Displaying 18 results from an estimated 18 matches for "net2dmz".
2004 Oct 21
5
IPTABLES question in general
...at I am dropping all packets from the net 2 dmz named
service. My question is why would I get these all the time, they are from
multiple different sites. Are they trying to do something to my host or is
this a common occurance?
-------- cut ----------
Oct 20 23:16:17 iprouter kernel: Shorewall:net2dmz:DROP:IN=eth0 OUT=eth2 SRC=213.136.52.31 DST=xx.xx.xx.xx LEN=56 TOS=0x00 PREC=0x00 TTL=39 ID=37389 DF PROTO=UDP SPT=9166 DPT=53 LEN=36
Oct 20 23:16:17 iprouter kernel: Shorewall:net2dmz:DROP:IN=eth0 OUT=eth2 SRC=213.136.52.31 DST=xx.xx.xx.xx LEN=56 TOS=0x00 PREC=0x00 TTL=39 ID=37403 DF PROTO=UDP SP...
2010 Jan 20
1
Rule and a few drops...
...DROP info 8/sec:30
--------------------------------------
I see some drops in the logs, which results in some timeouts. Although
most of the traffic from 94.23.242.44 is well redirected to 10.0.0.7.
--------------------------------------
Jan 20 19:24:29 ks309069 kernel: Shorewall:net2dmz:DROP:IN=eth0
OUT=vmbr0 SRC=74.127.214.2 DST=10.0.0.7 LEN=52 TOS=0x00 PREC=0x00
TTL=244 ID=7235 DF PROTO=TCP SPT=49967 DPT=80 WINDOW=32768 RES=0x00 SYN
URGP=0
Jan 20 19:24:40 ks309069 kernel: Shorewall:net2dmz:DROP:IN=eth0
OUT=vmbr0 SRC=90.26.201.69 DST=10.0.0.7 LEN=48 TOS=0x00 PREC=0x00
TTL=11...
2005 Jan 11
1
Squid and DMZ (ProxyARP)
...state NEW
8 400 nobogons all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
18 2881 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net2loc all -- * eth1 0.0.0.0/0 0.0.0.0/0
55 9423 net2dmz all -- * eth2 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 blacklst a...
2003 Feb 22
4
Shorewall with ProxyARP
...es target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net2all a...
2002 Feb 23
0
IP accounting counters on iptables
...resetting the counters at
intervals of 1 or 2 hours, I''m thinking of writing a perl data
collection script that would parse the output of iptables and store data
into an sql database with a timestamp and reset the counters for the in
and out chains of the firewall (dmz2net loc2net net2loc net2dmz for
example)
After that, it''s just a question of querying collected data from the sql
database using built-in stat functions. I''m assuming that the byte
counters are correct, is there something I''m missing? This would be a
great add-on to shorewall, no?
Any feedback w...
2006 Jan 28
3
Shorewall/Xen setup (correct from-address this time)
...prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 net2ursa all -- * xenbr0 0.0.0.0/0 0.0.0.0/0
PHYSDEV match --physdev-out vif0.0
0 0 net2dmz all -- * xenbr0 0.0.0.0/0 0.0.0.0/0
PHYSDEV match --physdev-out vif+
0 0 all2all all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0...
2005 Feb 28
1
Mail server on DMZ
...0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
302K 170M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
122K 70M net2loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
180K 100M net2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
299K 333M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
299K 333M net2fw all -- * * 0.0.0.0/0
0.0...
2004 Aug 05
9
Not able to access website
....0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
34 15323 tcpflags tcp -- * * 0.0.0.0/0
0.0.0.0/0
34 15323 net2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 net2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
65 8740 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
65 8740 blacklst all -- * *...
2005 Mar 07
10
DNS Name problem with mail server on LAN
...0.0.0/0
0.0.0.0/0
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source
destination
302K 170M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
122K 70M net2loc all -- * eth0 0.0.0.0/0
0.0.0.0/0
180K 100M net2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth1_in (1 references)
pkts bytes target prot opt in out source
destination
299K 333M dynamic all -- * * 0.0.0.0/0
0.0.0.0/0
299K 333M net2fw all -- * * 0.0.0.0/0
0.0...
2003 Jan 13
7
dmz2dmz?
Hi
My situation:
I have two pc''s with public ip''s (192.159.56.206(webserver) and
84.196.123.65(mail-gateway)) in the dmz. The firewall (84.196.123.66) is
configures with proxyarp, so nothing is changed on the pc''s from when they
were not behind the firewall (i.e. they don''t have the firewall as gateway
(and they each have different gateways, only 84.196.123.65
2007 Aug 20
6
have to restart shorewall after a dynamic IP change
Hi,
I''ve to restart shorewall when my dynamic IP was changed from my ISP.
Of course i can with a shell script do it automatically, but the
question is still there.. why ?
mess-mate
--
"I understand this is your first dead client," Sabian was saying. The
absurdity of the statement made me want to laugh but they don''t call me
Deadpan
2003 Aug 12
1
Shorewall Keeps sending false IP Address Conflict
..." added.
Rule "ACCEPT dmz svr tcp ftp" added.
Rule "ACCEPT dmz net tcp ntp" added.
Rule "DNAT net dmz:192.168.2.3 tcp smtp" added.
Processing /etc/shorewall/policy...
Policy ACCEPT for fw to svr using chain fw2svr
Policy ACCEPT for net to dmz using chain net2dmz
Policy ACCEPT for wst to net using chain wst2net
Policy REJECT for dmz to net using chain all2all
Policy REJECT for dmz to svr using chain all2all
Policy ACCEPT for svr to fw using chain svr2fw
Policy ACCEPT for svr to net using chain svr2net
Policy ACCEPT for svr to wst using chain svr...
2004 Aug 27
3
Proxy Arp Ip Conflicts
...5 1800 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
35 1800 blacklst all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 net2loc all -- * eth2 0.0.0.0/0 0.0.0.0/0
42 2332 net2dmz all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
102 6434 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
102 6434 blacklst...
2003 Apr 15
8
repost (passive FTP server in DMZ and shorewall 1.4.2)
I apologize for the first message. :)
---------------------------------------
I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer.
I have setup the following rule for outside people to connect to it:
DNAT net dmz:192.168.2.2 tcp 23000
I''m at work right now and I can''t use
2004 Sep 21
1
squid on DMZ using proxyarp
...n
182 10988 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
182 10988 norfc1918 all -- * * 0.0.0.0/0
0.0.0.0/0 state NEW
43153 9147K net2loc all -- * eth1 0.0.0.0/0
0.0.0.0/0
798 375K net2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
39 3792 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
0 0 ACCEPT...
2003 Mar 28
9
Squid
...0.0.0.0/0
413 61925 rfc1918 ah -- * * 0.0.0.0/0
0.0.0.0/0
413 61925 blacklst ah -- * * 0.0.0.0/0
0.0.0.0/0
259 38487 net2loc ah -- * eth1 0.0.0.0/0
0.0.0.0/0
154 23438 net2dmz ah -- * eth2 0.0.0.0/0
0.0.0.0/0
0 0 net2all ah -- * eth3 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
22 3068 dynamic a...
2005 Jan 11
2
dnat problem
...s)
pkts bytes target prot opt in out source
destination
0 0 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
17 1080 net2loc all -- * br0 0.0.0.0/0
0.0.0.0/0
0 0 net2dmz all -- * eth2 0.0.0.0/0
0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source
destination
10 930 dynamic all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID,NEW
4...
2003 Mar 23
12
Shorewall 1.4.1
This is a minor release of Shorewall.
WARNING: This release introduces incompatibilities with prior releases.
See http://www.shorewall.net/upgrade_issues.htm.
Changes are:
a) There is now a new NONE policy specifiable in
/etc/shorewall/policy. This policy will cause Shorewall to assume that
there will never be any traffic between the source and destination
zones.
b) Shorewall no longer