Displaying 20 results from an estimated 50000 matches similar to: "Fedora Core 3 / 2.6.9-1.667"
2004 Oct 31
9
Maquerading through IPSECed wireless dropping packets selectively?
Hello,
I''m stuck IPSECing my wireless network at home and would appreciate any
comments. I appologize in advance if I''m wasting your time with trivia -
I''m not a professional and staring at the problem for days from various
angles hasn''t done me any good ...
My home server/firewall (morannon) is hooked up through an USB to
ethernet adapter (eth1) to my DSL
2004 Nov 24
14
traffic shaping on ftp server don''t work
Having study a number of documents on linux traffic shaper, I started
to setup my shaping rules in my network.
My linux box is running RH AS3 U3, shorewall 2.0.9.
It is using PPPoE connected to the Internet
firewall:
eth0: connect to the adsl modem
eth1: private net
ppp0: virtual dial up interface for pppoe
There is a ftp server on the private net
It is listen for port 21 and configured
2004 Dec 14
4
ipsec-netfilter patches for 2.6.9
The patches may be found at:
http://shorewall.net/pub/shorewall/contrib/IPSEC
ftp://shorewall.net/pub/shorewall/contrib/IPSEC
I found these patches on the netfilter-devel list and make no warranties
as to how well they work (or not).
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP
2004 Dec 05
13
Adding dynamically more than one host at once?
Hi,
it seems not to be possible to add more than one host at once to a zone.
So
shorewall add br0:eth0:192.168.2.10,eth0:192.168.2.11 work
fails, since "br0:eth0:192.168.2.10,eth0" is interpreted as one interface.
--snip --
iptables v1.2.9: interface name `eth0:192.168.2.10,eth0'' must be shorter
than IFNAMSIZ (15)
Try `iptables -h'' or ''iptables
2004 Nov 27
16
bridge and dynamically adding hosts to zones
Hi,
I''ve set up a bridge which connects two parts of the same subnet with
each other.
I''ve set up everything as described in the Documentation and it works
very nicely.
However: I have a problem with adding hosts to zones dynamically.
The zone I want to add hosts to is called ''work''.
Since only the bridge br0 is defined in /etc/shorewall/interfaces
2004 Nov 02
3
Shorewall 2.2.0 Beta 2
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-Beta2
Problems Corrected:
1. The "shorewall check" command results in the (harmless) error
message:
/usr/share/shorewall/firewall: line 2753:
check_dupliate_zones: command not found
2. The
2005 Feb 04
12
SW 2.2.0: 4 interface system, log reports impossible "IN=" and DROPS
This one is really throwing me. Thanks in advance for
any advice.
I''m working on a 4 port firewall system. It is
running heartbeat+drbd.
Primary box looks like this:
eth0 -> net/cicso router
192.168.144.2/29
eth1 -> drbd/heartbeat crossover cable
192.168.254.253/30
eth2 -> dmz
192.168.144.10/24
eth3 -> loc
192.168.101.2/24
The IP''s
2005 Feb 08
15
Few questions
Hi,
I have a few problems with my shorewall configuration.
First of all, the option maclist seems no to be recognized.
I have this:
ghostwheel /etc/shorewall # cat interfaces | grep -v ''^#''
- eth1 detect dhcp,tcpflags,routefilter
loc eth0 detect tcpflags,maclist
When I look at shorewall-init.log, I found out:
2005 Feb 02
6
Need help with Shorewall
I am using debian sarge. I want to block all incoming requests except
DNS (port 53) and allow all outgoing traffic. I did a apt-get
shorewall. When I start shorewall, I cannot even ping to any external
site. I am a newbie and difficult to follow the online guide. Can
anyone please help me.
Thanks !
2004 Nov 08
5
Shorewall on FC3?
What version of shorewall do you suggest I try on a FC3 system?
TIA,
/ChJ
2004 Dec 02
8
Correct Shorewall version for RedHat ES3
Hello all --
I am trying to get Shorewall, ipsec and RedHat ES version 3 to cooperate.
Before posting any specific problems, I thought I''d find out if I have the
right stuff to work with. (I''ve gotten ipsec to work flawlessly with
Shorewall using RH 8 and 9 kernels, so I have some experience with it.
Shorewall 2.0.12 works fine on this ES 3 box, except for the ipsec part)
2005 Jan 26
9
Proxy-ARP on Same Segment
I have had to replace an existing setup which has a bunch of IPs
Proxy-NAT''ed onto the loc segment. While I do eventually want to move
them to their own segment, I have to deal with this for the next few weeks.
My problem is that from a loc system I can ping the public IP of a
system being proxy-ARP''d but I can''t hit it via HTTP. Nothing is being
blocked according
2004 Dec 16
12
A question on rules simplification
[newbie question]
Before using Shorewall I used to manually write some very short iptables
rules which where probably much poorer than what this Shorewall gem does
but I could "follow" them very easily.
Now reading the output of iptable -L gives me a terrible headache.
Is there some tool that graphs the rules in order to "see" them better ?
For instance I was experiencing
2004 Dec 19
6
IPSEC vs OpenVPN
While I have concentrated on support for 2.6 native IPSEC in release
2.2.0, I am still of the opinion that unless you absolutely need IPSEC
compatibility that OpenVPN is a much easier (and in the case of
roadwarriors, a much better) solution.
Having already generated all of the required X.509 certificates, it took
me less than 1/2 hr to replace my IPSEC testbed with an OpenVPN one
using the new
2005 Feb 03
8
SMB Problem
I''m having a problem where transferring files accross our IPsec gateway
to another host on a remote network is failing. I see no packets being
rejected in the logs.
Attached is a packet trace, showing the problem. In this case,
10.100.0.0/24 is the local network and 10.100.14.0/24 is the remote
network. The trace was taken on the local gateway.
In the trace, there is a set of TCP
2005 Jan 14
4
Samba & ICMP allow problem
I am running a Redhat FC2 server, which runs postfix
for mail, Squid for proxy and samba as Domain
Controller and file server. I installed
shorewall-2.1.11-1.
In the shorewall rules /etc/shorewall/rules I added
the following for samba
ACCEPT LAN $FW:192.168.100.1 tcp
139,445
ACCEPT LAN $FW:192.168.100.1 udp
137:139
ACCEPT LAN $FW:192.168.100.1 udp 445
2004 Dec 19
8
Shorewall 2.2.0 RC1
http://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1
ftp://shorewall.net/pub/shorewall/2.2-Beta/shorewall-2.2.0-RC1
Problems Corrected:
1. The syntax of the add and delete command has been clarified in
the help summary produced by /sbin/shorewall.
New Features:
1. TCP OpenVPN tunnels are now supported using the ''openvpn'' tunnel
type. OpenVPN
2004 Oct 28
7
akamai problem behind linux router
Hello,
This is not really a shorewall problem. But just wanted to check if this
problem rang a bell with any of you.
I have a linux router with slackware 9.1, and kernel 2.4.27
Everyting works ok except for access to web sites that use akamai from
behind the router.
>From the router machine itself I can access those sites without problems.
But machines behind nat, take forever to access
2004 Dec 05
28
state INVALID
Having moved from a "cascading LANs" configuration to two independent LANs
on eth0 and eth1, I still get some "state INVALID" for which I am not sure
what the cause is. Can somebody help me understand its probable origin?
Thanks,
Costantino
[see attachment]
2004 Dec 18
14
SuSe 9.1 startup issue
Tom,
I am NOT subscribed (yet). I dropped SuSeFirewall2 in favor of
shorewall to get past the configuration hurdles I as experiencing.
At the moment, when my SuSe 9.1 starts up, I can see shorewall processing
the rules, policies, etc. and I see no errors and then moves on with the
rest of the SuSe boot process .
However, no traffic passes through using the rules.
I run an iptables -L and I