i have 2 routers with debian "sarge" installed on them
for firewall i am using shorewall and for ipsec and vpn i am using racoon
i am having trouble writing the rules and the policies for my system as i am new to this interface please help
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
debian shorewall racoon
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: debian shorewall racoon
Why? That release went EOL twelve years ago and so is full of known vulnerabilities.Harry477 wrote:i have 2 routers with debian "sarge" installed on them
deadbang
-
- Posts: 677
- Joined: 2018-05-10 19:34
- Location: Some where out west
- Been thanked: 1 time
Re: debian shorewall racoon
I am not familiar with this interface (shorwell racoon) my self, but the wiki has some info:
https://wiki.debian.org/HowTo/shorewall
You probably should update these routers, and use a more current system, as mentioned by H_O_A_S,
but in any event, also kind of lacking in details, eg: version of shore well, kernel version, etc...
I find this, (you really should try doing some searches yourself,it seems rather well documented),
https://shorewall.org/IPSEC-2.6.html
Since you do not tell us what versions,etc,..not sure this applies, but "sarge" is pretty old, so I think it may apply... read it.(above link)
==== edited====
If these are production routers,and in use, I suggest looking for a competent system admin,/tech ,and hire them ,getting it all up to date etc,will not be trivial, if it is just a "tinker toy",and a learning project for school, that is ok,you will learn a lot,first start with bringing the system up to date,with a current, supported OS.
https://wiki.debian.org/HowTo/shorewall
You probably should update these routers, and use a more current system, as mentioned by H_O_A_S,
but in any event, also kind of lacking in details, eg: version of shore well, kernel version, etc...
I find this, (you really should try doing some searches yourself,it seems rather well documented),
https://shorewall.org/IPSEC-2.6.html
Since you do not tell us what versions,etc,..not sure this applies, but "sarge" is pretty old, so I think it may apply... read it.(above link)
Well, even if me or some one else could write the rules for you,since you do not botherto even show us what you have,nor tell us what you need the rules to cover,eg:i am having trouble writing the rules and the policies for my system as i am new to this interface please help
Do you want your servers to download updates ?and other things,like what you want to accept and what you wantto block.What do you need the rules to do,or not do? Do some research,try to write your rules, if they don't work,and you show us what you actually wrote,(use code boxes please),then maybe someone can help better. On the downloading updates,with sarge,it is no longer supported,so there are no updates,...Notice that this configuration only allows the servers in your DMZ to serve up web pages. They can't do anything else, not even surf the web. While this is a much more secure setting, you may need to add a rule so you can download updates to the servers. If so, I would recommend limiting it to a specific IP if possible. Add the following line if you want your servers to be able to download updates from ftp.debian.org:
==== edited====
If these are production routers,and in use, I suggest looking for a competent system admin,/tech ,and hire them ,getting it all up to date etc,will not be trivial, if it is just a "tinker toy",and a learning project for school, that is ok,you will learn a lot,first start with bringing the system up to date,with a current, supported OS.
Please Read What we expect you have already Done
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
Search Engines know a lot, and
"If God had wanted computers to work all the time, He wouldn't have invented RESET buttons"
and
Just say NO to help vampires!
- dilberts_left_nut
- Administrator
- Posts: 5346
- Joined: 2009-10-05 07:54
- Location: enzed
- Has thanked: 13 times
- Been thanked: 66 times