debian shorewall racoon

New to Debian (Or Linux in general)? Ask your questions here!

debian shorewall racoon

Postby Harry477 » 2020-05-07 10:04

i have 2 routers with debian "sarge" installed on them
for firewall i am using shorewall and for ipsec and vpn i am using racoon
i am having trouble writing the rules and the policies for my system as i am new to this interface please help
Harry477
 
Posts: 1
Joined: 2020-05-07 10:01

Re: debian shorewall racoon

Postby Head_on_a_Stick » 2020-05-07 13:43

Harry477 wrote:i have 2 routers with debian "sarge" installed on them

Why? That release went EOL twelve years ago and so is full of known vulnerabilities.
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12650
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: debian shorewall racoon

Postby cuckooflew » 2020-05-07 16:08

I am not familiar with this interface (shorwell racoon) my self, but the wiki has some info:
https://wiki.debian.org/HowTo/shorewall
You probably should update these routers, and use a more current system, as mentioned by H_O_A_S,
but in any event, also kind of lacking in details, eg: version of shore well, kernel version, etc...
I find this, (you really should try doing some searches yourself,it seems rather well documented),
https://shorewall.org/IPSEC-2.6.html
Since you do not tell us what versions,etc,..not sure this applies, but "sarge" is pretty old, so I think it may apply... read it.(above link)

i am having trouble writing the rules and the policies for my system as i am new to this interface please help

Well, even if me or some one else could write the rules for you,since you do not botherto even show us what you have,nor tell us what you need the rules to cover,eg:
Notice that this configuration only allows the servers in your DMZ to serve up web pages. They can't do anything else, not even surf the web. While this is a much more secure setting, you may need to add a rule so you can download updates to the servers. If so, I would recommend limiting it to a specific IP if possible. Add the following line if you want your servers to be able to download updates from ftp.debian.org:

Do you want your servers to download updates ?and other things,like what you want to accept and what you wantto block.What do you need the rules to do,or not do? Do some research,try to write your rules, if they don't work,and you show us what you actually wrote,(use code boxes please),then maybe someone can help better. On the downloading updates,with sarge,it is no longer supported,so there are no updates,...
==== edited====
If these are production routers,and in use, I suggest looking for a competent system admin,/tech ,and hire them ,getting it all up to date etc,will not be trivial, if it is just a "tinker toy",and a learning project for school, that is ok,you will learn a lot,first start with bringing the system up to date,with a current, supported OS.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
cuckooflew
 
Posts: 683
Joined: 2018-05-10 19:34
Location: Some where out west

Re: debian shorewall racoon

Postby dilberts_left_nut » 2020-05-08 02:06

AdrianTM wrote:There's no hacker in my grandma...
User avatar
dilberts_left_nut
 
Posts: 5077
Joined: 2009-10-05 07:54
Location: enzed


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 17 guests

fashionable