Your message dated Sun, 17 Jul 2005 20:35:34 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#317732: shorewall: Problem with IPSEC 'policy match' not
available in kernel
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Jul 2005 02:50:09 +0000
>From [EMAIL PROTECTED] Sun Jul 10 19:50:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from rrcs-67-52-254-234.west.biz.rr.com (firewall.hfanet.org)
[67.52.254.234]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DroMy-0004EK-00; Sun, 10 Jul 2005 19:50:08 -0700
Received: from rasmussenj by firewall.hfanet.org with local (Exim 4.50)
id 1DroMw-0001eI-UP
for [EMAIL PROTECTED]; Sun, 10 Jul 2005 21:50:07 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: 2 <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: shorewall: Problem with IPSEC 'policy match' not available in kernel
X-Mailer: reportbug 3.8
Date: Sun, 10 Jul 2005 21:50:06 -0500
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: shorewall
Version: 2.2.3-1
Severity: normal
I am having ip_nat_ftp problems using Openswan with Shorewall under a
2.6.8 kernel. I am currently using the www.shorewall.net/ipsec.htm
settings for a 2.6.8 or 2.4.27 kernel (I have tried them both since the
ipsec tools were backported to 2.4.27).
>From Tom Eastep's email, apparently NAT is not likely to work under this
configuration.
http://lists.shorewall.net/pipermail/shorewall-users/2005-May/018245.html
I have attempted to use the www.shorewall.net/ipsec-2.6.html settings
but have found that the kernel is missing netfilter's 'policy match'.
The iptables apparently is compatible.
I'm looking for either a patch to apply to the kernel or a way to get
NAT to work without the SPD stuff. The instructions that I have found here,
don't seem to work.
http://lists.shorewall.net/pipermail/shorewall-users/2005-May/018358.html
I hope I am submitting this to the right location.
Jeff Rasmussen
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages shorewall depends on:
ii debconf 1.4.30.13 Debian configuration management sy
ii iproute 20041019-3 Professional tools to control the
ii iptables 1.2.11-10 Linux kernel 2.4+ iptables adminis
-- debconf information:
* shorewall/upgrade_20_22: true
* shorewall/upgrade_14_20: false
* shorewall/upgrade_to_14: false
* shorewall/dont_restart:
---------------------------------------
Received: (at 317732-done) by bugs.debian.org; 17 Jul 2005 18:35:08 +0000
>From [EMAIL PROTECTED] Sun Jul 17 11:35:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from vsmtp3alice.tin.it [212.216.176.143]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DuDyl-00008i-00; Sun, 17 Jul 2005 11:35:08 -0700
Received: from sawfish.shadow.net (82.50.65.39) by vsmtp3alice.tin.it
(7.2.060.1)
id 42D2332D000A9998 for [EMAIL PROTECTED]; Sun, 17 Jul 2005 20:34:35
+0200
Received: from martignlo by sawfish.shadow.net with local (Exim 4.50)
id 1DuDzC-0005RH-5w
for [EMAIL PROTECTED]; Sun, 17 Jul 2005 20:35:34 +0200
Date: Sun, 17 Jul 2005 20:35:34 +0200
From: Lorenzo Martignoni <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Bug#317732: shorewall: Problem with IPSEC 'policy match' not
available in kernel
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt 1.5.9i "All mail clients suck. This one just sucks less."
-me, circa 1995
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
* 2 <[EMAIL PROTECTED]>:
> Package: shorewall
> Version: 2.2.3-1
> Severity: normal
>
> I am having ip_nat_ftp problems using Openswan with Shorewall under a
> 2.6.8 kernel. I am currently using the www.shorewall.net/ipsec.htm
> settings for a 2.6.8 or 2.4.27 kernel (I have tried them both since the
> ipsec tools were backported to 2.4.27).
>
> >From Tom Eastep's email, apparently NAT is not likely to work under this
> configuration.
> http://lists.shorewall.net/pipermail/shorewall-users/2005-May/018245.html
>
> I have attempted to use the www.shorewall.net/ipsec-2.6.html settings
> but have found that the kernel is missing netfilter's 'policy match'.
> The iptables apparently is compatible.
>
> I'm looking for either a patch to apply to the kernel or a way to get
> NAT to work without the SPD stuff. The instructions that I have found here,
> don't seem to work.
> http://lists.shorewall.net/pipermail/shorewall-users/2005-May/018358.html
In order to use Linux 2.6 IPSEC implementation with shorewall you need
to use a kernel with Netfilter policy-match support.
Default Debian kernels don't include the patch. You need to download
kernel sources and manually apply the patch.
-- lorenzo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
