similar to: Sanity check for Shorewall and Openswan VPN and 2.6

For those of you going to LinuxFest, I''ll be speaking today at 10:00 in G-106. And if you miss the talk but see me wandering around the campus later, don''t hesitate to flag me down to say "Hi". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

I have a standard 3 interface shorewall setup and I want to receive multicast stuff from ''net'' -> ''loc''. This requires me, first, to do an IGMP join which involves 192.168.1.x -> 224.0.0.x being NATed out as the ''net'' interface''s IP address. Obviously replies have to be NATed back to ''loc'' addresses. Can

Hello, I''m stuck IPSECing my wireless network at home and would appreciate any comments. I appologize in advance if I''m wasting your time with trivia - I''m not a professional and staring at the problem for days from various angles hasn''t done me any good ... My home server/firewall (morannon) is hooked up through an USB to ethernet adapter (eth1) to my DSL

Hi, all! Can I enable multicasting via shorewall? I have router with Gentoo Linux (one interface to ISP, one with alises - to local network). Shorewall work perfect! But now I need setup Quagga (zebra) for dynamic routing between one more router via another provider. All routers daemons (zebra, ripd, ospf) used multicasting. In my configuration already enabled allowBcast and etc.

The BBC are currently trialling multicasting the Olympics. This requires multicast and IGMP to be available. As far as I can make out, in 2.0.8 at least, all multicast addresses are filtered out and, to my naive eyes, can''t be re-enabled. Please prove me wrong :-) Dirk -- Please Note: Some Quantum Physics Theories Suggest That When the Consumer Is Not Directly Observing This Message,

I read LinuxFest NW 2005 Presentation pdf. On page 32, mentioned it required patches on kernel 2.6.x and netfilter and It only said that SuSE 9.2 and 9.3 had patches on it''s stock kernel. I''m using Redhat AS 4. Anybody knows does the stock kernel and netfilter had theses patches patched ? or How should I know the kernel and netfilter had these patches applied ? thanks!

I am trying to get a debian system with openswan 2.2 shorewall 2.1.11 + debian kernel 2.6.8 working together. I have read the documentation (IPSEC using Linux Kernel 2.6) and before I go and compile my own modules I would like to know if the standard debian kernel already has the Netfilter+ipsec patches and the policy match patches installed. Does anyone know? thanks Jim

I want to compile a custom xenU kernel for a firewall distribution (endianfw, version of ipcop), I can get it to load up but the kernel is missing some modules that aren''t resident. So I want to make a custom version for this domU, I know what I need kernel+openswan+xen+patch-o-matic but I not sure the best way to go about this, do I patch a fedora source or start with a vanilla kernel?

hi, there is no support for patch-o-matic netfilter modules. what i have to do if i want to use several patch-o-matic modules? which parts of code has to be changed and will that changed be included into the main shorewall tree in future or not? best regards claus

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 claas@rootdir.de wrote: > Hello, > > > I am trying to get ipsec with kernel 2.6.8.1 and shorewall 2.1.9 running, > but I still have a problem: > > Validating hosts file... > Error: Your kernel and/or iptables does not not support policy match: ipsec > > I had a look for netfilter patch-o-matic, but I did not find the

I am trying to set up my Shorewall box to forward multicast packets to my local net. I do have some problems with mrouted (see below), but I can join and add routes using smcroute. Multicast works when shorewall is disabled. I got a lot of help from the following. http://lists.shorewall.net/pipermail/shorewall-users/2005-January/016674.html I cannot get the multicast packets to pass the fw when

Hi, i have used shorewall for several years now, but now i have a problem i can not solve by my own. I use Debian (Testing/Sarge) with shorewall 2.2 and 2.6.10 Kernel. In the next few weeks i need several IPSEC VPN tunnels - ans thats the problem. "shorewall check" tells me that "Policy Match: not available". As i have RTFMd i need some iptables ans netfilter patches for 2.6

Hello everyone, I''m not sure whether to place my question here or in the racoon mailing list or even in that of iptables. I have created an ipsec connection with racoon in tunnel mode to another gateway to connect one subnet on each side to each other. This works fine. Only the ipsec gateway itself can''t send packages to the opposite subnet. Shorewall is configured according

I''ve rebuilt my old P-II/233 with Debian Sarge and it is now serving as my main firewall. It is running a home-built 2.6.9 kernel with the ipsec-netfilter and policy match patches. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Hello, You will find in attachment the layout of my current physical configuration. For now, the Cable ISP is not used. Since it is a dynamic ISP, my mailserver is rejected and my domain name registers on blacklists like ORDB and al. I want it to be used as a default gateway except for my mail server that would be seen as coming from my "honest" ADSL ISP. Here is

I''ve installed Shorewall 3.0.5 on a Debian Sarge box, and I''m attempting to route internet traffic through a couple of ISPs, and I''ve come up against some problems. The first is that one of my links is a pppoe connection to a wireless modem, and I can''t configure it to have a static IP address... therefore I can''t see how I can set up the two

Hello Lartc Mailing List: Been working on something the last week and a half and ALMOST have it working.., just need a few pointers from the wizards on this mailing list to nail it. Ok, my setup is a hub and spoke arrangement, hub is Cisco 2821 with IOS 12.4. Spokes are ruggencom RX1000 routers, Debian based with the following versions installed: rx1000test:~# uname -a Linux rx1000test

Hi, I have setup a IPSEC VPN using Openswan to connect a Draytek router to a CentOS 5.2/Shorewall 4.2.9 firewall. The VPN establishes OK but I''m getting a problem with packets from the left hand subnet getting masqueraded rather than routed down the IPSEC VPN as though they were going out onto the net. I''ve spent the last day searching Google and so far I''ve hit a

Hi list!: I found this error trying to compile the kernel 2.4.30 after apply the patches from openswan-1.0.9. The error ocurrs using: kernel 2.4.30 (xenU kernel) iptables 1.3.3 patch-o-matic-ng-20051010 openswan 1.0.9 the menu fails going to netfilter configuration options [root@xenkbunk linux-2.4.30-xenUOSW-1.0.9]# make CC=gcc33 ARCH=xen menuconfig rm -f include/asm ( cd include ; ln -sf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi!, I''d like to know how to set up shorewall to deny a user-defined action in a time-based basis, for example, I have a group of users using MSN, AOL, www and https, in a defined action called action.BasicAccess now, I want this access to be enabled only on lunch time from Monday through Friday and weekends from noon to 6pm... I know