search for: firewall1

I just tried to set up a tinc test installation, but I guess I did something wrong, because I can only ping one direction. Here's my setup (lan1,192.168.99.0)<-->firewall1<-vpn->firewall2<-->(lan2,192.168.100.0) firewall1 has tap0 on 192.168.88.2 firewall2 has tap0 on 192.168.88.3 i set up the following routes : on firewall1 : 192.168.100.0 gw firewall2(192.168.88.3) on firewall2 : 192.168.99.0 gw firewall1(192.168.88.2) firewall2 is the "server&q...

I have 2 firewall in HA with keepalived. Can I use active the same tinc configuration on 2 firewalls ? using tun Interface with same ip on all 2 nodes is a problem ? tun device advertise itself on the network having an IP/MAC pairs (ARP) or the IP is only used by the system internally for routing so using the same configuration is right ? so one firewall be active, the other is passive. With this

I think it should work at least for TUN virtual interface as TUn works at IP level. This is a sample configuration. firewall1 lan = 172.16.1.11/19 (ALWAYS ACTIVE) - "Physical Network Interface" - system config as ifcfg-... 172.16.1.10/19 (VIP Keepalived Make active) - Active/Passive configuration with firewall2 firewall1 vpndr1 = 172.16.1.10/8 (ALWAYS ACTIVE) - &q...

...better approach what you are trying to do. Cheers Saverio 2016-01-27 8:31 GMT+01:00 mlist <mlist at apsystems.it>: > I think it should work at least for TUN virtual interface as TUn works at IP > level. > > This is a sample configuration. > > > > firewall1 lan = 172.16.1.11/19 (ALWAYS ACTIVE) - > "Physical Network Interface" ? system config as ifcfg-? > > 172.16.1.10/19 (VIP Keepalived Make active) - > Active/Passive configuration with firewall2 > > firewall1 vpndr1 = 172.16.1.10...

...nk it shows the guest config and not host which you questioned.PicPaste - Untitled3-cJQlcohB.png | ? | | ? | ? | ? | ? | ? | ? | ? | | PicPaste - Untitled3-cJQlcohB.png?PicPaste is a login free service for uploading pictures | | | | View on picpaste.com? | Preview by Yahoo | | | | ? | >> Firewall1. ssh was kind of an example to show that I'm unable to "see" this machine from outside. Same is true for ping or host.2. I don't know how to specifically add rule to allow ssh/22 through my firewall so before spending more time on that, I just shut firewall down (systemctl stop fi...

...Saverio > > > > > 2016-01-27 8:31 GMT+01:00 mlist <mlist at apsystems.it>: >> I think it should work at least for TUN virtual interface as TUn works at IP >> level. >> >> This is a sample configuration. >> >> >> >> firewall1 lan = 172.16.1.11/19 (ALWAYS ACTIVE) - >> "Physical Network Interface" ? system config as ifcfg-? >> >> 172.16.1.10/19 (VIP Keepalived Make active) - >> Active/Passive configuration with firewall2 >> >> firewa...

...8:31 GMT+01:00 mlist <mlist at apsystems.it<mailto:mlist at apsystems.it>>: >> I think it should work at least for TUN virtual interface as TUn works at IP >> level. >> >> This is a sample configuration. >> >> >> >> firewall1 lan = 172.16.1.11/19 (ALWAYS ACTIVE) - >> "Physical Network Interface" ? system config as ifcfg-? >> >> 172.16.1.10/19 (VIP Keepalived Make active) - >> Active/Passive configuration with firewall2 >> >>...

...PN to a remote office and with some local Phones also. I can't use IAX to my provider because they don't offer it and my handsets ( snom 300 ) also don't support IAX so it's all SIP. The configuration is a follows Asterisk PBX 10.202.17.217/24 ------>| 10/100-Switch |-----> Firewall1 pfsense X.Y.Z.250 -------->ITSP Sip Porvider public internet LocalPhones 10.202.17.1-25/24 -_---->| 10/100-Switch |-----> Firewall2 Watchguard ----->ISP internet Connection <-----Firewall3 | remote office | ----Remote User Phone 192.168.97.74/24 There is a Lan2Lan VPN tunnel betwe...

...oblem is with communication between the pc''s in the dmz, which should always be allowed but isn''t. I can ping every which way I want, except internally on the dmz. I would think that this POLICY should work: dmz dmz ACCEPT But the log says: Jan 13 17:17:11 firewall1 kernel: Shorewall:dmz2dmz:REJECT:IN=eth1 OUT=eth1 SRC=192.159.56.206 DST=84.196.123.65 LEN=60 TOS=0x00 PREC=0x00 TTL=127 ID=58204 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=14592 The only situation where it works is with the POLICY: all all ACCEPT Which is hardly acceptable :-)...

...ioned.PicPaste - Untitled3-cJQlcohB.png > > | | > | | | | | | | | > | PicPaste - Untitled3-cJQlcohB.png PicPaste is a login free service for > uploading pictures | > | | > | View on picpaste.com | Preview by Yahoo | > | | > | | > > > >> Firewall1. ssh was kind of an example to show that I'm unable to "see" > this machine from outside. Same is true for ping or host.2. I don't know > how to specifically add rule to allow ssh/22 through my firewall so before > spending more time on that, I just shut firewall down (sy...

Hi, I've been trying to get networking up and running on CentOS 7 in a VMWare (5.5) VM. From inside the machine (connected to console (GNOME desktop)) it looks like network is up. From outside I can't reach it. >From outside, same subnet: outside_machine$ ssh -vvvv root at 10.14.6.60 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data

Hi, my ip_conntrack table is filling up and now my server is dropping packets. I'm running CentOS release 4.4 (Final) on a fairly busy webserver. The table is full of various connections, including a lot of "ESTABLISHED" tcp connections from my webserver (the src is my webserver ip), and some other random connections to my webserver, and many "ASSURED" connections. So why