similar to: Diagram of iptables

I am trying to get a debian system with openswan 2.2 shorewall 2.1.11 + debian kernel 2.6.8 working together. I have read the documentation (IPSEC using Linux Kernel 2.6) and before I go and compile my own modules I would like to know if the standard debian kernel already has the Netfilter+ipsec patches and the policy match patches installed. Does anyone know? thanks Jim

Lorenzo Martignoni at Univesita` degli Studi di Milano in Milan has established a mirror of the Shorewall web site. http://italy.shorewall.net http://cert-it.dico.unimi.it/shorewall Thanks Lorenzo! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \

Dear newfound friends, please be patient. For me reading and writing in English is more painful than dissecting IP traces :) I have tried reading through the FAQ but could not quite understand: I would like the logs to be terser. I think I can live without MAC, LEN, TOS, PREC, TTL, ID fields normally (maybe need them only in special situations). Could not understand if/how I can achieve this.

http://shorewall.net/pub/shorewall/Beta ftp://shorewall.net/pub/shorewall/Beta -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hello Shorewall gurus, as outlined on the shorewall site I have done the following after failure to install shorewall via the rpm: I have read all of the FAQ. I have read the quickstart guide with particular attention directed at the Mandrake solution. I have searched the mailing list archives (all old replies). I have studied the documentation index. I have previous experience using shorewall

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Over the past weekend, I added SPF screening on the MTA at shorewall.net. SPF is a mechanism for a domain to use DNS to publish a list of those IP addresses that are used to send legitimate email from that domain. A receiving MTA can use that published information to determine if email from a domain is being sent through an MTA belonging to that

The second Beta is now available at: http://www.shorewall.net/pub/shorewall/Beta ftp://ftp.shorewall.net/pub/shorewall/Beta Function from 1.3 that has been omitted from this version includes: 1) The ''check'' command is no longer supported. 2) The MERGE_HOSTS variable in shorewall.conf is no longer supported. Shorewall 1.4 behavior is the same as 1.3 with MERGE_HOSTS=Yes.

Hi All, Just joined the list to try and solve a problem. To show that I''ve read the rules I''ll start with the requested info os linux kernel-2.4.27 with latest netfilter pom for gre and pptp conntrack etc iptables is 1.3.0 - downloaded and compiled with the pom stuff and the 2.4.27 kernel shorewall version shorewall-2.2.1-2 from rpm ip addr show [root@squid3 root]# ip addr

Sorry for asking this, as I believe it to be a kernel-related rather than Shorewall-related problem. But some of you guys seem to have a lot of experience with these kind of things. I''m setting up a NAT''ing router with two ISP lines. At first sight, everything works as expected, however when the local machines try to keep a TCP-connection open for a long time, it disconnects

I''m re-reading the section on dns names in the shorewall docs: "I personally recommend strongly against using DNS names in Shorewall configuration files. If you use DNS names and you are called out of bed at 2:00AM because Shorewall won''t start as a result of DNS problems then don''t say that you were not forewarned." Having been stung by this a few times

[newbie question] Before using Shorewall I used to manually write some very short iptables rules which where probably much poorer than what this Shorewall gem does but I could "follow" them very easily. Now reading the output of iptable -L gives me a terrible headache. Is there some tool that graphs the rules in order to "see" them better ? For instance I was experiencing

Tom, While reading the Shorewall OpenVPN doc, I found that you have to many "7" in the example 77777 instead of 7777 in the text. Jim This entry in /etc/shorewall/tunnels opens the firewall so that OpenVPN traffic on the default port 5000/udp will be accepted to/from the remote gateway. If you change the port used by OpenVPN to 7777, you can define /etc/shorewall/tunnels like

Hi folks, Has anyone tested the changes to multiple ISPs/load balancing or routestopped in 2.4.0-RC1 yet? We need to talk about what criteria we will use for determining whether 2.4.0 is ready for release. I''ve started configuring a firewall at work with the multiple ISPs support, but its kernel doesn''t have connection marking support, so it''s going to be a couple of

hi all, shorewall claim that support stateful connection. But I read the document, I can''t found any configuration on it like in iptables e.g. -m -state NEW, ESTABLISHED something like like. Is shorewall by default is staeful connection for any connectione.g. web, http

Hello Shorewall gurus, I have a dilemma with a public server. I want to migrate the current public server over to a new machine behind the current server''s firewall (shorewall 1.4). I have included a diagram below to help explain the target network I am working toward. I have read the shorewall online documentation and though I have used Shorewall the past 4 years in the current

Hello, I am stumped on a problem I am having with Shorewall 2.0.1 on Mandrake 10. My setup is as follows. I have a /28 and have assiigned all ip addresses to my firewall using aliases. I am able to setup rules to allow specific traffic to specfic ip addresses on the firewall like so: ACCEPT net:w.x.y.z $FW:w.x.y.z tcp 22 This works great for TCP and UDP traffic. I can

my interfaces file: net eth0 155.229.27.55 loc eth1 192.168.1.231 dmz eth2 192.168.100.1 route -n: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 155.229.27.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

Well.. I''ve been using shorewall since a few years now, but the first time involved in making it work with (a lot of) vlan''s. The problem is, we''ve got approx 70 vlan''s on a switched cisco network, working fine. The only ''problem'' is the time it takes when we do a shorewall restart.. Each vlan is configured as a separate interface and

Hi! I''ve been searching the net for information about this topic, but I can''t find anything relevant to my problem or I don''t understand the answer completely. Please enlighten me... :-) I''m trying to replace a Cisco PIX firewall with a Linux Shorewall box. Today the users behind the Cisco FW is on a NAT-network and in the same network there are a couple of

The problem scenario I describe was reported previously in the Shorewall lists but its resolution does not seem to have made it into the lists. Scenario: Windows XP client seeking to establish a VPN connection to a Windows 2003 Server located behind a Shorewall firewall (running on Mandrake kernel 2.4.22-37mdk). The connection cannot be made, the client reports error code 721. Discussion: