good ...
My home server/firewall (morannon) is hooked up through an USB to
ethernet adapter (eth1) to my DSL
2005 Aug 18
2
Shorewall and multicast
Hi, all!
Can I enable multicasting via shorewall?
I have router with Gentoo Linux (one interface to ISP, one with alises - to
local network). Shorewall work perfect!
But now I need setup Quagga (zebra) for dynamic routing between one more
router via another provider.
All routers daemons (zebra, ripd, ospf) used multicasting.
In my configuration already enabled allowBcast and etc.
2004 Aug 27
5
IGMP
The BBC are currently trialling multicasting the Olympics. This requires
multicast and IGMP to be available. As far as I can make out, in 2.0.8
at least, all multicast addresses are filtered out and, to my naive
eyes, can''t be re-enabled.
Please prove me wrong :-)
Dirk
--
Please Note: Some Quantum Physics Theories Suggest That When the
Consumer Is Not Directly Observing This Message,
2005 Jun 12
3
kernel and netfilter patches already in Redhat AS 4 for IPSEC
I read LinuxFest NW 2005 Presentation pdf. On page 32, mentioned it
required patches on kernel 2.6.x and netfilter and It only said that
SuSE 9.2 and 9.3 had patches on it''s stock kernel. I''m using Redhat AS
4. Anybody knows does the stock kernel and netfilter had theses
patches patched ? or How should I know the kernel and netfilter had
these patches applied ?
thanks!
2004 Oct 24
2
openswan+shorewall+kernel 2.6.8 debian
I am trying to get a debian system with openswan 2.2 shorewall 2.1.11 + debian kernel 2.6.8 working together. I have
read the documentation (IPSEC using Linux Kernel 2.6) and before I go and compile my own modules I would like to know
if the standard debian kernel already has the Netfilter+ipsec patches and the policy match patches installed.
Does anyone know?
thanks
Jim
2006 May 28
5
Easiest way to compile custom kernel, for fedora +openswan+xen+patchomatic
I want to compile a custom xenU kernel for a firewall distribution
(endianfw, version of ipcop), I can get it to load up but the kernel is
missing some modules that aren''t resident. So I want to make a custom
version for this domU, I know what I need kernel+openswan+xen+patch-o-matic
but I not sure the best way to go about this, do I patch a fedora source or
start with a vanilla kernel?
2004 Sep 08
6
netfilter modules
hi,
there is no support for patch-o-matic netfilter modules. what i have to do
if i want to use several patch-o-matic modules?
which parts of code has to be changed and will that changed be included
into the main shorewall tree in future or not?
best regards
claus
2004 Oct 01
4
Re: Error: Your kernel and/or iptables does not not support policy match: ipsec
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
claas@rootdir.de wrote:
> Hello,
>
>
> I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running,
> but I still have a problem:
>
> Validating hosts file...
> Error: Your kernel and/or iptables does not not support policy
match: ipsec
>
> I had a look for netfilter patch-o-matic, but I did not find the
2005 Jan 25
3
masc and multicast
I am trying to set up my Shorewall box to forward multicast packets to
my local net. I do have some problems with mrouted (see below), but I
can join and add routes using smcroute. Multicast works when shorewall
is disabled. I got a lot of help from the following.
http://lists.shorewall.net/pipermail/shorewall-users/2005-January/016674.html
I cannot get the multicast packets to pass the fw when
2005 Apr 06
3
How to use Patch-o-matic ?
Hi,
i have used shorewall for several years now, but now i have a problem i
can not solve by my own.
I use Debian (Testing/Sarge) with shorewall 2.2 and 2.6.10 Kernel.
In the next few weeks i need several IPSEC VPN tunnels - ans thats the
problem.
"shorewall check" tells me that "Policy Match: not available".
As i have RTFMd i need some iptables ans netfilter patches for 2.6
2004 Sep 30
4
IPSec connection from fw itself over vpn
Hello everyone,
I''m not sure whether to place my question here or in the racoon mailing
list or even in that of iptables.
I have created an ipsec connection with racoon in tunnel mode to another
gateway to connect one subnet on each side to each other. This works
fine. Only the ipsec gateway itself can''t send packages to the opposite
subnet.
Shorewall is configured according
2004 Dec 16
6
[OT] New (old) Firewall at shorewall.net
I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as
my main firewall. It is running a home-built 2.6.9 kernel with the
ipsec-netfilter and policy match patches.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \
2005 Jun 24
6
Is it that difficult?
Hello,
You will find in attachment the layout of my
current physical configuration.
For now, the Cable ISP is not used. Since it
is a dynamic ISP, my mailserver is rejected and
my domain name registers on blacklists like ORDB
and al.
I want it to be used as a default gateway except
for my mail server that would be seen as coming
from my "honest" ADSL ISP.
Here is
2006 Mar 25
2
Multiple uplink problems
I''ve installed Shorewall 3.0.5 on a Debian Sarge box, and I''m
attempting to route internet traffic through a couple of ISPs, and I''ve
come up against some problems.
The first is that one of my links is a pppoe connection to a wireless
modem, and I can''t configure it to have a static IP address...
therefore I can''t see how I can set up the two
2006 Jul 20
2
GRE over IPsec Cisco<-> Linux
Hello Lartc Mailing List:
Been working on something the last week and a half and ALMOST have it
working.., just need a few pointers from the wizards on this mailing list to
nail it.
Ok, my setup is a hub and spoke arrangement, hub is Cisco 2821 with IOS 12.4.
Spokes are ruggencom RX1000 routers, Debian based with the following versions
installed:
rx1000test:~# uname -a
Linux rx1000test
2009 Aug 12
6
Shorewall (Openswan) IPSEC VPN MASQ Problem
Hi,
I have setup a IPSEC VPN using Openswan to connect a Draytek router to a
CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m
getting a problem with packets from the left hand subnet getting
masqueraded rather than routed down the IPSEC VPN as though they were
going out onto the net. I''ve spent the last day searching Google and so
far I''ve hit a
2005 Oct 20
1
2.4.30-xenU kernel / openswan 1.0.9
Hi list!:
I found this error trying to compile the kernel 2.4.30 after apply the
patches from openswan-1.0.9.
The error ocurrs using:
kernel 2.4.30 (xenU kernel)
iptables 1.3.3
patch-o-matic-ng-20051010
openswan 1.0.9
the menu fails going to netfilter configuration options
[root@xenkbunk linux-2.4.30-xenUOSW-1.0.9]# make CC=gcc33 ARCH=xen
menuconfig
rm -f include/asm
( cd include ; ln -sf
2004 Sep 19
2
Time-based rules
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi!, I''d like to know how to set up shorewall to deny a user-defined
action in a time-based basis, for example, I have a group of users
using MSN, AOL, www and https, in a defined action called
action.BasicAccess now, I want this access to be enabled only on
lunch time from Monday through Friday and weekends from noon to
6pm... I know