similar to: Port knocking and DNAT rules

I am attempting to use the Knock.pm from http://www.shorewall.net/ManualChains.html I am not having much luck making the DNAT- knock work for some reason. Anyone else using this on 4.4.4 that can verify if this still works as documented? Thanks ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the

Well, I'm a recent convert from WBEL. My biggest concern with CentOS is that the community here seems to want to be more than a recompile of RHEL. But WBEL is floundering, what with Katrina and Rita, and there really being only 1 developer behind it, etc. I offer an automated shell script to switch from WBEL4 to CentOS4 (easy, it's hosted on my home DSL line!) It assumes that

Dear experts, Quick quotation... I have a sendmail server behind the shorewall-2.1.7 server. I would like to do Port forwarding (DNAT) for clients on the internet, who need to access the mail server. Please let me know, which way is the most suitable to accomplish this; using following 2 types of configurations Setup - Internet -- > shorewall -- > sendmail

Whenever I add or remove a DNAT rule such as: iptables -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.0.1 there is sometimes a delay before the correct nat''ing is done. Can anyone tell me why this is? Is it something to do with caching of routing tables? If so, is there a way to clear them to ensure that the rule takes effect immediately? I am building a simple

On 12/5/18 11:55 AM, Benjamin Smith wrote: > The point of RAID1 is to allow for continued uptime in a failure scenario. > When I assemble servers with RAID1, I set up two HDDs to mirror each other, > and test by booting from each drive individually to verify that it works. For > the OS partitions, I use simple partitions and ext4 so it's as simple as > possible. I used my test

(Resend: message didn't show, was my original message too big? Posted one of the output files to a website to see) The point of RAID1 is to allow for continued uptime in a failure scenario. When I assemble servers with RAID1, I set up two HDDs to mirror each other, and test by booting from each drive individually to verify that it works. For the OS partitions, I use simple partitions and

So I finally got shorewall up with my linux box, which pipes out to a switch, and then my machines... Problem now is on my one machine, I have a remote admin server running on port 4899... So since I''m using masq, I added a DNAT entry in my rules instead of an ACCEPT DNAT net loc:192.168.1.3 tcp 4899 So when I try to access my remote admin using my external IP, even from inside, I

All, A friend gave me access to an svn(+ssh) repository the other day, and told me that I needed to do some port knocking to open up ssh. It occurred to me that it would be extremely convenient if I could add a "knock" configuration option for the host to my ~/.ssh/config file and never think about this again (rather than creating a shell script to accomplish this behavior,

Hi all -- I would like to set up a script that would add and drop DNAT rules while Shorewall is running. I don''t see a /sbin/shorewall command that would do it. So, it seems to me the script could edit /etc/shorewall/rules to insert or remove the DNAT rules as needed, then execute a /sbin/shorewall restart command. Does anyone see a reason not to do that, or see a way to do it

I haven't been keeping up with the internals, I'm afraid. Does OpenSSH have support for Port Knocking? I might be interested in looking into that, as a way of reacquainting myself with the current code base. --- Scott Neugroschl | XYPRO Technology Corporation 4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax 805 583-0124 |

https://bugzilla.netfilter.org/show_bug.cgi?id=850 Summary: DNAT applied even after deleting the IP Tables DNAT Rule Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: major Priority: P5 Component: iptables AssignedTo: netfilter-buglog at

Hi all, net : internet zone dmz : DMZ zone Lan : local network zone in 1.4.6c this rule : DNAT all lan:10.0.0.1 tcp http - 192.0.0.1 does generate the following iptables rules in nat table : Chain OUTPOUT DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain net_dnat DNAT tcp -- 0.0.0.0/0 192.0.0.1 tcp dpt:http to:10.0.0.1 Chain dmz_dnat

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server's port 21 from anywhere ( Client initiates connection) - FTP server's port 21 to ports > 1024 (Server responds to client's control port) - FTP server's ports > 1024 from anywhere (Client initiates data connection to

Hi all, I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as passive ftp. the theroy behind passive ftp is , - FTP server''s port 21 from anywhere (Client initiates connection) - FTP server''s port 21 to ports > 1024 (Server responds to client''s control port) - FTP server''s ports > 1024 from anywhere (Client initiates data

-------- Original Message -------- Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP) Date: Fri, 05 Oct 2007 12:17:42 +0530 From: Mohan Sundaram <smohan@vsnl.com> Reply-To: smohan@vsnl.com To: Indunil Jayasooriya <indunil75@gmail.com> References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com> Indunil Jayasooriya wrote: > Hi all, > > I want to run

Hello. I am trying to copy an entire directory structure from a Unix box to an NT share using a command like this: tar -c -h -O /usr/local/sh | smbclient //ntstldls01/rs8724$ -Tx - -D chico -U myuser%mypasswd The problem is it chokes when it hits a file with 2 links (hard links - not sym links). I am using "-h" with tar to try to force it to copy the file rather than the link, but

For what it's worth to those who want to play with SPA, here is a demo i whipped up. It is very easy to set up, and i almost guarantee anyone can get this running. What we will demonstrate: Bascially: An SPA demo. Requirements: Very little - a minimal setup of centos. This setup will demonstrate a client who initially cannot connect to a an ssh port on the server (the server is DROPing

Hi, The private adresses (192.168.254.0/255.255.255.0) of my network are sent dynamically by dhcp on my network. The dhcp server is on the firewall which address is 192.168.254.1/255.255.255.255 (this address is static). I''ve got a rsync server on this network which is on a separe server. His address is 192.168.254.200/255.255.255.255 (this address is static). I want that the users

I have been trying to get DNAT to work and I actually have succeeded too, however, not how I thought it would work when reading through the documentation. 1. No matter what I do I cannot get DNAT to work unless I have an entry in eiter the nat or the proxyarp file. Is that really how it''s supposed to be? I can''t find anything about it in the documentation. 2. Also, in the

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=471 Summary: UDP stream DNAT problem Product: netfilter/iptables Version: linux-2.6.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: NAT AssignedTo: laforge@netfilter.org ReportedBy: