similar to: Shorewall upgrade problem

Hello, I just started updating my RH9 Linux servers with Shorewall 1.4.9. I had Shorewall 1.4.8 installed on the server before I updated it. I installed it using the following command: rpm -Uvh Shorewall-1.4.9-1.noarch.rpm I got the normal rpm "Preparing." message and then it displayed the following message five times before listing expected warnings of creating rpmnew

In this version: 1) You may now define the contents of a zone dynamically with the "shorewall add" and "shorewall delete" commands. These commands are expected to be used primarily within FreeS/Wan updown scripts. 2) Shorewall can now do MAC verification on ethernet segments. You can specify the set of allowed MAC addresses on the segment and you can optionally

In this version: 1) You may now define the contents of a zone dynamically with the "shorewall add" and "shorewall delete" commands. These commands are expected to be used primarily within FreeS/Wan updown scripts. 2) Shorewall can now do MAC verification on ethernet segments. You can specify the set of allowed MAC addresses on the segment and you can optionally

Hi! This is another thread of "setting gateway in interfaces file" and while i dont want to create any confusion here, i have decided to open a new thread.(which mean Diamond King no longer a subscriber to shorewall-users) Actually, i turned out not to be the MARK issues. Something is missing and i got this error instead :- Setting up Accounting... Creating Interface Chains...

Hi to all. I have a shorewall ver 2.0.13 running in Fedora Core 3, the machine has dual cpu, 1gb of ram, and 40GB of hard disk space. The machine runs shorewall only and had tested it to openvpn but most of the time just shorewall. The problem, there were instances when internet traffic coming from the local network just halts, I needed to restart shorewall in order the traffic to flow again.

The Shorewall support page advocates including the output of "shorewall status" with problem reports that involve some sort of connection problem. I suspect that the number of people who feel comfortable analyzing problems through use this output is small. To help, I''ve created http://shorewall.net/AnalyzingShorewallStatus.html I suspect that the document isn''t

Hi to all. I recently upgraded to shorewall ver 2.3 from 2.0 so I could explore the multiple ISP/dual default route setup feature of version 2.3, I also upgraded iptables from 1.2 to 1.3 (rpm-based install) but when I tried to start shorewall it terminates and I noticed it''s giving me this error iptables: No chain/target/match by that name ERROR: Command "/sbin/iptables -t mangle -A

Hi! I installed shorewall shorewall-2.1.7-1 on a newly installed box. When using 1.4 versions I could enable shorewall in ntsysv, now shorewall doesn''t show up in ntsysv? I am running shorewall on a RedHat Enterprise Linux rebuild (www.taolinux.org). Is this a bug or a feature?

Release candidate 1 is available at: http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta The ''releasenotes.txt'' file tells you about the release. -Tom PS to those of you on the Shorewall Announcement List: Feedback to this point is overwelmingly in favor of keeping Beta and Release Candidate announcements on this list. I have configured the list

On Tue, 2004-11-30 at 12:17 +0700, Matthew Hodgett wrote: > > As for the 169.254 issue I tried to search the archives but got nothing. > I then tried to search on generic words, nothing. I then tried some > really common words like ''help'', ''initiated'', ''masq'' - nothing. I think > the index might be corrupt because I get no

Is there a way to specify a variable for the gateway in /etc/shorewall/providers? I have in my scenario: eth0 dsl (static IP) eth1 cable (dhcp assigned IP) eth2 lan1 Is it possible to specify the gateway as a variable based on the current DHCP lease (like $eth0_gw)? I''m following the documentation at http://www.shorewall.net/Shorewall_and_Routing.html. -Scott

----- Original Message ----- From: "Jerry Vonau" <jvonau@shaw.ca> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Thursday, August 19, 2004 08:06 Subject: Re: [Shorewall-users] Two Links and DNAT > > > > Btw, by "shorewall show nat" I just noticed that I was doing snat only > > for packets comming

Anyone else seeing this?? Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

I have produced RedHat 9.2.2-22 RPMS that include the ISC "delegate-only" patch that helps thwart Verisign''s wildcard .com and .net hijacking. These RPMs seem to run fine on RH9 (I''ve been running them since yesterday on ns1.shorewall.net). ftp://shorewall.net/pub/misc/ -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net

This is a minor release of Shorewall. In this release: 1. A "shorewall try" command has been added. This command attempts to restart Shorewall using an alternate configuration and if that attempt fails, Shorewall is automatically started with the default configuration. This is useful for remote administration where a failed restart of Shorewall can leave you isolated from

Hello Shorewall gurus, as outlined on the shorewall site I have done the following after failure to install shorewall via the rpm: I have read all of the FAQ. I have read the quickstart guide with particular attention directed at the Mandrake solution. I have searched the mailing list archives (all old replies). I have studied the documentation index. I have previous experience using shorewall

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

Hi! I have reprise try to resolve this problem, suspended from 17 dec 2005 I have try to apply the suggest of Jerry (see above). The problem still exist. See attach shorewall config, dump and tcpdump when I check to exit whit SSH from firewall... In the masq file is reported the last my attempt in order to resolve my problem, however I have test also the example reported in MultiISP.html, but

Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the