Displaying 20 results from an estimated 10000 matches similar to: "Strange problem kernel 2.6"
2003 Jan 29
1
Problems with zone definition
Hi!
I have just upgraded from version 1.3.2 to 1.3.13 and noticed some
strange things. On interface eth2 I have 4 different addresses
192.168.11.0/24, 192.168.13.0/24, 192.168.102.0/24, 192.168.130.0/24 in
version 1.3.2 loc zone is defined like this: loc eth2: 192.168.11.0/24,
.. but in version 1.3.13 0.0.0.0/0 is added at the end on all zones and
because of that for example machine in
2004 Dec 06
1
MASQ
Is it possible to somehow build this rule, where net could be any IP on
the net?
/etc/shorewall/masq
#INTERFACE SUBNET ADDRESS PROTO PORT(S)
eth3:10.10.10.7 net 10.10.10.1
Thanks, David
2004 Oct 04
5
Bridge and routing question - complete email.
Here is the report and the complete diagram. And sorry for email problem and
incomplete email !
I have made new test.
Eth0 and eth2 are bridged.
I can ping NET from LAN
I can ping every firewall''s interface from LAN
I can ping eth1 from private LAN
I can ping everything from firewall
Bridging is activated in shorewall.conf
>From LAN i can ping 192.168.11.253 but not 192.168.11.254
2003 Oct 22
2
help seeing DMZ from LOC
I have a three interface network (net,loc,dmz).
The internet interface (eth0) has a static IP.
Windows machine in the local network (eth1) use DHCP to get IPs from
the 192.168.10.0/24 netblock.
The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in
the 192.168.11.0/24 netblock.
The DHCP server is running on the firewall machine (not ideal, I know,
but that''s the way
2004 Jun 28
6
URGENT: Shorewall Security Vulnerability
Javier Fernández-Sanguino Peña has discovered an exploitable
vulnerability in the way that Shorewall handles temporary files and
directories. The vulnerability can allow a non-root user to cause
arbitrary files on the system to be overwritten. LEAF Bering and Bering
uClibc users are generally not at risk due to the fact that LEAF boxes
do not typically allow logins by non-root users.
For 2.0
2009 Jun 10
6
Shorewall + IPsec Tunnel
Hi everyone!
First of all, sorry about my bad English and the e-mails extension.
I need some help to implement a VPN connection using shorewall and openswan
as IPSec Tunnel.
My network map:
CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
(DMZ)
I have two VPN connections with two different subnets to the other end. The
two of then are correctly established.
2005 Mar 15
5
unable to filter or log vpn traffic
hi all,
i have a classic net topology with two local zone, a firewall/router
with dsl connection
loc1 (192.168.11.0/24)
----- fw ----- net
loc2 (192.168.12.0/24)
now on the local zone 1 (on a WinXP machine) i have installed
OpenVPN 2.x to make a test connection with a company.
OpenVPN is configured as client to use tun on udp
port 10000 with ip 10.0.0.2, on the other
2004 Jan 21
3
FW: DNAT and masq problem with kernel 2.4.23
Hi,
after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8
will not start / it fail on DNAT and/or masq with message: "iptables:
Invalid argument" /
I founded some similar problems description - see links bellow, but there is
no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel.
http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html
2005 Mar 31
1
can''t use shorewall in a UML-Session
Hi folks,
sorry for my bad english, but I am not a native speaker.
I want to setup a virtual firewall-host in a UML-Session.
I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge.
I have 4 nic''s in my System:
eth0 -> localnet 0
eth1 -> localnet 1
eth2 -> wlan
eth3 -> DSL/ppp0
I''m using four bridges br0,br1,br2,br3.
The UML firewall host is
2004 Oct 04
1
Shorewall-users Digest, Vol 23, Issue 4
Sorry some email problem, i have change it for more reliable one.
I have try this morning to netmasq 192.168.11.0 (eth1) to 192.168.1.0
(eth0), but it is a mistake.
Yes thank you for answering so fast !
I have corrected it, here the new diagram and the new routing table. But it
still doesn''t work. From the router i can access to 192.168.11.254 I have
add the rules :
DNAT loc
2004 Dec 14
4
ipsec-netfilter patches for 2.6.9
The patches may be found at:
http://shorewall.net/pub/shorewall/contrib/IPSEC
ftp://shorewall.net/pub/shorewall/contrib/IPSEC
I found these patches on the netfilter-devel list and make no warranties
as to how well they work (or not).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2005 Feb 05
13
Problem while trying to set up an ipsec vpn
Hi,
I''m asking my question here, because I could not find any answer to my
problem, but I''m affraid shorewall is not the one to blame.
First of all I''m using shorewall version 2.0.15 on two linux box.
I set up an ipsec tunnel beetween those 2 boxes to be ables to connect
2 not routable subnetworks.
Here is my network topology:
10.66.17.0/24 - 10.66.17.1 = eth0
2003 Aug 06
10
wormHunter.sh and friends
Evening all,
First: Obligatory thanks to Tom. Shorewall is GREAT! I''ve got it on 3
machines now and love it. (Just because they are obligatory does not mean
they are not heart-felt.)
On my main web server, I am constantly scanning my log files for
worm-signs. Requests for default.ida, any .exe, there are several others,
you probably have your favorite. I got tired of doing it by hand
2005 Apr 06
3
How to use Patch-o-matic ?
Hi,
i have used shorewall for several years now, but now i have a problem i
can not solve by my own.
I use Debian (Testing/Sarge) with shorewall 2.2 and 2.6.10 Kernel.
In the next few weeks i need several IPSEC VPN tunnels - ans thats the
problem.
"shorewall check" tells me that "Policy Match: not available".
As i have RTFMd i need some iptables ans netfilter patches for 2.6
2005 Mar 12
4
Shorewall 2.2.1 and open ports
Hello all,
I’m running Shorewall 2.2.1 on linux kernel 2.6.10 with iptables 1.2.11. I recently ran a nessus scan of my firewall from a machine outside of the firewall and the nessus report told me that there are some ports open that I did not specify to be open. The ports are 32772/udp, 123/udp, 111/tcp, 32772/udp, and 53/udp. Why are these ports open when I did NOT specify them to be open
2004 Dec 02
8
Correct Shorewall version for RedHat ES3
Hello all --
I am trying to get Shorewall, ipsec and RedHat ES version 3 to cooperate.
Before posting any specific problems, I thought I''d find out if I have the
right stuff to work with. (I''ve gotten ipsec to work flawlessly with
Shorewall using RH 8 and 9 kernels, so I have some experience with it.
Shorewall 2.0.12 works fine on this ES 3 box, except for the ipsec part)
2005 Feb 15
1
Re: Shorewall 2.2 and Debian Sarge
Jason Wohlford wrote:
>
> linux:/etc/shorewall# shorewall check
> /sbin/shorewall: line 261: Added: command not found
> Loading /usr/share/shorewall/functions...
> Processing /etc/shorewall/params ...
> Processing /etc/shorewall/shorewall.conf...
> /usr/share/shorewall/firewall: line 261: Added: command not found
BTW -- it looks like you have a missing "#" on a
2005 Jan 30
20
FTP Transparent Proxy from Local To Net Through DMZ
Dear All,
Linux Kernel 2.4.20-8
Running Shorewall 2.2.0
ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff
inet 62.68.254.178/28 brd
2004 Dec 28
5
Multiple IP´s in one Zone
Hi everybody
I have a Problem with Masquerading from my local net (loc) to my VPN (loc2).
I can reach every Service from loc2 in loc, but I can''t get reach any
service from loc in loc2.
Has somebody an Idea where my mistake is ?
Without shorewall, it was working.
Thanks for helping
Lars
Technical Information :
Shorewall 2.0.13
Suse 9.0
*177.177.77.X The first 3 Counts are changed
2004 Sep 24
10
hopeless - smb over bridged firewall
Dear List!
I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection
to the Internet (ppp0 - eth1 to the modem) and a bridge to the local
lan. The bridged config i''ve made with bridge.html from the shorewall
site. The Bridge is between local net and a openvpn tap device. This
works. I ccan make tunnels, and a can make a lot of things through the
firewall. I can get a list