Displaying 10 results from an estimated 10 matches for "eth0_ip".
2007 Feb 17
2
CentOS 4.4 blocking outbound connections?
...n my server, I told
it not to install a firewall and I disabled SELinux. The server is
a SuperMicro 5015P-TR.
I set up my own /etc/init.d/firewall with these rules:
#!/bin/sh
# Firewall script
#
# Source function library
. /etc/init.d/functions
RETVAL=0
# Some definitions (Will need to change ETH0_IP to match your configuration)
ETH0_IP=38.114.192.86
# See how we were called.
case "$1" in
start)
echo -n "Starting firewall: "
/sbin/modprobe ip_conntrack_ftp
# Set the default policies to drop all packets
/sbin/iptables -P INPUT DROP...
2008 Nov 06
2
iptables starts blocking outbound http traffic
...OutsideIP] LEN=532 TOS=0x00 PREC=0x00
TTL=64 ID=52669 DF PROTO=TCP SPT=80 DPT=54697 WINDOW=61 RES=0x00 ACK PSH FIN
URGP=0
Here are my iptables commands for http connections (I have the default
policy set to drop):
# Allow http connections from the outside world
/sbin/iptables -A INPUT -i eth0 -d $ETH0_IP -p tcp --sport 1024: --dport
http -m state --state NEW,ESTABLISHED -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -s $ETH0_IP -p tcp --sport http --dport
1024: -m state --state ESTABLISHED -j ACCEPT
Here are some strange things:
1. I have the exact same rules running on two other servers which do
no...
2003 Feb 23
1
RTSP problems (and SNAT questions)
...ect.
I edited my shorewall/masq file as such:
eth0 eth1 12.34.56.78
or should it be?
eth0 10.0.0.0/24 12.34.56.78
First, is this all that is necessary to properly start using SNAT? I was
unsure whether I should use ADD_SNAT_ALIASES=yes also or instead or not.
Second, if I have ETH0_IP=`find_interface_address eth0` in my params file, I
can have
eth0 eth1 $ETH0_IP
in the masq file, correct? The commented help in the params file doesn''t
name masq as one of "the other configuration files."
Third, using SNAT didn''t seem to make any difference....
2014 Aug 10
3
Centos 7 - iptables service failed to start
...s code:
# Flush the rules
/usr/sbin/iptables -F
# Set the default policies to accept
/usr/sbin/iptables -P INPUT ACCEPT
/usr/sbin/iptables -P OUTPUT ACCEPT
/usr/sbin/iptables -P FORWARD ACCEPT
I wrote /usr/local/bin/firewall.start to set the firewall rules.
It contains this code:
# IP definitions
ETH0_IP=a.b.c.d
# Load the FTP conntrak module
/usr/sbin/modprobe nf_conntrack_ftp
# Set the default policies to drop all packets
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -P OUTPUT DROP
/usr/sbin/iptables -P FORWARD DROP
# Flush any existing rules
/usr/sbin/iptables -F
# Allow loopback traf...
2007 Aug 20
6
have to restart shorewall after a dynamic IP change
Hi,
I''ve to restart shorewall when my dynamic IP was changed from my ISP.
Of course i can with a shell script do it automatically, but the
question is still there.. why ?
mess-mate
--
"I understand this is your first dead client," Sabian was saying. The
absurdity of the statement made me want to laugh but they don''t call me
Deadpan
2010 Jan 21
6
Shorewall 4.4.6 and Multiple ISP with 2 routed subnets
...tcpflags,routeback
lan1 eth1 detect tcpflags,routeback
inet2 eth2 detect tcpflags,routeback
lan2 eth3 detect tcpflags,routeback
masq:
# INTERFACE SUBNET ADDRESS
eth0 $ETH0_IP 217.100.100.10
eth2 $ETH2_IP 217.132.100.100
eth0 eth1
eth2 eth3
params:
ETH0_IP=$(find_first_interface_address eth2)
ETH2_IP=$(find_first_interface_address eth0)
providers:
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTION...
2007 Feb 02
13
Client cannot connect to Internet
...N= OUT=eth0
SRC=71.203.146.136 DST=68.87.74.162 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=UDP SPT=32769 DPT=53 LEN=50
I set my rules, policy, masq, interfaces, etc according to the basic
two-interface firewall howto, and used an FAQ to configure my firewall as
follows:
/etc/shorewall/params:
ETH0_IP=`find_first_interface_address eth0`
/etc/shorewall/rules:
#
# Local Rules
SSH/ACCEPT loc $FW
Ping/ACCEPT loc $FW
# DNS
DNS/ACCEPT loc $FW
# DHCP SERVER
ACCEPT loc net UDP 67
ACCEPT loc net TCP 67
# DHCP CLIENT
A...
2006 Apr 17
3
X86_64, Groupinstall KDE fails
I have an Athlon/64, 1 GB RAM, 80 GB IDE system and I'm intending to use it
for combination workstation/Dev server duties.
I've gotten a consistent failure when I try to groupinstall KDE. After
grinding through all the deps, it comes up with the below:
Install 228 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 331 M
Is this ok [y/N]: y
2006 Apr 17
3
X86_64, Groupinstall KDE fails
I have an Athlon/64, 1 GB RAM, 80 GB IDE system and I'm intending to use it
for combination workstation/Dev server duties.
I've gotten a consistent failure when I try to groupinstall KDE. After
grinding through all the deps, it comes up with the below:
Install 228 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 331 M
Is this ok [y/N]: y
2005 Jan 23
15
Idea: permit /etc/shorewall/masq to contain zones, as well as interfaces
Dear All,
Firstly, thank you very much - shorewall is great. I''m not a member of
this list, and please forgive me if I am suggesting something stupid, but
the following occurs to me, and I thought it might be useful.
Why no make it possible to specify zones as well as interfaces in the
/etc/shorewall/masq file ?
Eg: instead of:
eth0 eth1
one might write:
net loc (or masq in