[Shorewall-users] Sequencing interface configuration and shorewall under systemd.

Hi, In Debian 10.2, configuration of a USB-Ethernet adapter, named according to an /etc/systemd/network/*.link file, can be delayed beyond shorewall execution at system startup. In my observation, a USB host adapter on the system board works better than an add-on PCI host adapter.

[Shorewall-users] Route filtering, martian logging network connectivity.

Tom E. wrote, Attached? I'd swear that this Web based mailer showed the attachment.  So try again ... After a fresh installation of Debian 6 with Shorewall, warnings about route filtering and martian logging persist and a local system doesn't have a connection to the 'net.

[Shorewall-users] masqing a zone connected _via_ a tun.

Folk, My network is described and illustrated here. http://carnot.yi.org/NetworksPage.html To allow Cantor and Dalton, in the vpn zone connected to Joule through tun0, to SMTP to my ISP, I tried this in /etc/shorewall/masq. #INTERFACE SOURCE ADDRESS PROTO

[Shorewall-users] Improvements in shorewall-interfaces.man etc.

Tom others, Two suggestions for small improvements in shorewall-interfaces.man. 1. Option dhcp, criterion 3., change you have a static IP but are on a LAN segment with lots of DHCP clients. to the interface has a static IP but is on a LAN segment with lots of DHCP

[Shorewall-users] FTP and etc.

Folk, My configurations are here. http://carnot.yi.org/DebianPage.html#Network; status.txt from an FTP attempt is here. http://carnot.yi.org/status.txt Very small files can be transmitted by FTP from Heaviside in loc to a server in net. Larger files are not transmitted. Similarly, short

[Shorewall-users] Re (2): FTP and etc.

Tom others, te Try setting CLAMPMSS=Yes in shorewall.conf. No improvement in my simple tests. te:shorewall.conf.man This option requires CONFIG_IP_NF_TARGET_TCPMSS in your kernel. Module xt_TCPMSS is present. If I'm lucky CONFIG_IP_NF_TARGET_TCPMSS is there. te:shorewall.conf.man ...

[Shorewall-users] Re (2): :P notation in http://www.shorewall.net/VPNBasics.html

Tom others, #TYPE ZONE GATEWAY GATEWAY ZONE openvpn:P Z11.2.3.4 [P is] the port number -- man shorewall-tunnels So everything but the P is literal. Ie., the usual EBNF notation is #TYPE ZONE GATEWAY GATEWAY

[Shorewall-users] Routing through an openvpn tunnel.

Folk, A tunnel as described in openvpn.man, Example 2 works between my home 10.4.0.1 and work 10.4.0.2 machines. ping 10.4.0.1 from 10.4.0.2 and ping 10.4.0.2 from 10.4.0.1 succeed as expected. 10.4.0.1 and peasthope.yi.org both refer to the machine at home where mail is accumulated by

[Shorewall-users] :P notation in http://www.shorewall.net/VPNBasics.html

Folk, In http://www.shorewall.net/VPNBasics.html I read, OpenVPN /etc/shorewall/tunnels: #TYPE ZONE GATEWAY GATEWAY ZONE openvpn:P Z11.2.3.4 Is the P in openvpn:P just a name representing the protocol or port, or is it a literal with a

[Shorewall-users] SOURCE = DEST in a policy or rule

Folk, Is there ever a case for the same zone being specified for SOURCE and DEST in a policy or rule? Example A LAN has a router/firewall machine, FTP server and some other machines which need access to the FTP server through the router/firewall. Is this rule needed? FTP/ACCEPT loc