similar to: ipip setup issues

Hi guys, I''m trying to setup an IPIP tunnel between a Cisco router and a firewall running Debian GNU/Linux Sarge with Shorewall 2.0.13. I''ve read and implemented the http://shorewall.net/IPIP.htm document, but I don''t understand why there should be at the same time a "tunnel" and a "tunnels" script. Shorewall still refuses to let the

Greetings. I run an Amateur Radio system (ampr.org) that requires 2 public ip''s on a RH 9.0 box. The primary one is 209.52.173.97 and is used for connections to the normal linux system and the usual apps such as web, ssh, smtp, etc. The secondary address is 209.52.173.98 and is routed via a pseudoslip link to the systems ampr address of 44.135.163.21. This setup takes place in the

Hi, Does anyone tried to get ipip or gre tunnel behind NAT environments. ? i''m trying to make both side tunneling with ipip or gre with private address just like belows.. A -------------------FIRWWAL -------------------INET ------------------- B PRIVATE PUBLIC PUBLIC (10.100.0.1) (211.xxx.xxx.xxx) (

I wonder if someone can tell me what these ''unknown'' remarks mean in my status file. They are only in the last portion of the file and are listed below. If they mean nothing, I will rest easy. But if not it means I need to fix something. Your thoughts would be appreciated. ---------------- udp 17 92 src=24.224.173.220 dst=24.222.0.75 sport=1027 dport=53 src=24.222.0.75

After carefull reading (LARTC) and experimentation, I am in a dead end... I am using several IPIP tunnels (linux ipip module, IP protocol 4). I''d like to filter packets going through these tunnes to different classes, on the ingress device, based on source and destination IP _INSIDE THE TUNNEL_. First I tried the nexthdr bit. As explained in LARTC, nexthdr jumps to the next header

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=98 netfilter@linuxace.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |netfilter@linuxace.com Status|ASSIGNED |RESOLVED Resolution|

Hi, I''m running Slackware 13.37 x86 using Shorewall 4.4.21 with OpenVPN and the VPN options I''m using in Slackware 13.37 will not work in Shorewall, but in Slackware 13.1 using the same Shorewall version and files, the ''interfaces'', ''policy'' and ''zone'', are all I have configured, it was working and this also works in Arch at

Hi. I am trying to force some traffic that goes to address 203.7.93.94 through a VPN tunnel. I use freeswan 1.98b and Shorewall 1.4.6c in one machine. The 203.7.93.94 is in the DMZ on the other end. (Both ends use the same shorewall and freeswan). I have successfully set up a tunnel between the two network (using a point to point topology, not hub). I added a static routing that redirect

Hello list, I wish to report a problem with openvpn tunnels. Synopsis: Despite adding policies to the shorewall policy file, I have to add extra rules to allow the UDP port 5000 packets to get through. I have used no particular setup guide. I believe this problem goes away with shorewall 2.0.9, as I have implemented openvpn with that version on a different machine, and I see no UDP:5000 packet

Dear List! I use a shorewall 2.0.8 on a Debian sarge system. I use a DSL connection to the Internet (ppp0 - eth1 to the modem) and a bridge to the local lan. The bridged config i''ve made with bridge.html from the shorewall site. The Bridge is between local net and a openvpn tap device. This works. I ccan make tunnels, and a can make a lot of things through the firewall. I can get a list

Hello I have /25 addressed on a box (virtual devices on eth0) and I want to tunnel some of these addresses to my home network. One address to my gateway (a.b.c.d, external IP) and one address to my internal network (192.168.0.0/24-style). I will use the tunnels for irc, smtp and surfing. What protocol and which technique is easiest and best to use? One more thing. I don''t want to set up

Hello Gurus, I am a small problem with routing and here are the details. Interfaces on my server: * ipsec0 - 172.19.58.94 * tunl0 - 172.19.58.94 * eth0 - 172.19.58.94 Now, the problem is that there is another host 172.19.58.200. All communication to 172.19.58.200 should be through tunl0, and all the data should be secured using IPSec (tunnel mode - because there are more machines on my

Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

Hello, I installed my linux server for 3 months now. It does almost everything (dns, web & mail server, firewall ...). I just encounterd two problems with the firewall: behind this server there are 2 computers: i got emule on one and msn on the other. The problem is that I can''t configure well the firewall fore these 2 rules. I''ve added DNAT rules but it

I want to use fprobe-ulog (http://fprobe.sourceforge.net/) to generate NetFlow information about traffic going through my router. The question is how to get the logging rules added to the appropriate chains (I''m assuming eth2_in and eth2_out in my case)? I''m using the perl version of shorewall 4.0.6. -- Orion Poplawski Technical Manager 303-415-9701

Hey guys I''ve been beating my head on this for a few hours. Maybe it is just a stupid configuration error you can point me at. First here is a small diagram of what I am trying to configure: http://6bit.com/img/netdiag.png Currently I only have Shorewall running on the host on the right of the diagram until I can get this working then I''ll add it to the other host as well.

Hi Tom, I nearly completed the test and installation related to http://www.shorewall.net/PPTP.htm. However, there is no serious problem when it is operated as it is in the general companies, but there is Client Program for MS-Window that is operated only by Public IP. So I am very concerned about it. I would like to use Internet through Gateway in (B) as local computers in (A) receive Public

Hi, I''ve just recently switched off my (lame) hardware firewall onto an old box running linux 2.4.18, iptables 1.2.6 and shorewall 1.2.9. I''m kinda new to linux firewalling myself but so far Shorewall has taken much work from me. While reading myself into iptables I saw that just recently something called ULOG (userspace logging) has been implemented in newer kernels and

I always used multiple links from different ISPs and in my oppinion the best way to really aggregate bandwidth is using some kind of proxy which the client connects to and distribute multiple connections to the links. Years ago, a friend of mine wrote Netsplitter: http://www.hostname.org/netsplitter/ but it''s outdated, abandoned (last version from 2002). And it was mainly written for