similar to: Strange problem kernel 2.6

Hi! I have just upgraded from version 1.3.2 to 1.3.13 and noticed some strange things. On interface eth2 I have 4 different addresses 192.168.11.0/24, 192.168.13.0/24, 192.168.102.0/24, 192.168.130.0/24 in version 1.3.2 loc zone is defined like this: loc eth2: 192.168.11.0/24, .. but in version 1.3.13 0.0.0.0/0 is added at the end on all zones and because of that for example machine in

Is it possible to somehow build this rule, where net could be any IP on the net? /etc/shorewall/masq #INTERFACE SUBNET ADDRESS PROTO PORT(S) eth3:10.10.10.7 net 10.10.10.1 Thanks, David

Here is the report and the complete diagram. And sorry for email problem and incomplete email ! I have made new test. Eth0 and eth2 are bridged. I can ping NET from LAN I can ping every firewall''s interface from LAN I can ping eth1 from private LAN I can ping everything from firewall Bridging is activated in shorewall.conf >From LAN i can ping 192.168.11.253 but not 192.168.11.254

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

Javier Fernández-Sanguino Peña has discovered an exploitable vulnerability in the way that Shorewall handles temporary files and directories. The vulnerability can allow a non-root user to cause arbitrary files on the system to be overwritten. LEAF Bering and Bering uClibc users are generally not at risk due to the fact that LEAF boxes do not typically allow logins by non-root users. For 2.0

Hi everyone! First of all, sorry about my bad English and the e-mails extension. I need some help to implement a VPN connection using shorewall and openswan as IPSec Tunnel. My network map: CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER (DMZ) I have two VPN connections with two different subnets to the other end. The two of then are correctly established.

hi all, i have a classic net topology with two local zone, a firewall/router with dsl connection loc1 (192.168.11.0/24) ----- fw ----- net loc2 (192.168.12.0/24) now on the local zone 1 (on a WinXP machine) i have installed OpenVPN 2.x to make a test connection with a company. OpenVPN is configured as client to use tun on udp port 10000 with ip 10.0.0.2, on the other

Hi, after kernel upgrade to 2.4.23 my existing configuration of shorewal 1.4.8 will not start / it fail on DNAT and/or masq with message: "iptables: Invalid argument" / I founded some similar problems description - see links bellow, but there is no solution how to get work shorewall with DNAT and masq with 2.4.23 kernel. http://www.ussg.iu.edu/hypermail/linux/kernel/0312.0/0268.html

Hi folks, sorry for my bad english, but I am not a native speaker. I want to setup a virtual firewall-host in a UML-Session. I''m using Kernel 2.4.27-um1 and shorewall 2.2.2-2 from Debian sarge. I have 4 nic''s in my System: eth0 -> localnet 0 eth1 -> localnet 1 eth2 -> wlan eth3 -> DSL/ppp0 I''m using four bridges br0,br1,br2,br3. The UML firewall host is

Sorry some email problem, i have change it for more reliable one. I have try this morning to netmasq 192.168.11.0 (eth1) to 192.168.1.0 (eth0), but it is a mistake. Yes thank you for answering so fast ! I have corrected it, here the new diagram and the new routing table. But it still doesn''t work. From the router i can access to 192.168.11.254 I have add the rules : DNAT loc

The patches may be found at: http://shorewall.net/pub/shorewall/contrib/IPSEC ftp://shorewall.net/pub/shorewall/contrib/IPSEC I found these patches on the netfilter-devel list and make no warranties as to how well they work (or not). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP

Hi, I''m asking my question here, because I could not find any answer to my problem, but I''m affraid shorewall is not the one to blame. First of all I''m using shorewall version 2.0.15 on two linux box. I set up an ipsec tunnel beetween those 2 boxes to be ables to connect 2 not routable subnetworks. Here is my network topology: 10.66.17.0/24 - 10.66.17.1 = eth0

Evening all, First: Obligatory thanks to Tom. Shorewall is GREAT! I''ve got it on 3 machines now and love it. (Just because they are obligatory does not mean they are not heart-felt.) On my main web server, I am constantly scanning my log files for worm-signs. Requests for default.ida, any .exe, there are several others, you probably have your favorite. I got tired of doing it by hand

Hi, i have used shorewall for several years now, but now i have a problem i can not solve by my own. I use Debian (Testing/Sarge) with shorewall 2.2 and 2.6.10 Kernel. In the next few weeks i need several IPSEC VPN tunnels - ans thats the problem. "shorewall check" tells me that "Policy Match: not available". As i have RTFMd i need some iptables ans netfilter patches for 2.6

Hello all, I’m running Shorewall 2.2.1 on linux kernel 2.6.10 with iptables 1.2.11. I recently ran a nessus scan of my firewall from a machine outside of the firewall and the nessus report told me that there are some ports open that I did not specify to be open. The ports are 32772/udp, 123/udp, 111/tcp, 32772/udp, and 53/udp. Why are these ports open when I did NOT specify them to be open

Hello all -- I am trying to get Shorewall, ipsec and RedHat ES version 3 to cooperate. Before posting any specific problems, I thought I''d find out if I have the right stuff to work with. (I''ve gotten ipsec to work flawlessly with Shorewall using RH 8 and 9 kernels, so I have some experience with it. Shorewall 2.0.12 works fine on this ES 3 box, except for the ipsec part)

Jason Wohlford wrote: > > linux:/etc/shorewall# shorewall check > /sbin/shorewall: line 261: Added: command not found > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/params ... > Processing /etc/shorewall/shorewall.conf... > /usr/share/shorewall/firewall: line 261: Added: command not found BTW -- it looks like you have a missing "#" on a

Dear All, Linux Kernel 2.4.20-8 Running Shorewall 2.2.0 ip addr show 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 link/ether 00:48:54:53:82:45 brd ff:ff:ff:ff:ff:ff inet 62.68.254.178/28 brd

Hi everybody I have a Problem with Masquerading from my local net (loc) to my VPN (loc2). I can reach every Service from loc2 in loc, but I can''t get reach any service from loc in loc2. Has somebody an Idea where my mistake is ? Without shorewall, it was working. Thanks for helping Lars Technical Information : Shorewall 2.0.13 Suse 9.0 *177.177.77.X The first 3 Counts are changed

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list