Francesca C. Smith
2003-Feb-26 10:54 UTC
[Shorewall-users] Re: Exchange Server in DMZ (i-hacked.com)
Hiya, My two cents here .. I use a locked down Linux Sendmail relay (use sendmail null-client feature on any spare old server or PC) in my DMZ to relay Mail to the exchange server in my local zone. Its sort of the moat you have to cross over to get at the castle walls and the hot oil dumped on your head approach. Francesca C. Smith Lady Linux Internet Services 1801 Bolton Street # 1 Baltimore, Md 21217 -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net]On Behalf Of shorewall-users-request@lists.shorewall.net Sent: Wednesday, February 26, 2003 12:32 PM To: shorewall-users@lists.shorewall.net Subject: Shorewall-users Digest, Vol 3, Issue 72 Send Shorewall-users mailing list submissions to shorewall-users@lists.shorewall.net To subscribe or unsubscribe via the World Wide Web, visit http://lists.shorewall.net/mailman/listinfo/shorewall-users or, via email, send a message with subject or body ''help'' to shorewall-users-request@lists.shorewall.net You can reach the person managing the list at shorewall-users-owner@lists.shorewall.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Shorewall-users digest..." Today''s Topics: 1. Re: Exchange Server in DMZ (i-hacked.com) 2. Port Forwarding (Ted Gervais) 3. Re: Port Forwarding (Tom Eastep) 4. Re: Exchange Server in DMZ (Tom Eastep) 5. RE: VPN Passthrough Assistance Needed (Martinez, Mike (MHS-ACS)) 6. Re: Port Forwarding (Ted Gervais) 7. Re: Port Forwarding (Tom Eastep) 8. Re: Port Forwarding (Ted Gervais) 9. Shorewall issue with ProxyARP (sivamurugu) ---------------------------------------------------------------------- Message: 1 Date: Wed, 26 Feb 2003 06:37:44 -0600 From: "i-hacked.com" <hevnsnt@i-hacked.com> Subject: Re: [Shorewall-users] Exchange Server in DMZ To: <shorewall-users@lists.shorewall.net> Message-ID: <005501c2dd93$dcbadd00$0d00a8c0@dual2k> Content-Type: text/plain; charset="iso-8859-1" Let me tell you, I know how bad an Exchange server gets when it is accessable from the Inet.. We have been working 20hr days for a week straight to clean up that mess.. I would suggest you re-think that approach. -Bill ----- Original Message ----- From: "Cowles, Steve" <Steve@SteveCowles.com> To: <shorewall-users@lists.shorewall.net> Sent: Wednesday, February 26, 2003 6:28 AM Subject: RE: [Shorewall-users] Exchange Server in DMZ> > -----Original Message----- > > From: Randy Millis > > Sent: Tuesday, February 25, 2003 9:15 PM > > Subject: [Shorewall-users] Exchange Server in DMZ > > > > > > I would like to place an exchange 5.5 server in my DMZ. > > So your wanting to live life dangerously by placing an exchange server ina> publicly accessible zone. I don''t know why, but the term sleep depravation > comes to mind here. :-) > > > > > Can anyone tell me how I can set this up to allow LAN clients > > to be able to connect to Exchange and also so I can admin the > > box from the LAN with Terminal Services? > > Microsoft has written many articles about this subject. Try searching > microsoft.com for "exchange+firewall". The required registry changes (rpc > stuff) and ports required are listed in most of these articles. > > FWIW: I run exchange 5.5 here (in my loc zone) but front-end this exchange > server with a linux server running sendmail/spamassassin in my DMZ. Isimply> configured sendmail to relay all inbound e-mail for my domains to the > exchange server. A simple one-line mailertable entry per domain was allthat> was required. My shorewall rules for this design are also quite simple: > > # Allow inbound e-mail from internet to sendmail server. > DNAT net dmz:192.168.8.2 tcp smtp > > # Allow inbound e-mail to be relayed to exchange > # server (192.168.9.2) after being processed by SA > ACCEPT dmz loc:192.168.9.2 tcp smtp > > # Allow sendmail to send DSN''s > ACCEPT dmz net tcp smtp > > # Allow exchange to send DSN''s. Policy loc->net set to accept > REJECT:info loc:!192.168.9.2 net tcp 25 > > On a side note... in the last month my dmz server has been subjected to > three DoS type attacks against the smtp port. One time I actually had to > bounce sendmail to start the flow of e-mail again. Grrr! My point being -- > given Microsoft''s'' poor history regarding DoS type attacks, there is no > telling what would have happened had these attacks been launched against > Exchange''s MTA (IMC). > > Steve Cowles > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >------------------------------ Message: 2 Date: Wed, 26 Feb 2003 08:44:59 -0400 (AST) From: Ted Gervais <ve1drg@av.eastlink.ca> Subject: [Shorewall-users] Port Forwarding To: Shorewall List <shorewall-users@lists.shorewall.net> Message-ID: <Pine.LNX.4.44.0302260843500.1557-100000@linux.ve1drg.ampr.org> Content-Type: TEXT/PLAIN; charset=US-ASCII Is ''port forwarding'' a relatively new thing with packet filtering? Or has it always been available since iptables appeared on the scene. --- Ted Gervais Coldbrook Nova Scotia Canada B4R1A7 ------------------------------ Message: 3 Date: Wed, 26 Feb 2003 06:48:36 -0800 From: Tom Eastep <teastep@shorewall.net> Subject: Re: [Shorewall-users] Port Forwarding To: Ted Gervais <ve1drg@av.eastlink.ca>, Shorewall List <shorewall-users@lists.shorewall.net> Message-ID: <159010000.1046270916@wookie.shorewall.net> Content-Type: text/plain; charset=us-ascii; format=flowed --On Wednesday, February 26, 2003 08:44:59 AM -0400 Ted Gervais <ve1drg@av.eastlink.ca> wrote:> > Is ''port forwarding'' a relatively new thing with packet filtering? Or has > it always been available since iptables appeared on the scene.Port forwarding has been around as long as I''ve been fooling with firewalls (~ 5 years). -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net ------------------------------ Message: 4 Date: Wed, 26 Feb 2003 06:57:19 -0800 From: Tom Eastep <teastep@shorewall.net> Subject: Re: [Shorewall-users] Exchange Server in DMZ To: shorewall-users@lists.shorewall.net Message-ID: <161850000.1046271439@wookie.shorewall.net> Content-Type: text/plain; charset=us-ascii; format=flowed --On Wednesday, February 26, 2003 06:37:44 AM -0600 "i-hacked.com" <hevnsnt@i-hacked.com> wrote:> Let me tell you, I know how bad an Exchange server gets when it is > accessable from the Inet.. We have been working 20hr days for a week > straight to clean up that mess.. I would suggest you re-think that > approach. >Didn''t Randy say that he simply wanted LAN users to be able to access the Exchange server and that he wanted to be able to administer the server from the LAN? I don''t believe that he mentioned opening it up for net access. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net ------------------------------ Message: 5 Date: Wed, 26 Feb 2003 09:02:19 -0600 From: "Martinez, Mike (MHS-ACS)" <Mike.Martinez@mhs-helpdesk.com> Subject: RE: [Shorewall-users] VPN Passthrough Assistance Needed To: "''shorewall-users@lists.shorewall.net''" <shorewall-users@lists.shorewall.net> Message-ID: <1DA97C0A3BB5D511BC9A00A0C998561344AEE3@mhs025.mhs-helpdesk.com> Content-Type: text/plain; charset="iso-8859-1" Bill, We have a Nortel 1500 VPN box sitting in our lan zone. We are able to connect to this nortel box from within our lan and also from any wan connections without any problems and our users are able to connect and tunnel out without any problems. They way we have our shorewall setup to work with this vpn is that we are using proxyarp instead of nat for the ip''s that are assigned against the nortel box. Also in our policy file we allow our user in the lan zone full access to everything: Our Policy File ############################################################################ ### #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc2 loc ACCEPT loc all ACCEPT and in our rules file we have this setup: ############################################################################ ## #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS # ACCEPT net loc esp ACCEPT net loc udp 500,5000 As a side note we also have some user connecting to an AT&T VPN without any problems. Quick suggestion\comments...Tom probably already recommend this.... I would blow away (erase) the Mandrake shorewall configuration and download the latestshorewall rpm and install it. Mandrake setups shorewall a little different and does not setup it up they way Tom recommends shorewall to be setup and they also add some other security stuff that might prevent you from getting your vpn connectivity setup properly. Also Nortel documentation recommends that the Nortel box be setup along side whatever firewall you are using. I tried this and could never get my shorewall firewall and the Nortel box to play well and had similar problems to what you are experiencing. Do you have the Nortel box on the same switch\hub that you shorewall box is on? If so this may be your problem. We moved our Nortel box to a internal switch and as soon as we did this it worked. Anyway''s hopefully some of this helps. Mike -----Original Message----- From: hevnsnt@i-hacked.com [mailto:hevnsnt@i-hacked.com] Sent: Tuesday, February 25, 2003 8:48 PM To: Shorewall List Subject: Re: [Shorewall-users] VPN Passthrough Assistance Needed I very thankful for your assistance... However I have now just had chance to take a look at this problem, as others have arisen and been taken care of. A little background to refresh your memories: I have a small group of computers that are behind a Mandrake SNF firewall. (before you say it, I understand this is not a SNF list) All the clients (25-30) use Nortel''s Extranet client from the LAN side to the Wan side. The problem I am having, is that only 1 machine at a time can establish a VPN connection. Solution: I purchased a Sonicwall (got it SUPER CHEAP, email me if you are interested) and got to play around to find the solution. We experienced the same problem with a 1:many nat setup with it, as soon as I moved it to 1:1 all machines could connect. Now my question:: (Please excuse the ignorance) How do I configure my Shorewall to run 1:1? By interpreting Tom''s response below, I need to edit my NAT file. I have opened up /etc/Shorewall/nat, and it tells me not to edit it, therefore I am very leary... Could someone hold my hand? I need to mask 192.168.0.2/65.x.x.2|40. 1st, is /etc/Shorewall/nat the file I want to edit? 2nd, how do I do it. I am sorry, I am learning.. I respect and appreciate your knowledge, and I am working on learning.. =) Thanks -Bill Quoting Tom Eastep <teastep@shorewall.net>:> hevnsnt@i-hacked.com wrote: > > Ahh.. I understand.. however, I know it is not a matter of norfc1918 > (how about > > I assume it is not a matter of) because I can bring one client on a > VPN > > connection works fine.. It seems as though it is a problem with ipsec > not > > knowing about nat.. or something.. > > > > I suspect that it is rather a case of your Shorewall box not knowing > enough about ipsec to be able to track multiple connections to one IP > address effectively. > > What I would do is to also establish 1-1 NAT on your Shorewall Router in > > place of the current masq/snat. Even though there will still be "double > > NAT", it should work fine because then connection tracking of the IPSEC > > connections will work. > > e.g., > > 192.168.1.11->192.168.0.11 > 192.168.1.12->192.168.0.12 > ... > > If you set up your NAT file and set ADD_IP_ALIASES=Yes in > shorewall.conf, Shorewall will add all of the IP addresses for you. > > You could also set up proxy arp but that would be a little trickier... > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users >_______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm ------------------------------ Message: 6 Date: Wed, 26 Feb 2003 11:31:03 -0400 (AST) From: Ted Gervais <ve1drg@av.eastlink.ca> Subject: Re: [Shorewall-users] Port Forwarding To: Tom Eastep <teastep@shorewall.net> Cc: Shorewall List <shorewall-users@lists.shorewall.net> Message-ID: <Pine.LNX.4.44.0302261128030.1702-100000@linux.ve1drg.ampr.org> Content-Type: TEXT/PLAIN; charset=US-ASCII On Wed, 26 Feb 2003, Tom Eastep wrote:> > > --On Wednesday, February 26, 2003 08:44:59 AM -0400 Ted Gervais > <ve1drg@av.eastlink.ca> wrote: > > > > > Is ''port forwarding'' a relatively new thing with packet filtering? Orhas> > it always been available since iptables appeared on the scene. > > Port forwarding has been around as long as I''ve been fooling withfirewalls> (~ 5 years).Good to hear. Which makes me wonder about some of the things I hear. By the way - did you happen to read my message from last night. I hope I wasn''t out of line in asking you to look at a few files???? The message was about shorewall setup. Everything works fine now which is why I am asking the quesion(s). I also opened a few extra ports (tty) stuff. Maybe that wouldn''t me good too. It is all in the status file(s)..> > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net > >--- Ted Gervais Coldbrook Nova Scotia Canada B4R1A7 ------------------------------ Message: 7 Date: Wed, 26 Feb 2003 07:48:28 -0800 From: Tom Eastep <teastep@shorewall.net> Subject: Re: [Shorewall-users] Port Forwarding To: Shorewall List <shorewall-users@lists.shorewall.net> Message-ID: <178840000.1046274508@wookie.shorewall.net> Content-Type: text/plain; charset=us-ascii; format=flowed --On Wednesday, February 26, 2003 11:31:03 AM -0400 Ted Gervais <ve1drg@av.eastlink.ca> wrote:> On Wed, 26 Feb 2003, Tom Eastep wrote: > > By the way - did you happen to read my message from last night. I hope I > wasn''t out of line in asking you to look at a few files???? The message > was about shorewall setup. Everything works fine now which is why I am > asking the quesion(s). I also opened a few extra ports (tty) stuff. Maybe > that wouldn''t me good too. It is all in the status file(s).. >Ted, I''m not willing to put myself in a position where I''m "blessing" people''s firewall configurations. Besides that, gazing at "shorewall status" output is ok when there''s a problem to solve but it is sleep-inducing otherwise... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net ------------------------------ Message: 8 Date: Wed, 26 Feb 2003 11:58:56 -0400 (AST) From: Ted Gervais <ve1drg@av.eastlink.ca> Subject: Re: [Shorewall-users] Port Forwarding To: Tom Eastep <teastep@shorewall.net> Cc: Shorewall List <shorewall-users@lists.shorewall.net> Message-ID: <Pine.LNX.4.44.0302261158360.1791-100000@linux.ve1drg.ampr.org> Content-Type: TEXT/PLAIN; charset=US-ASCII On Wed, 26 Feb 2003, Tom Eastep wrote:> > > --On Wednesday, February 26, 2003 11:31:03 AM -0400 Ted Gervais > <ve1drg@av.eastlink.ca> wrote: > > > On Wed, 26 Feb 2003, Tom Eastep wrote: > > > > By the way - did you happen to read my message from last night. I hope I > > wasn''t out of line in asking you to look at a few files???? The message > > was about shorewall setup. Everything works fine now which is why I am > > asking the quesion(s). I also opened a few extra ports (tty) stuff.Maybe> > that wouldn''t me good too. It is all in the status file(s).. > > > > Ted, I''m not willing to put myself in a position where I''m "blessing" > people''s firewall configurations. Besides that, gazing at "shorewall > status" output is ok when there''s a problem to solve but it is > sleep-inducing otherwise...OK Tom. Thanks for your time.> > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:http://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >--- Ted Gervais Coldbrook Nova Scotia Canada B4R1A7 ------------------------------ Message: 9 Date: Wed, 26 Feb 2003 23:05:49 +0530 From: sivamurugu <sivamurugu@indscape.com> Subject: [Shorewall-users] Shorewall issue with ProxyARP To: shorewall-users@lists.shorewall.net Message-ID: <3E5CFAF5.8070401@indscape.com> Content-Type: text/plain; charset="us-ascii" Hi , I am back to testing tonight. I want to complete this at any cost. Further to your reply , i have run the tcpdump on the firewall system while pinging from the dmz system. As you told there is a problem. Now what I need to do. I attach herewith the tcpdump output. Please reply. Regards Siva -------------- next part -------------- 23:00:13.367010 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:13.401100 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:14.867321 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:14.901293 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:16.367685 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:16.401754 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:17.868216 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:17.902044 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:19.368442 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:19.407560 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:20.868734 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:20.907852 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:22.369156 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:22.403274 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:23.869484 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:23.903635 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:25.369840 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:25.414023 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:26.870164 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:26.904400 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:28.370170 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:28.404837 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:29.870517 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:29.905208 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:31.370853 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:31.405655 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:32.871712 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:32.905968 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:34.372024 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:34.406392 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:35.872986 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:35.906806 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:37.372711 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:37.407152 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:38.872942 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:38.907577 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:40.373481 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:40.407965 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:41.873679 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:41.908340 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:43.374073 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:43.418870 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:44.874406 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:44.909446 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:46.374762 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:46.409514 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:47.875086 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:47.909926 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:49.375458 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:49.410338 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:50.875800 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:50.910692 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:52.376120 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:52.411107 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:53.876520 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:53.911505 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:55.376856 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:55.411879 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:56.877168 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:56.912272 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:58.377594 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:58.412682 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:00:59.877964 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:00:59.913078 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:01.378344 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:01.413502 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:02.878620 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:02.913860 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:04.378996 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:04.414341 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:05.879322 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:05.939687 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:07.379648 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:07.415029 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:08.880172 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:08.915412 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:10.380421 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:10.415861 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:11.880757 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:11.916210 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:13.381086 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:13.416615 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:14.881422 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:14.917017 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:16.381802 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:16.442440 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:17.882099 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:17.927821 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:19.382486 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:19.418211 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:20.882830 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:20.918564 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:22.383237 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:22.418979 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:23.883520 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:23.919377 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:25.383893 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:25.419784 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:26.884283 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:26.925136 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:28.384635 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:28.420556 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:29.884932 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:29.920939 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:31.385282 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:31.421373 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:32.885675 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:32.921718 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:34.386014 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:34.422174 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:35.886365 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:35.947511 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:37.386694 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:37.422875 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:38.887050 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:38.923295 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:40.387427 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:40.458714 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:41.887740 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:41.924084 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply 23:01:43.388166 0:c0:4f:4d:fd:a4 0:3:40:90:2:9c ip 74: 203.124.152.67 > 203.124.152.65: icmp: echo request 23:01:43.424467 0:3:40:90:2:9c 0:5:5d:4a:3b:7c ip 74: 203.124.152.65 > 203.124.152.67: icmp: echo reply ------------------------------ _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: http://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm End of Shorewall-users Digest, Vol 3, Issue 72 **********************************************
Maybe Matching Threads
- Unable to browse Samba share by hostname from certain clients...
- Need help in addressing this error - ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca
- No subject
- [Bug 1746] New: Connection Tracking - TC_DROP in SK_BUFF
- [Bug 1747] New: Connection Tracking - TC_DROP in SK_BUFF